Question 1

Each component of the security system should be periodically evaluated and changes made before they are needed.

Accepted Answer

False

Question 2

An attack tree visually represents the goal of an attack on some asset as the trunk of the tree and possible/probable ways to accomplish the attack as branches.

Accepted Answer

This statement accurately describes what an attack tree represents. The statement accurately describes an attack tree.

Question 3

Alternatives for handling risk include all of the following except&#10;A)risk elimination.&#10;B)risk reduction.&#10;C)risk spreading.&#10;D)risk speculation.

Accepted Answer

The alternatives for handling risk are risk elimination, risk reduction, and risk spreading. Risk speculation is not a valid alternative for handling risk, as it involves accepting risk in hopes of achieving a greater reward. The three alternatives for handling risk are risk elimination, risk reduction, and risk spreading, but risk speculation is not a viable alternative for handling risk as it involves taking on additional risks to potentially gain a higher reward.

Question 4

Anticipating, recognizing and analyzing risks is known as&#10;A)disaster management.&#10;B)emergency management.&#10;C)risk management.&#10;D)terrorism management.

Accepted Answer

Anticipating, recognizing and analyzing risks is a key component of risk management. Disaster management and emergency management both deal with responding to events that have already occurred, while terrorism management specifically focuses on preventing and responding to acts of terrorism. Anticipating, recognizing and analyzing risks falls under the domain of risk management, which involves identifying potential threats, assessing the likelihood and impact of those threats, and implementing strategies to mitigate or manage risks. Disaster management, emergency management, and terrorism management all focus on specific types of risks or incidents, but are all parts of a broader risk management framework.

Question 5

The professional security manager must devote as much time to quantifying and qualifying security initiatives as any other department within an organization to justify resource allocations and expenditures.

Accepted Answer

This statement is true. Justifying resource allocations and expenditures is crucial in ensuring that security initiatives are effective and efficient. The security manager must use metrics and data to demonstrate the value of the security program to the organization. The statement is true. The professional security manager needs to be able to demonstrate the value and effectiveness of the security initiatives in order to secure the necessary resources and budget from senior management. This requires careful quantification and qualification of the initiatives, just as any other department in the organization must do to justify their activities.

Question 6

The security survey (audit) is not a critical objective, on-site analysis of the total security system.

Accepted Answer

The security survey (audit) is indeed a critical objective for evaluating the effectiveness of a security system. It involves a comprehensive on-site analysis of the security measures in place, including physical security, personnel policies, and information security protocols. The audit helps identify vulnerabilities and areas for improvement in the security system. The security survey (audit) is a critical objective in order to conduct an on-site analysis of the total security system. It helps to identify vulnerabilities, risks, and areas of improvement in the security measures.

Question 7

The probability that something will occur uses the formula P= f/n.This formula means:&#10;A)P=probability f=financial&#10;N=number of times&#10;B)P=probability f=actual occurrences of the event&#10;N=number of circumstances&#10;C)P=probability f=frequency&#10;N=number&#10;D)P=probability f=factor of ten divided by twenty&#10;N=number of days

Accepted Answer

The formula P = f/n represents the probability (P) as the ratio of the actual occurrences of the event (f) to the number of circumstances or trials (n).

Question 8

Which type of risk involves risk with the potential for both benefits and losses?&#10;A)pure risk&#10;B)dynamic risk&#10;C)realistic risk&#10;D)acceptable risk

Accepted Answer

Dynamic risk involves the potential for both benefits and losses, as it exists in situations with uncertain outcomes that could have positive or negative impacts. Pure risk, on the other hand, involves only the possibility of losses, while realistic risk and acceptable risk are not commonly used terms in the field of risk management. Dynamic risk involves both the potential for benefits and losses, as it arises due to changes in the environment, market, or other factors beyond the control of the individual or organization. Pure risk only involves the potential for losses, realistic risk is not a commonly recognized term in risk management, and acceptable risk refers to a level of risk that is considered tolerable or manageable.

Question 9

The following guidelines provide a basic guideline to help security respond to incidents quickly and efficiently.&#10;A)protect life and safety&#10;B)contain the damage&#10;C)asses the extent of damage&#10;D)all of the above

Accepted Answer

All of the listed options are important to follow for an efficient response to security incidents. Protecting life and safety should always be the top priority, followed by containing the damage to prevent it from spreading further. Once the situation is under control, it is essential to assess the extent of the damage and identify any further action that may be necessary. All three options are necessary for an effective response to incidents. Protecting life and safety is always the top priority in any situation, followed by containing the damage to prevent it from spreading further. Once the situation is under control, it is important to assess the extent of the damage in order to determine the appropriate next steps.

Question 10

Qualitative risk assessment can typically start to show significant results within a few days.

Accepted Answer

Qualitative risk assessment typically requires a longer period of time to gather sufficient information and analyze potential risks. It may take several weeks or months to see significant results from a qualitative risk assessment. Qualitative risk assessment requires substantial research and analysis, and it may take several weeks or months to produce useful results. Immediate outcomes are seldom probable.

Question 11

The security survey (audit) is a(n) __________________ analysis of the total security system.&#10;A)critical&#10;B)objective&#10;C)on-site&#10;D)all of the above

Accepted Answer

The answer of The security survey (audit) is a(n) __________________...

Question 12

Organizations that do not have a comprehensive risk management program in place leave themselves open to disgruntled employees and customers as well as to potential civil liability.

Accepted Answer

The answer of Organizations that do not have a comprehensive...

Question 13

Preventing loss through risk management always includes terrorism analysis.

Accepted Answer

The answer of Preventing loss through risk management always includes...

Question 14

Which type of risk involves the potential for injury, damage or loss with no possible benefits?&#10;A)pure risk&#10;B)dynamic risk&#10;C)realistic risk&#10;D)acceptable risk

Accepted Answer

The answer of Which type of risk involves the potential...

Question 15

Four major types of hazards are:&#10;A)physical, moral, typical, vulnerable&#10;B)physical, moral, morale, critical&#10;C)physical, moral, morale, legal&#10;D)physical, moral, morale, on-going

Accepted Answer

The answer of Four major types of hazards are:&#10;A)physical, moral,...

Question 16

A fundamental risk could be rapid inflation, natural disasters, or even war.

Accepted Answer

The answer of A fundamental risk could be rapid inflation,...

Question 17

Preventing loss through risk management includes all of the following, except&#10;A)risk analysis.&#10;B)media involvement.&#10;C)policy formulation.&#10;D)specification of a protection plan.

Accepted Answer

The answer of Preventing loss through risk management includes all...

Question 18

Factors to consider in risk analysis are&#10;A)vulnerability..&#10;B)probability.&#10;C)criticality.&#10;D)all of the above

Accepted Answer

The answer of Factors to consider in risk analysis are&#10;A)vulnerability..&#10;B)probability.&#10;C)criticality.&#10;D)all...

Question 19

Each component of the security system does not need to be periodically evaluated (audited) and changed as needed.

Accepted Answer

The answer of Each component of the security system does...

Question 20

Strategic risk is the uncertainty regarding an organization's financial goals and objectives.

Accepted Answer

The answer of Strategic risk is the uncertainty regarding an...

Question 21

Risk management involves taking steps to reduce or prevent such risks and __________ the results.

Accepted Answer

The answer of Risk management involves taking steps to reduce...

Question 22

The number of times a risk is reasonably expected to occurring during one year is called the _________________.

Accepted Answer

The answer of The number of times a risk is...

Question 23

Conducting ___________ and ________________ risk assessments can give security managers a fairly comprehensive picture of an organization's security needs.

Accepted Answer

The answer of Conducting ___________ and ________________ risk assessments can...

Question 24

The information needed for a security survey is obtained by ____________ and by talking to personnel.

Accepted Answer

The answer of The information needed for a security survey...

Question 25

Risk management is anticipating, ____________ and ______________ risks.

Accepted Answer

The answer of Risk management is anticipating, ____________ and ______________...

Question 26

The ______________________ focuses on the needs of the individual business, not of the business sector in general.

Accepted Answer

The answer of The ______________________ focuses on the needs of...

Question 27

The information needed for a security survey is obtained by _________ and by __________ to personnel.

Accepted Answer

The answer of The information needed for a security survey...

Question 28

Risk management is both a __________ and _______________ responsibility.

Accepted Answer

The answer of Risk management is both a __________ and...

Question 29

The ________________ model focuses on the quality of the products and services an organization provides.

Accepted Answer

The answer of The ________________ model focuses on the quality...

Question 30

Three factors to consider in risk analysis are vulnerability, __________ and criticality.

Accepted Answer

The answer of Three factors to consider in risk analysis...

Deck 5: Risk Management the Core of Private Security