options for risk treatment 1. Annualized loss expectancy is calculated using which formula: a. ALE = ARO x SLE b. ALE = EF x SLE c. ALE = ARO x AV d. ALE = ARO / SLE 2. A risk manager has completed a risk analysis for an asset valued at $4000. Two threats were identified; the ALE for one threat is $400, and the ALE for the second threat is $500. What is the amount of loss that the organization should estimate for an entire year? a. $450 b. $500 c. $900 d. $100 3. The options for risk treatment are: a. Risk reduction, risk assumption, risk avoidance, and risk acceptance b. Risk acceptance, risk reduction, risk transfer, and risk mitigation c. Risk acceptance, risk reduction, and risk transfer d. Risk acceptance, risk avoidance, risk reduction, and risk transfer 4. An organization recently completed a risk assessment. Based on the findings in the risk assessment, the organization chose to purchase insurance to cover possible losses. This approach is known as: a. Risk transfer b. Risk avoidance c. Risk acceptance d. Risk reduction 5. After completing a risk assessment, an organization was able to reduce the risk through the addition of detective and preventive controls. However, these controls did not remove all risk. What options does the organization have for treating the remaining risk? a. Accept, avoid, reduce, or transfer b. None—the organization must accept the risk c. The organization must either accept or transfer the risk d. Does not apply: remaining risk cannot be treated further


