CISSP最接近真题的250道模拟Practice Questions

CISSP最接近真题的250道模拟Practice Questions

课程介绍、目录及截图:
Practice Questions
Chapter 1
1. What is the correct approach for addressing security and organization
objectives?
a. Security and organization objectives should be developed separately.
b. Security should drive organization objectives.
c. Security should support organization objectives.
d. The site security officer should approve or reject organization
objectives.
2. The statement, “Promote professionalism among information system
security practitioners through the provisioning of professional certification
and training” is an example of a/an:
a. Mission statement
b. Objective
c. Goal
d. Requirement
3. The two components of risk management are:
a. Risk assessment and risk analysis
b. Vulnerability assessment and risk treatment
c. Risk assessment and risk mitigation
d. Risk assessment and risk treatment
4. A security manager needs to perform a risk assessment on a critical
business application in order to determine what additional controls may be
needed to protect the application and its databases. The best approach to
performing this risk assessment is:
a. Perform a qualitative risk assessment only
b. Perform a quantitative risk assessment only
版权归原作者所有 本资料只供试读 更多资源请访问 易久IT论坛 http://bbs.vlan5.com/
易久IT论坛(技术+生活)群 2258097 CCNA|CCNP免费答疑题库 284340425
c. Perform a qualitative risk assessment first, then perform a quantitative
risk assessment
d. Perform a quantitative risk assessment, then perform a qualitative risk
assessment
5. A qualitative risk assessment is used to identify:
a. Vulnerabilities, threats, and countermeasures
b. Vulnerabilities, threats, threat probabilities, and countermeasures
c. Assets, risks, and mitigation plans
d. Vulnerabilities and countermeasures
6. The impact of a specific threat is defined as:
a. The cost of recovering the asset
b. The cost required to protect the related asset
c. The effect of the threat if it is realized
d. The loss of revenue if it is realized
7. Exposure factor is defined as:
a. The part of an asset's value that is likely to be lost by a particular threat
b. The probability that the threat will be realized
c. The probability that a loss will occur in a year’s time
d. The cost of a single loss
8. A security manager is performing a quantitative risk assessment on a
particular asset. The security manager wants to determine the quantitative
loss for a single loss based on a particular threat. The correct way to
calculate this is:
a. Divide the asset’s value by the exposure factor
b. Multiply the asset’s value times the annualized rate of occurrence
c. Multiply the asset’s value times the single loss expectancy
d. Multiply the asset’s value times the exposure factor
9. A security manager is performing a quantitative risk assessment on a
particular asset. The security manager wants to estimate the yearly loss
based on a particular threat. The correct way to calculate this is:

下载链接:

游客，如果您要查看本帖隐藏内容请回复

楼下的，觉得比特币咋样啊？

我喜欢上学，我只是不喜欢上课。

你在这这么屌，你家里人知道吗？

锄禾日当午，发帖真辛苦。谁知坛中餐，帖帖皆辛苦！

坐等楼主现身！

没有不透风的墙，没有不能上吊的梁。

本宫准楼下的继续跟帖。。。

2015，喜气洋洋。

楼上的且行且珍惜！