Re: [CCCure CISSP] CISSPstudy Digest, Vol 60, Issue 27

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Re: [CCCure CISSP] CISSPstudy Digest, Vol 60, Issue 27

Rishabh Jain
Risk is a function of threat. In order words, you measure likeliness/probability of threat getting exploited via calculating risk. This done in order to prioritize threats to an organization. 

If any of the is 0 on right hand side, you won't have risk.

Risk = Vulnerability * Threat * Asset

On Mon, Jun 3, 2013 at 9:30 PM, <[hidden email]> wrote:
Send CISSPstudy mailing list submissions to
        [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to
        [hidden email]

You can reach the person managing the list at
        [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CISSPstudy digest..."

Today's Topics:

   1. Qs1 Risk Mgmt: cccure QuizEngn doubts (Amlan Deb)

---------- Forwarded message ----------
From: Amlan Deb <[hidden email]>
To: [hidden email]
Date: Mon, 3 Jun 2013 08:57:35 -0700 (PDT)
Subject: [CCCure CISSP] Qs1 Risk Mgmt: cccure QuizEngn doubts
Hello everyone,
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them. Request you to please provide a quick reply as I need to appear
for the exam in the month of July.
I would have loved to send a single mail with an attachment containing all the questions, but since that is not  allowed by the website I'm sending the questions out on separate mails.
These bulk mails would only appear for another week's time. Hope you would understand and bear with me till then  :).



1.     Question: 729 | Difficulty: 3/5 | Relevancy: 3/3

Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability?

o     A risk

o      A residual risk

o      An exposure

o      A countermeasure

Congratulations, you got the correct answer! Details can be reviewed below.


Submit a comment on this question

The correct answer is 'Risk' as risk is the likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact. If a firewall has several ports open , there is a higher likelihood that an intruder will use one to access the network in an unauthorized method.

The following answers are incorrect :

Residual Risk is very different from the notion of total risk.  Residual Risk would be the risks that still exists after countermeasures have been implemented.   Total risk is the amount of risk a company faces if it chooses not to implement any type of safeguard. 

Exposure: An exposure is an instance of being exposed to losses from a threat agent.

Countermeasure: A countermeasure or a safeguard is put in place to mitigate the potential risk. Examples of countermeasures include strong password management , a security guard.


Chapter - 3: Security Management Practices , Pages : 57-59

Last Modified - 30/06/07 - S G Krishnan
Thanks to Joe B for sending feedback to improve this question.

Contributor: Christian Vezina

Study area: Information Security Governance and Risk Management

Covered topic: Threats and vulnerabilites


My doubt:  I understand that it is important to stay within the context of the question and given options (Qs + given options = your world), but please clarify for my understanding:

Is my understanding correct that if ‘Threat’ was given as an option along with ‘Risk’, would ‘Threat’ be a better answer to this Qs.?


You can search through the mailing list archive at:

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:

You can find the list archive at:

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below: