Cyber Security and Privacy Week 6 Nptel Answers 2024
Are you looking for Cyber Security and Privacy Week 6 Nptel Answers? You’ve come to the right place! Access the latest and most accurate solutions for your Week 6 assignment in the Cyber Security and Privacy course.
Cyber Security and Privacy Week 6 Nptel Answers (July-Dec 2024)
1. A determination of the extent to which an organization’s information assets are exposed to risk is known as:
A) Risk identification B) Risk control C) Risk assessment D) Risk Management
Answer: D) Risk Management
2. _ is the risk to information assets that remains even after current controls have been applied.
A) Risk appetite B) Residual risk C) Inherent risk D) Contingency risk
Answer: C) Inherent risk
3. Which of these is not a component of risk identification?
A) Plan & organize the process B) Classify, value, & prioritize assets C) Specify asset vulnerabilities D) Determine loss frequency
Answer: B) Classify, value, & prioritize assets
4. The likelihood of an attack together with the attack frequency to determine the expected number of losses within a specified time range is known as:
A) Loss frequency B) Attack success probability C) Loss magnitude D) Risk
Answer: A) Loss frequency
5. _ is an information attack that involves searching through a target organization’s trash for sensitive information.
A) Shoulder surfing B) Network sniffing C) Dumpster diving D) Watering hole attacks
Answer: B) Network sniffing
These are Cyber Security and Privacy Week 6 Nptel Answers
6. Risk management in cyber security involves three key steps. These steps are:
A) Monitoring, auditing, and reporting. B) Identifying risks, assessing risk, and controlling risks. C) Training employees, patching vulnerabilities, and using firewalls. D) Investigating incidents, recovering data, and learning lessons.
Answer: A) Monitoring, auditing, and reporting.
7. The “attack surface” in cyber security is a visualization tool that helps to understand:
A) The effectiveness of different security tools. B) The relationship between various types of threats and the organization’s assets. C) The complexity of the organization’s network infrastructure. D) The cost of implementing different security controls.
Answer:A) The effectiveness of different security tools.
8. During the Risk Identification phase, assets are classified into which of the following categories?
A) Financial assets, Intellectual property, and Human resources B) Assets, Liabilities, and Equity C) Tangible assets, Intangible assets, and Fixed assets D) People, Procedures, Data and information, Software, Hardware, and Networking elements
Answer: A) Financial assets, Intellectual property, and Human resources
9. Which formula accurately represents the calculation of risk in cyber security risk assessment?
A) Risk = Loss frequency + Loss magnitude B) Risk = Loss frequency x Loss magnitude + Measurement Uncertainty C) Risk = (% Risk Mitigated by Controls) / (Loss Frequency x Loss Magnitude) D) Risk = Loss frequency – Loss magnitude + Measurement Uncertainty
Answer: D) Risk = Loss frequency – Loss magnitude + Measurement Uncertainty
10. You are a security analyst for a company that manages an online store with a customer database. Industry reports indicate a 10 percent chance of an attack this year, based on an estimate of one attack every 10 years. The IT department informed that 60% of the assets will be exposed after a successful attack. The estimation of measurements is 80% accurate. Calculate the risk associated to the asset with a potential SQL injection attack.
A) 3.756 B) 4.196 C) 3.276 D) 1.296
Answer: C) 3.276
These are Cyber Security and Privacy Week 6 Nptel Answers
All Weeks of Cyber Security and Privacy: Click here
For answers to additional Nptel courses, please refer to this link: NPTEL Assignment
Cyber Security and Privacy Week 6 Nptel Answers (JULY-DEC 2023)
These are Nptel Cyber Security and Privacy Assignment 6 Answers
Q1. Match 1 & 2 with A& B following 1. Residual risk 2. Risk appetite A: The risk to information assets that remains even after current controls have been applied. B: The quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility. Choose the correct answer: 1-A, 2-B 1-B, 2-A
Answer: 1-A, 2-B
Q2. True or False: The information technology community of interest must assist in risk management by configuring and operating information systems in a secure fashion. True False
Answer: True
These are Nptel Cyber Security and Privacy Assignment 6 Answers
Q3. The process of examining how each threat will affect an organization is called: Risk assessment Data classification Threat assessment Vulnerability classification
Answer: Threat assessment
Q4. The probability that a specific vulnerability within an organization will be the target of an attack is known as: Loss Magnitude Manageability Likelihood Practicability
Answer: Likelihood
These are Nptel Cyber Security and Privacy Assignment 6 Answers
Q5. The calculation of the value associated with the most likely loss from an attack is called: Annualised Rate of Occurrence (ARO) Annualised Loss Expectancy (ALE) Cost Benefit Analysis (CBA) Single Loss Expectancy (SLE)
Answer: Single Loss Expectancy (SLE)
Q6. ———————-is the formal assessment and presentation of the economic expenditures needed for particular security control, contrasted with its projected value to the organization. Feasibility analysis Cost-benefit analysis Risk-benefit analysis Economic impact analysis
Answer: Cost-benefit analysis
These are Nptel Cyber Security and Privacy Assignment 6 Answers
Q7. A document that compares the relative importance of prioritised assets to prioritised threats and highlights any weaknesses in the asset/threat pairs. Threats-Vulnerabilities document Threats-Vulnerabilities-Assets (TVA) worksheet Threats-Vulnerabilities-Assets log file Attack Vulnerability Asset document
These are Nptel Cyber Security and Privacy Assignment 6 Answers
Q8. Match the following: (A) Internal Used for the most sensitive corporate information that must be tightly controlled, even within the company. Access to information with this classification is strictly on a need-to-know basis or as required by the terms of a contract. Information with this classification may also be referred to as “sensitive” or “proprietary.” (B) Confidential Used for all internal information that does not meet the criteria for the confidential category. Internal information is to be viewed only by corporate employees, authorized contractors, and other third parties. (C) External All information that has been approved by management for public release. A-2, B-1, C-3 A-1, B-2, C-3 A-3, B-2, C-1 A-1, B-3, C-2
Answer: A-2, B-1, C-3
Q9. ——————- varies among organisations because they maintain different balances between the expense of controlling vulnerabilities and the possible losses if the vulnerabilities are exploited. The key for each organisation is to find the proper balance in its decision-making and feasibility analyses, to use experience and facts instead of ignorance or wishful thinking. Risk appetite Risk control Residual Risk Risk Assessment
Answer: Risk appetite
These are Nptel Cyber Security and Privacy Assignment 6 Answers
Q10. Malware dictation Software has its own (Asset) internal personnel database behind a firewall. Industry reports indicate a 5 % chance of an attack. The information security and IT departments report that if the organization is attacked, the attack has a 15 % chance of success based on current asset vulnerabilities and protection mechanisms. The asset is valued at a score of 35 on a scale of 0 to 100, and information security and IT staff expect that 60 % of the asset would be lost or compromised by a successful attack, because not all of the asset is stored in a single location. You estimate that the assumptions and data are 90 % accurate. Calculating Risk. 0.1575 0.1733 0.2887 0.5575
Answer: 0.1733
These are Nptel Cyber Security and Privacy Assignment 6 Answers
Q11. xyzbuy.com has an estimated value of Rs 50,00,000, as determined by an asset valuation and a cracker defacement scenario indicates that a deliberate act of sabotage or vandalism could damage 25 per cent of xyzbuy.com, then the single loss expectancy for the xyzbuy.com would be? 16,50,000 15,20,000 11,11,000 12,50,000
Answer: 12,50,000
These are Nptel Cyber Security and Privacy Assignment 6 Answers
