Cyber Security and Privacy Week 6 Nptel Answers 2024

Are you looking for Cyber Security and Privacy Week 6 Nptel Answers? You’ve come to the right place! Access the latest and most accurate solutions for your Week 6 assignment in the Cyber Security and Privacy course.

Course Link: Click Here


Correct Cyber Security and Privacy Week 6 Nptel Answers 2024 image
Cyber Security and Privacy Week 6 Nptel Answers

Cyber Security and Privacy Week 6 Nptel Answers (July-Dec 2024)


1. A determination of the extent to which an organization’s information assets are exposed to risk is known as:

A) Risk identification
B) Risk control
C) Risk assessment
D) Risk Management

Answer: D) Risk Management


2. _ is the risk to information assets that remains even after current controls have been applied.

A) Risk appetite
B) Residual risk
C) Inherent risk
D) Contingency risk

Answer: C) Inherent risk


3. Which of these is not a component of risk identification?

A) Plan & organize the process
B) Classify, value, & prioritize assets
C) Specify asset vulnerabilities
D) Determine loss frequency

Answer: B) Classify, value, & prioritize assets


4. The likelihood of an attack together with the attack frequency to determine the expected number of losses within a specified time range is known as:

A) Loss frequency
B) Attack success probability
C) Loss magnitude
D) Risk

Answer: A) Loss frequency


5. _ is an information attack that involves searching through a target organization’s trash for sensitive information.

A) Shoulder surfing
B) Network sniffing
C) Dumpster diving
D) Watering hole attacks

Answer: B) Network sniffing


These are Cyber Security and Privacy Week 6 Nptel Answers


6. Risk management in cyber security involves three key steps. These steps are:

A) Monitoring, auditing, and reporting.
B) Identifying risks, assessing risk, and controlling risks.
C) Training employees, patching vulnerabilities, and using firewalls.
D) Investigating incidents, recovering data, and learning lessons.

Answer: A) Monitoring, auditing, and reporting.


7. The “attack surface” in cyber security is a visualization tool that helps to understand:

A) The effectiveness of different security tools.
B) The relationship between various types of threats and the organization’s assets.
C) The complexity of the organization’s network infrastructure.
D) The cost of implementing different security controls.

See also  Cyber Security and Privacy | Week 5

Answer:A) The effectiveness of different security tools.


8. During the Risk Identification phase, assets are classified into which of the following categories?

A) Financial assets, Intellectual property, and Human resources
B) Assets, Liabilities, and Equity
C) Tangible assets, Intangible assets, and Fixed assets
D) People, Procedures, Data and information, Software, Hardware, and Networking elements

Answer: A) Financial assets, Intellectual property, and Human resources


9. Which formula accurately represents the calculation of risk in cyber security risk assessment?

A) Risk = Loss frequency + Loss magnitude
B) Risk = Loss frequency x Loss magnitude + Measurement Uncertainty
C) Risk = (% Risk Mitigated by Controls) / (Loss Frequency x Loss Magnitude)
D) Risk = Loss frequency – Loss magnitude + Measurement Uncertainty

Answer: D) Risk = Loss frequency – Loss magnitude + Measurement Uncertainty


10. You are a security analyst for a company that manages an online store with a customer database. Industry reports indicate a 10 percent chance of an attack this year, based on an estimate of one attack every 10 years. The IT department informed that 60% of the assets will be exposed after a successful attack. The estimation of measurements is 80% accurate. Calculate the risk associated to the asset with a potential SQL injection attack.

A) 3.756
B) 4.196
C) 3.276
D) 1.296

Answer: C) 3.276


These are Cyber Security and Privacy Week 6 Nptel Answers

All Weeks of Cyber Security and Privacy: Click here

For answers to additional Nptel courses, please refer to this link: NPTEL Assignment


Cyber Security and Privacy Week 6 Nptel Answers (JULY-DEC 2023)

Course Name: Cyber Security and Privacy

Course Link: Click Here

These are Nptel Cyber Security and Privacy Assignment 6 Answers


Q1. Match 1 & 2 with A& B following
1. Residual risk
2. Risk appetite
A: The risk to information assets that remains even after current controls have been applied.
B: The quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.
Choose the correct answer:

1-A, 2-B
1-B, 2-A

See also  Cyber Security and Privacy | Week 9

Answer: 1-A, 2-B


Q2. True or False:
The information technology community of interest must assist in risk management by configuring and operating information systems in a secure fashion.

