42: Risk analysis is MOST useful when applied during which phase of the system development process? A.) Project identification B.) Requirements definition C.) System construction D.) Implementation planning69: What is the window of time for recovery of information processing capabilities based on? A.) Quality of the data to be processed B.) Nature of the disaster C.) Criticality of the operations affected D.) Applications that are mainframe based45: A new worm has been released on the Internet. After investigation, you have not been able to determine if you are at risk of exposure. Management is concerned as they have heard that a number of their counterparts are being affected by the worm. How could you determine if you are at risk? A. Evaluate evolving environment. B. Contact your anti-virus vendor. C. Discuss threat with a peer in another organization. D. Wait for notification from an anti-virus vendor.74: The purpose of information classification is to A. Assign access controls. B. Apply different protective measures. C. Define the parameters required for security labels. D. Ensure separation of duties.76: What is the main responsibility of the information owner? A.) making the determination to decide what level of classification the information requires B.) running regular backups C.) audit the users when they require access to the information D.) periodically checking the validity and accuracy for all data in the information system83: Which level of "least privilege" enables operators the right to modify data directly in it's original location, in addition to data copied from the original location? A.) Access Change B.) Read/Write C.) Access Rewrite D.) Access modify63: Annualized Loss Expectancy (ALE) value is derived from an algorithm of the product of annual rate of occurrence and A. Cost of all losses expected. B. Previous year's actual loss. C. Average of previous losses. D. Single loss expectancy. CISSP Actualtests.com - The Power of Knowing43: Which one of the following is not one of the outcomes of a vulnerability analysis? A.) Quantative loss assessment B.) Qualitative loss assessment C.) Formal approval of BCP scope and initiation document D.) Defining critical support areas50: Which of the following is an advantage of a qualitative over quantitative risk analysis? A.) It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities. B.) It provides specific quantifiable measurements of the magnitude of the impacts C.) It makes cost-benefit analysis of recommended controls easier44: Which of the following is not a part of risk analysis? A.) Identify risks B.) Quantify the impact of potential threats C.) Provide an economic balance between the impact of the risk and the cost of the associated countermeasures D.) Choose the best countermeasure56: Which one of the following is a characteristic of a penetration testing project? A. The project is open-ended until all known vulnerabilities are identified. B. The project schedule is plotted to produce a critical path. C. The project tasks are to break into a targeted system. D. The project plan is reviewed with the target audience.48: Risk is commonly expressed as a function of the A. Systems vulnerabilities and the cost to mitigate. B. Types of countermeasures needed and the system's vulnerabilities. C. Likelihood that the harm will occur and its potential impact. D. Computer system-related assets and their costs.49: How should a risk be handled when the cost of the countermeasures outweighs the cost of the risk? A.) Reject the risk B.) Perform another risk analysis C.) Accept the risk D.) Reduce the risk53: Which of the following statements pertaining to ethical hacking is incorrect? A.) An organization should use ethical hackers who do not sell auditing, consulting, hardware, software, firewall, hosting, and/or networking services B.) Testing should be done remotely C.) Ethical hacking should not involve writing to or modifying the target systems D.) Ethical hackers should never use tools that have potential of exploiting vulnerabilities in the organizations IT system.54: Why would an information security policy require that communications test equipment be controlled? A.) The equipment is susceptible to damage B.) The equipment can be used to browse information passing on a network C.) The equipment must always be available for replacement if necessary D.) The equipment can be used to reconfigure the network multiplexers51: The absence or weakness in a system that may possibly be exploited is called a(n)? A.) Threat B.) Exposure C.) Vulnerability D.) Risk41: Which of the following is not a compensating measure for access violations? A.) Backups B.) Business continuity planning C.) Insurance D.) Security awareness40: Which of the following best explains why computerized information systems frequently fail to meet the needs of users? A.) Inadequate quality assurance (QA) tools B.) Constantly changing user needs C.) Inadequate user participation in defining the system's requirements D.) Inadequate project management.36: Which of the following is most relevant to determining the maximum effective cost of access control? A.) the value of information that is protected B.) management's perceptions regarding data importance C.) budget planning related to base versus incremental spending. D.) the cost to replace lost data34: Within the organizational environment, the security function should report to an organizational level that A. Has information technology oversight. B. Has autonomy from other levels. C. Is an external operation. D. Provides the internal audit function.
Explore Features
Discover the full suite of AI-powered study tools.
Study Plan
Build a personalized study schedule powered by AI.
Record Lecture
Capture and generate enhanced notes from your lectures.
Notes
Automatically generate comprehensive notes from any course material.
Calendar
Plan personalized study sessions with AI-assisted scheduling
Tutor Me
Get comprehensive step-by-step explanations on any topic.
Spark.E Call
Have a live voice conversation with your AI tutor.
Spark.E Visuals
Analyze diagrams, charts, and images with AI-powered explanations.
Audio Recap
Generate podcast-style audio summaries of your study materials.
Explainer Video
Turn any topic into an AI-generated educational video.
Flashcards
Create smart flashcard decks from your study materials with one click.
QuizFetch
Auto-generated quizzes from your uploaded content.
Arcade
Learn through interactive study games.
Exam-Specific Questions
Practice with real exam formats and questions.
Practice Tests
Simulate full-length exams from your material.
Essay Grader
Receive personalized feedback and grading on your essays.
Plugins
Shape the way Spark.E teaches you.
Mini Apps
Explore interactive study apps or build your own.