Actual Exam Newest 2025/2026 Complete
Questions And Correct Detailed Answers
(Verified Answers) |Brand New Version!!
What are the two primary methods used to create a risk assessment? -
ANSWER>>Quantitative and qualitative
What can you control about threat/vulnerability pairs? - ANSWER>>The
vulnerability only
What is a major type of vulnerability for the User Domain? - ANSWER>>Social
engineering
What is a publicly traded company? - ANSWER>>Any company that has stock that
outside investors can buy or sell
What is a security policy? - ANSWER>>A high-level overview of security goals
What is a whitelist? - ANSWER>>A list of approved email addresses or domains
What is one source of risk reduction? - ANSWER>>Reducing the impact of the loss
What is the function of job rotation? - ANSWER>>To prevent or reduce fraudulent
activity
What is the minimum number of nodes required by a failover cluster? -
ANSWER>>2
,What is the practice of identifying, assessing, controlling, and mitigating risks? -
ANSWER>>Risk management
What is the primary reason to avoid risk? - ANSWER>>The impact of the risk
outweighs the benefit of the asset
What is the primary security professionals automate some processes? -
ANSWER>>To reduce human error
What is the purpose of a mandatory vacation? - ANSWER>>To reduce fraud and
embezzlement
What is the purpose of a plan of action and milestones (POAM)? -
ANSWER>>Tracks risk response actions
What is the safeguard value in a quantitative risk assessment? - ANSWER>>The
cost of a control
What is Total Risk? - ANSWER>>threat × vulnerability × asset value.
When a fiduciary does not exercise due diligence, it can be considered: -
ANSWER>>Negligence
When compliance is mandated by law, companies often participate in _______,
which provide third-party verification that requirements are being met. -
ANSWER>>external audits
When does a threat/vulnerability pair occur? - ANSWER>>When a threat exploits
a vulnerability
When should you establish objectives for a risk management plan? -
ANSWER>>During the planning phase of a project
, When should you perform a risk assessment? - ANSWER>>Periodically after a
control has been implemented
When the Federal Trade Commission (FTC) was created in 1914, what was its
primary goal? - ANSWER>>To prevent unfair methods of competition
_______ are acts that are hostile to an organization. - ANSWER>>Intentional
threats
________ help(s) prevent a hard drive from being a single point of failure.
__________ help(s) prevent a server from being a single point of failure.
_________ help(s) prevent a person from being a single point of failure. -
ANSWER>>RAID, Failover clusters, Cross-training
_________ is the process of creating a list of threats. - ANSWER>>Threat
identification
__________ damage for the sake of doing damage, and they often choose targets
of opportunity. - ANSWER>>Vandals
____________ assessments are objective, while ___________ assessments are
subjective. - ANSWER>>Quantitative, qualitative
_____________ is the likelihood that a threat will exploit a vulnerability. -
ANSWER>>Probability
A __________ is a computer joined to a botnet. - ANSWER>>zombie
A ___________ plan can help ensure that mission-critical systems continue to
function after a disaster. - ANSWER>>business continuity
A ___________ plan can help you identify steps needed to restore a failed
system. - ANSWER>>disaster recovery