[CCCure CISSP] Qs1 Risk Mgmt: cccure QuizEngn doubts

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Qs1 Risk Mgmt: cccure QuizEngn doubts

Amlan Deb
Hello everyone,
 
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them. Request you to please provide a quick reply as I need to appear
for the exam in the month of July.
 
I would have loved to send a single mail with an attachment containing all the questions, but since that is not  allowed by the website I'm sending the questions out on separate mails.
 
These bulk mails would only appear for another week's time. Hope you would understand and bear with me till then  :).
 
Thanks,
Amlan
 

Doubt#1
========

46. 

1.     Question: 729 | Difficulty: 3/5 | Relevancy: 3/3

Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability?

o     A risk

o      A residual risk

o      An exposure

o      A countermeasure

Congratulations, you got the correct answer! Details can be reviewed below.

The correct answer is 'Risk' as risk is the likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact. If a firewall has several ports open , there is a higher likelihood that an intruder will use one to access the network in an unauthorized method.

The following answers are incorrect :

Residual Risk is very different from the notion of total risk.  Residual Risk would be the risks that still exists after countermeasures have been implemented.   Total risk is the amount of risk a company faces if it chooses not to implement any type of safeguard. 

Exposure: An exposure is an instance of being exposed to losses from a threat agent.

Countermeasure: A countermeasure or a safeguard is put in place to mitigate the potential risk. Examples of countermeasures include strong password management , a security guard.

REFERENCES : SHON HARRIS ALL IN ONE 3rd EDITION

Chapter - 3: Security Management Practices , Pages : 57-59

Last Modified - 30/06/07 - S G Krishnan
Thanks to Joe B for sending feedback to improve this question.

Contributor: Christian Vezina

Study area: Information Security Governance and Risk Management

Covered topic: <A title="Threats and vulnerabilites - A vulnerability characterizes the absence of weakness of a safeguard that could be exploited. A threat is the possibility that a threat agent may exploit a vulnerability to cause harm to a system." href="javascript:void(0)">Threats and vulnerabilites

 

My doubt:  I understand that it is important to stay within the context of the question and given options (Qs + given options = your world), but please clarify for my understanding:

Is my understanding correct that if ‘Threat’ was given as an option along with ‘Risk’, would ‘Threat’ be a better answer to this Qs.?

 

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
Reply | Threaded
Open this post in threaded view
|

Re: [CCCure CISSP] Qs1 Risk Mgmt: cccure QuizEngn doubts

NGOGBEHEI innocent
I'm beginning to think you're spamming this group. If this continues.... I'm going to opt out.

Admin please kindly advise this user. 

Thanks


Send from Samsung Mobile



-------- Original message --------
From: Amlan Deb <[hidden email]>
Date:
To: [hidden email]
Subject: [CCCure CISSP] Qs1 Risk Mgmt: cccure QuizEngn doubts


Hello everyone,
 
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them. Request you to please provide a quick reply as I need to appear
for the exam in the month of July.
 
I would have loved to send a single mail with an attachment containing all the questions, but since that is not  allowed by the website I'm sending the questions out on separate mails.
 
These bulk mails would only appear for another week's time. Hope you would understand and bear with me till then  :).
 
Thanks,
Amlan
 

Doubt#1
========

46. 

1.     Question: 729 | Difficulty: 3/5 | Relevancy: 3/3

Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability?

o     A risk

o      A residual risk

o      An exposure

o      A countermeasure

Congratulations, you got the correct answer! Details can be reviewed below.

The correct answer is 'Risk' as risk is the likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact. If a firewall has several ports open , there is a higher likelihood that an intruder will use one to access the network in an unauthorized method.

The following answers are incorrect :

Residual Risk is very different from the notion of total risk.  Residual Risk would be the risks that still exists after countermeasures have been implemented.   Total risk is the amount of risk a company faces if it chooses not to implement any type of safeguard. 

Exposure: An exposure is an instance of being exposed to losses from a threat agent.

Countermeasure: A countermeasure or a safeguard is put in place to mitigate the potential risk. Examples of countermeasures include strong password management , a security guard.

REFERENCES : SHON HARRIS ALL IN ONE 3rd EDITION

Chapter - 3: Security Management Practices , Pages : 57-59

Last Modified - 30/06/07 - S G Krishnan
Thanks to Joe B for sending feedback to improve this question.

Contributor: Christian Vezina

Study area: Information Security Governance and Risk Management

Covered topic: <a title="Threats and vulnerabilites - A vulnerability characterizes the absence of weakness of a safeguard that could be exploited. A threat is the possibility that a threat agent may exploit a vulnerability to cause harm to a system." href="javascript:void(0)">Threats and vulnerabilites

 

My doubt:  I understand that it is important to stay within the context of the question and given options (Qs + given options = your world), but please clarify for my understanding:

Is my understanding correct that if ‘Threat’ was given as an option along with ‘Risk’, would ‘Threat’ be a better answer to this Qs.?

 

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org