CMA Risk Management & Security Architecture

Question 1

In security architecture, which framework published by NIST provides a risk-based approach to managing cybersecurity risk through five core functions: Identify, Protect, Detect, Respond, and Recover?

Accepted Answer

NIST Cybersecurity Framework (CSF)

Answer

The NIST Cybersecurity Framework (CSF) organizes cybersecurity activities into five concurrent and continuous functions to help organizations manage and reduce risk.

Question 2

Which risk treatment option involves shifting the financial impact of a risk to a third party, such as through cyber insurance?

Accepted Answer

Risk Transfer

Answer

Risk Transfer moves the financial consequence of a risk to another party—such as an insurer or outsourcing vendor—without eliminating the underlying threat.

Question 3

A CMA architect is designing a system with the requirement that no single failure should cause complete service unavailability. Which security and resilience principle addresses this?

Accepted Answer

Single Point of Failure Elimination

Answer

Eliminating Single Points of Failure ensures that no individual component can bring down an entire system, supporting both availability and resilience goals.

Question 4

Which formula correctly represents the basic calculation of risk in a risk management context?

Accepted Answer

Risk = Threat × Vulnerability × Impact

Answer

Risk is commonly calculated as the product of Threat likelihood, Vulnerability exposure, and the potential Impact of exploitation.

Question 5

In the SABSA security architecture framework, which layer defines the business context and security policies at the executive stakeholder level?

Accepted Answer

Contextual Layer

Answer

The Contextual Layer in SABSA captures the business context—why security is needed—from the perspective of executive stakeholders and business drivers.

(CMA) Certified Master Architect Practice Test

(CMA) Certified Master Architect Practice Test

CMA Risk Management & Security Architecture