Download CISSP Chapter 2 Review Questions and Answers and more Exams Nursing in PDF only on Docsity!
LATEST DOWNLOAD 2024/2025 A COMPLETE BEST EXAM
SOLUTION WITH CORRECT VERIFIED ANSWERS GRADED A+
FOR SUCCESS
- Which of the following is the weakest element in any security solution? A. Software products B. Internet connections C. Security policies D. Humans - CORRECT ANSWERS D
- When seeking to hire new employees, what is the first step? A. Create a job description. B. Set position classification. C. Screen candidates. D. Request résumés. - CORRECT ANSWERS A
- Which of the following is a primary purpose of an exit interview? A. To return the exiting employee's personal belongings B. To review the nondisclosure agreement C. To evaluate the exiting employee's performance D. To cancel the exiting employee's network access accounts - CORRECT ANSWERS B
- When an employee is to be terminated, which of the following should be done? A. Inform the employee a few hours before they are officially terminated. B. Disable the employee's network access just as they are informed of the termination. C. Send out a broadcast email informing everyone that a specific employee is to be terminated.
LATEST DOWNLOAD 2024/2025 A COMPLETE BEST EXAM
SOLUTION WITH CORRECT VERIFIED ANSWERS GRADED A+
FOR SUCCESS
D. Wait until you and the employee are the only people remaining in the building before announcing the termination. - CORRECT ANSWERS B
- If an organization contracts with outside entities to provide key business functions or services, such as account or technical support, what is the process called that is used to ensure that these entities support sufficient security? A. Asset identification B. Third-party governance C. Exit interview D. Qualitative analysis - CORRECT ANSWERS B
- A portion of the __________________ is the logical and practical investigation of business processes and organizational policies. This process policy review ensures that the stated and implemented business tasks, systems, and methodologies are practical, efficient, and cost- effective, but most of all (at least in relation to security governance) that they support security through the reduction of vulnerabilities and the avoidance, reduction, or mitigation of risk. A. Hybrid assessment B. Risk aversion process C. Countermeasure selection D. Documentation review - CORRECT ANSWERS D
- Which of the following statements is not true? A. IT security can provide protection only against logical or technical attacks. B. The process by which the goals of risk management are achieved is known as risk analysis. C. Risks to an IT infrastructure are all computer based. D. An asset is anything used in a business process or task. - CORRECT ANSWERS C
LATEST DOWNLOAD 2024/2025 A COMPLETE BEST EXAM
SOLUTION WITH CORRECT VERIFIED ANSWERS GRADED A+
FOR SUCCESS
- Which of the following is not an element of the risk analysis process? A. Analyzing an environment for risks B. Creating a cost benefit report for safeguards to present to upper management C. Selecting appropriate safeguards and implementing them D. Evaluating each threat event as to its likelihood of occurring and cost of the resulting damage - CORRECT ANSWERS C
- Which of the following would generally not be considered an asset in a risk analysis? A. A development process B. An IT infrastructure C. A proprietary system resource D. Users' personal files - CORRECT ANSWERS D
- Which of the following represents accidental or intentional exploitations of vulnerabilities? A. Threat events B. Risks C. Threat agents D. Breaches - CORRECT ANSWERS A
- When a safeguard or a countermeasure is not present or is not sufficient, what remains? A. Vulnerability B. Exposure
LATEST DOWNLOAD 2024/2025 A COMPLETE BEST EXAM
SOLUTION WITH CORRECT VERIFIED ANSWERS GRADED A+
FOR SUCCESS
C. Risk D. Penetration - CORRECT ANSWERS A
- Which of the following is not a valid definition for risk? A. An assessment of probability, possibility, or chance B. Anything that removes a vulnerability or protects against one or more specific threats C. Risk = threat * vulnerability D. Every instance of exposure - CORRECT ANSWERS B
- When evaluating safeguards, what is the rule that should be followed in most cases? A. The expected annual cost of asset loss should not exceed the annual costs of safeguards. B. The annual costs of safeguards should equal the value of the asset. C. The annual costs of safeguards should not exceed the expected annual cost of asset loss. D. The annual costs of safeguards should not exceed 10 percent of the security budget. - CORRECT ANSWERS C
- How is single loss expectancy (SLE) calculated? A. Threat + vulnerability B. Asset value ($) * exposure factor C. Annualized rate of occurrence * vulnerability D. Annualized rate of occurrence * asset value * exposure factor - CORRECT ANSWERS B
- How is the value of a safeguard to a company calculated?
LATEST DOWNLOAD 2024/2025 A COMPLETE BEST EXAM
SOLUTION WITH CORRECT VERIFIED ANSWERS GRADED A+
FOR SUCCESS
A. ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard B. ALE before safeguard * ARO of safeguard C. ALE after implementing safeguard + annual cost of safeguard - controls gap D. Total risk - controls gap - CORRECT ANSWERS A
- What security control is directly focused on preventing collusion? A. Principle of least privilege B. Job descriptions C. Separation of duties D. Qualitative risk analysis - CORRECT ANSWERS C
- What process or event is typically hosted by an organization and is targeted to groups of employees with similar job functions? A. Education B. Awareness C. Training D. Termination - CORRECT ANSWERS C
- Which of the following is not specifically or directly related to managing the security function of an organization? A. Worker job satisfaction B. Metrics C. Information security strategies D. Budget - CORRECT ANSWERS A
LATEST DOWNLOAD 2024/2025 A COMPLETE BEST EXAM
SOLUTION WITH CORRECT VERIFIED ANSWERS GRADED A+
FOR SUCCESS
- While performing a risk analysis, you identify a threat of fire and a vulnerability because there are no fire extinguishers. Based on this information, which of the following is a possible risk? A. Virus infection B. Damage to equipment C. System malfunction D. Unauthorized access to confidential information - CORRECT ANSWERS B
- You've performed a basic quantitative risk analysis on a specific threat vulnerability/risk relation. You select a possible countermeasure. When performing the calculations again, which of the following factors will change? A. Exposure factor B. Single loss expectancy (SLE) C. Asset value D. Annualized rate of occurrence - CORRECT ANSWERS D