36.
Which most accurately describes a safeguard?
- A.Potential for a source to exploit a categorized vulnerability
- B.Controls put in place to provide some amount of protection for an asset
- C.Weakness in internal controls that could be exploited by a threat or a threat agent
- D.A control designed to warn of an attack
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Option A is incorrect because a safeguard does not exploit a vulnerability. Option C is incorrect because weaknesses are defi ned as a vulnerability. Option D is incorrect because safeguards do not warn of an attack. |
37.
Which of the following choices is the most accurate description of a countermeasure?
- A.Any event with the potential to harm an information system through unauthorized access
- B.Controls put in place as a result of a risk analysis
- C.The annualized rate of occurrence multiplied by the single lost exposure
- D.The company resource that could be lost due to an accident
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Option A refers to a threat exploiting a vulnerability. Option C is a distractor. Option D is incorrect because it is the defi nition of asset. |
38.
Which most closely depicts the difference between qualitative and quantitative
risk analysis?
- A.A quantitative risk analysis does not use the hard cost of losses; a qualitative risk analysis does.
- B.A quantitative risk analysis makes use of real numbers.
- C.A quantitative risk analysis results in subjective high, medium, or low results.
- D.A quantitative risk analysis cannot be automated.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Option A is incorrect because the words quantitative and qualitative are switched. Option C is incorrect because high, medium, and low are subjective results in qualitative analysis. Option D is incorrect because quantitative risk analysis can be automated. |
39.
Which choice is not a description of a control?
- A.Detective controls uncover attacks and prompt the action of preventative or corrective controls.
- B.Controls perform as the countermeasures for threats.
- C.Controls reduce the effect of an attack.
- D.Corrective controls always reduce the likelihood of a premeditated attack.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Options A and B and C are correct answers. Option D is incorrect because a corrective control stops an existing attack. |
40.
What is the main advantage of using a quantitative impact analysis over a qualitative
impact analysis?
- A.A qualitative impact analysis identifies areas that require immediate improvement
- B.A qualitative impact analysis provides a rationale for determining the effect of security controls
- C.A quantitative impact analysis makes a cost benefit analysis simple
- D.A quantitative impact analysis provides specific measurements of attack impacts
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Option A is correct because it involves talking to people and allows for immediate improvement. Option B is incorrect because it is a distractor. Option C is incorrect because a qualitative analysis does not deal with hard cost numbers. D is incorrect because a qualitative analysis does not deal with specifi c measurements. |
|
|
||||||||||||||||||||||||||||
