4-8. A  quantitative  risk  analysis produces which of the following  results? 1. 2. 3. 4. Long-range  planners receiving  guidance  on personnel   requirements The  security  program objectives  directly relating to the mission of the command Criteria  generated  for designing  and  evaluating internal  controls An estimate of losses to be  expected 4-9. When the risk analysis is prepared, the first step to be considered is to 1. develop an estimate of annual  loss  expectancy 2. estimate  the  potential losses to which the AIS facility is exposed 3. evaluate the threats to the AIS facility 4. review  the  security program  objectives 4-10. The  loss  potential  estimate has which of the following objectives? 1. 2. 3. 4. To place a monetary value on the loss estimate  only To identify critical aspects of the AIS facility  operation  only To place a monetary value  on  the  loSS estimate and to identify critical aspects of the AIS  facility  operation To determine data replacement  requirements 4-11. The loss of program files has which of the following loss potentials? 1. Cost to replace assets 2. Cost to reconstruct files 3. Security  compromise 4. Value  of  assets  stolen before  loss  is  detected 4-12. Which of the following is the loss potential that may result from the indirect theft of assets? 1. Cost to replace assets Cost to reconstruct 2. files 3. Security  compromise 4. Value  of  assets  stolen before  loss  is  detected 4-13. To show replacement costs for the physical assets of the AIS facility, AIS technical  managers  and  upper management  should  use  which of the following methods? 1. Build a graph 2. Construct a table 3. Produce a list 4. Write  a  description 4-14. The  AIS  technical  manager should call on which of the fallowing  personnel  to assist    in making loss estimates? 1. Users 2. Vendors 3. Programmers 4. Supervisors 32