NPTEL Cyber Security and Privacy Week 6 Assignment Answers 2024

1. A determination of the extent to which an organization’s information assets are exposed to risk is known as:

Risk identification
Risk control
Risk assessment
Risk Management

Answer :- For Answers Click Here

2. _______is the risk to information assets that remains even after current controls have been applied.

Risk appetite
Residual risk
Inherent risk
Contingency risk

Answer :- For Answers Click Here

3. Which of these is not a component of risk identification?

Plan & organize the process
Classify, value, & prioritize assets
Specify asset vulnerabilities
Determine loss frequency

Answer :- For Answers Click Here

4. The likelihood of an attack together with the attack frequency to determine the expected number of losses within a specified time range is known as:

Loss frequency
Attack success probability
Loss magnitude
Risk

Answer :-

5. _______is an information attack that involves searching through a target organization’s trash for sensitive information.

Shoulder surfing
Network sniffing
Dumpster diving
Watering hole attacks

Answer :-

6. Risk management in cyber security involves three key steps. These steps are:

Monitoring, auditing, and reporting.
Identifying risks, assessing risk, and controlling risks.
Training employees, patching vulnerabilities, and using firewalls.
Investigating incidents, recovering data, and learning lessons.

Answer :- For Answers Click Here

7. The “attack surface” in cyber security is a visualization tool that helps to understand:

The effectiveness of different security tools.
The relationship between various types of threats and the organization’s assets.
The complexity of the organization’s network infrastructure.
The cost of implementing different security controls.

Answer :-

8. During the Risk Identification phase, assets are classified into which of the following categories?

Financial assets, Intellectual property, and Human resources
Assets, Liabilities, and Equity
Tangible assets, Intangible assets, and Fixed assets
People, Procedures, Data and information, Software, Hardware, and Networking elements

Answer :-

9. Which formula accurately represents the calculation of risk in cyber security risk assessment?

Risk = Loss frequency + Loss magnitude
Risk = Loss frequency x Loss magnitude + Measurement Uncertainty
Risk = (% Risk Mitigated by Controls) / (Loss Frequency x Loss Magnitude)
Risk = Loss frequency – Loss magnitude + Measurement Uncertainty

Answer :-

10. You are a security analyst for a company that manages an online store with a customer database. Industry reports indicate a 10 percent chance of an attack this year, based on an estimate of one attack every 10 years. A successful attack could result in the theft of customer data. There is a 20% chance of the threat being able to materialize and achieve its objectives even in place of robust secure protection mechanisms. The customer database is most valued being an e-commerce company at 90 in a 1-100 scale. The IT department informed that 60% of the assets will be exposed after a successful attack. The estimation of measurements is 80% accurate. Calculate the risk associated to the asset with a potential SQL injection attack.