CSPM CSPM Risk Management & Compliance

Question 1

In the CSPM framework, which risk management step involves identifying potential threats and their likelihood of occurrence?

Accepted Answer

Risk identification

Answer

Risk acceptance

Answer

Risk transfer

Answer

Risk avoidance

Question 2

A security project manager is calculating the Annual Loss Expectancy (ALE) for a threat. Which formula is correct?

Accepted Answer

ALE = SLE × ARO

Answer

ALE = ARO + SLE

Answer

ALE = SLE / ARO

Answer

ALE = ARO - SLE

Question 3

Which US federal regulation requires organizations handling electronic protected health information (ePHI) to conduct regular risk analyses?

Accepted Answer

HIPAA Security Rule

Answer

GLBA

Answer

SOX

Answer

FERPA

Question 4

What type of risk response strategy involves purchasing cyber insurance to offset potential financial losses?

Accepted Answer

Risk transfer

Answer

Risk avoidance

Answer

Risk mitigation

Answer

Risk acceptance

Question 5

In a CSPM context, a residual risk is best described as:

Accepted Answer

The risk remaining after security controls have been implemented

Answer

The total risk before any controls are applied

Answer

The risk transferred to a third-party vendor

Answer

The risk accepted by executive leadership

Question 6

Which compliance framework is most directly applicable to US federal government information systems security management?

Accepted Answer

NIST RMF

Answer

PCI-DSS

Answer

ISO 27001

Answer

CIS Controls