(306) The absence or weakness in a system that may possibly be exploited
is called a(n)?
A. Threat
B. Exposure
C. Vulnerability
D. Risk
Correct Answer: C
Explanation
Explanation/Reference:
- Idham Azhari
Jumat, 31 Juli 2015
Jumat, 24 Juli 2015
CISSP Exam Preparation (Question 305)
(305) Which of the following is an advantage of a qualitative over
quantitative risk analysis?
A. It prioritizes the risks and
identifies areas for immediate improvement in addressing the vulnerabilities.
B. It provides specific
quantifiable measurements of the magnitude of the impacts
C. It makes cost-benefit analysis
of recommended controls easier
Correct Answer: A
Explanation
Explanation/Reference:
- Idham Azhari
Jumat, 10 Juli 2015
CISSP Exam Preparation (Question 304)
(304) How should a risk be handled when the cost of the countermeasures
outweighs the cost of the risk?
A. Reject the risk
B. Perform another risk analysis
C. Accept the risk
D. Reduce the risk
Correct Answer: C
Explanation
Explanation/Reference:
- Idham Azhari
Jumat, 03 Juli 2015
CISSP Exam Preparation (Question 303)
(303) Risk is commonly expressed as a function of the
A. Systems vulnerabilities and
the cost to mitigate.
B. Types of countermeasures
needed and the system's vulnerabilities.
C. Likelihood that the harm will
occur and its potential impact.
D. Computer system-related assets
and their costs.
Correct Answer: C
Explanation
Explanation/Reference:
The likelihood of a threat agent taking advantage of
a vulnerability. A risk is the loss potential, or probability, that a threat
will exploit a vulnerability. - Shon Harris All-in-one CISSP Certification
Guide pg 937
- Idham Azhari
Langganan:
Postingan (Atom)