Information Security and Risk Management Practices

Free CISSP Practise exam

Which of the following levels best represents the military classification system?





Which of the following methods of handling risk works by using a third party to adsorb a portion of the risk?





You have been asked to calculate the annualized loss expectancy (ALE) for the following Variables : Single loss expectancy = €25 Exposure factor = .9 Annualized rate of occurrence = .4 Residual risk = €30 Which of the following is the resulting ALE?





Place the following formulas in order:





The downside of performing this type of assessment is that you are not working with dollar values, so it is sometimes harder to communicate the results of the assessment to management. Which of the following assessment types does this descried?





Which of the following categories of control can include the logical mechanisms used to control access and authenticate users?





Which of the following formulas represents total risk ?





Which of the following is a flaw, loophole, oversight, or error that makes an organization susceptible to attack or damage?





Which of the following is an unwanted event that can result in harm to an asset or service?





An _____ exploit takes advantage of a bug, glitch, or vulnerability.





Which of the following is the most specific of security documents?





Which of the following is a minimum level of security that a system or device must adhere to?





The last thing an organization needs is a process where everyone is accountable but no one is responsible. Therefore, the data owner should be in which of the following groups?





In Data classification, which organizational role is tasked with assigning sensitivity labels?





When the cost of the countermeasure outweighs the value of the asset, which of the following is the best approach?





Which of the following is a natural or manmade event that could have a negative impact on an organization?





Is Pure Quantitative risk analysis possible?



Which of the following practises assigns real numbers or money amounts to the cost of a countermeasure and the amount of damage that can occur?



Which of the following looks at the different scenarios of risk possibilities and ranks the seriousness of the threat and the sensitivity of the assets?



What does EF stand for?





What does SLE stand for?





What does ARO stand for?





What does ALE stand for?





What does FRAP stand for?