True
False

Answer: True


These are Nptel Cyber Security and Privacy Assignment 6 Answers


Q3. The process of examining how each threat will affect an organization is called:
Risk assessment
Data classification
Threat assessment
Vulnerability classification

Answer: Threat assessment


Q4. The probability that a specific vulnerability within an organization will be the target of an attack is known as:
Loss Magnitude
Manageability
Likelihood
Practicability

Answer: Likelihood


These are Nptel Cyber Security and Privacy Assignment 6 Answers


Q5. The calculation of the value associated with the most likely loss from an attack is called:
Annualised Rate of Occurrence (ARO)
Annualised Loss Expectancy (ALE)
Cost Benefit Analysis (CBA)
Single Loss Expectancy (SLE)

Answer: Single Loss Expectancy (SLE)


Q6. ———————-is the formal assessment and presentation of the economic expenditures needed for particular security control, contrasted with its projected value to the organization.
Feasibility analysis
Cost-benefit analysis
Risk-benefit analysis
Economic impact analysis

Answer: Cost-benefit analysis


These are Nptel Cyber Security and Privacy Assignment 6 Answers


Q7. A document that compares the relative importance of prioritised assets to prioritised threats and highlights any weaknesses in the asset/threat pairs.
Threats-Vulnerabilities document
Threats-Vulnerabilities-Assets (TVA) worksheet
Threats-Vulnerabilities-Assets log file
Attack Vulnerability Asset document

Answer: Threats-Vulnerabilities-Assets (TVA) worksheet


These are Nptel Cyber Security and Privacy Assignment 6 Answers


Q8. Match the following:
(A) Internal Used for the most sensitive corporate information that must be tightly controlled, even
within the company. Access to information with this classification is strictly on a
need-to-know basis or as required by the terms of a contract. Information with
this classification may also be referred to as “sensitive” or “proprietary.”
(B) Confidential Used for all internal information that does not meet the criteria
for the confidential category. Internal information is to be
viewed only by corporate employees, authorized contractors,
and other third parties.
(C) External All information that has been approved by management for public release.

A-2, B-1, C-3
A-1, B-2, C-3
A-3, B-2, C-1
A-1, B-3, C-2

See also  Cyber Security and Privacy | Week 7

Answer: A-2, B-1, C-3


Q9. ——————- varies among organisations because they maintain different balances between the expense of controlling vulnerabilities and the possible losses if the vulnerabilities are exploited. The key for each organisation is to find the proper balance in its decision-making and feasibility analyses, to use experience and facts instead of ignorance or wishful thinking.
Risk appetite
Risk control
Residual Risk
Risk Assessment

Answer: Risk appetite


These are Nptel Cyber Security and Privacy Assignment 6 Answers


Q10. Malware dictation Software has its own (Asset) internal personnel database behind a firewall. Industry reports indicate a 5 % chance of an attack. The information security and IT departments report that if the organization is attacked, the attack has a 15 % chance of success based on current asset vulnerabilities and protection mechanisms. The asset is valued at a score of 35 on a scale of 0 to 100, and information security and IT staff expect that 60 % of the asset would be lost or compromised by a successful attack, because not all of the asset is stored in a single location. You estimate that the assumptions and data are 90 % accurate. Calculating Risk.
0.1575
0.1733
0.2887
0.5575

Answer: 0.1733


These are Nptel Cyber Security and Privacy Assignment 6 Answers


Q11. xyzbuy.com has an estimated value of Rs 50,00,000, as determined by an asset valuation and a cracker defacement scenario indicates that a deliberate act of sabotage or vandalism could damage 25 per cent of xyzbuy.com, then the single loss expectancy for the xyzbuy.com would be?
16,50,000
15,20,000
11,11,000
12,50,000

Answer: 12,50,000


These are Nptel Cyber Security and Privacy Assignment 6 Answers