Jumat, 31 Juli 2015

CISSP Exam Preparation (Question 306)

(306) The absence or weakness in a system that may possibly be exploited is called a(n)?

A. Threat
B. Exposure
C. Vulnerability
D. Risk

Correct Answer: C

Explanation


Explanation/Reference:

- Idham Azhari

Jumat, 24 Juli 2015

CISSP Exam Preparation (Question 305)

(305) Which of the following is an advantage of a qualitative over quantitative risk analysis?

A. It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities.
B. It provides specific quantifiable measurements of the magnitude of the impacts
C. It makes cost-benefit analysis of recommended controls easier

Correct Answer: A

Explanation


Explanation/Reference:

- Idham Azhari

Jumat, 10 Juli 2015

CISSP Exam Preparation (Question 304)

(304) How should a risk be handled when the cost of the countermeasures outweighs the cost of the risk?

A. Reject the risk
B. Perform another risk analysis
C. Accept the risk
D. Reduce the risk

Correct Answer: C

Explanation


Explanation/Reference:

- Idham Azhari

Jumat, 03 Juli 2015

CISSP Exam Preparation (Question 303)

(303) Risk is commonly expressed as a function of the

A. Systems vulnerabilities and the cost to mitigate.
B. Types of countermeasures needed and the system's vulnerabilities.
C. Likelihood that the harm will occur and its potential impact.
D. Computer system-related assets and their costs.

Correct Answer: C

Explanation

Explanation/Reference:

The likelihood of a threat agent taking advantage of a vulnerability. A risk is the loss potential, or probability, that a threat will exploit a vulnerability. - Shon Harris All-in-one CISSP Certification Guide pg 937

- Idham Azhari