SANS Security's Foundation UPDATED
Exam Questions and CORRECT Answers
The elements of the CIA are - CORRECT ANSWER - Confidentiality, Integrity,
Availability
Which role always has ultimate responsibility for security in an organization? - CORRECT
ANSWER - Senior Manager
What is the goal of most Cyber Threats today? - CORRECT ANSWER - Make money for
the attacker
What is the name of the role with primary responsibility for data? - CORRECT
ANSWER - Data Owner
What role is responsible for implementing controls on data? - CORRECT ANSWER -
Data Custodian
The term due care means that senior management has a legal responsibility to - CORRECT
ANSWER - Act as a reasonable person would act in protecting assets
Who in the organization determines if risk is acceptable? - CORRECT ANSWER - Chief
Executive Officer (CEO)
The term Exposure Factor means - CORRECT ANSWER - The percentage of asset value
loss
The term Single Loss Expectancy means - CORRECT ANSWER - What is costs each time
a threat materializes
, The formula to arrive at Annual Loss Expectancy is - CORRECT ANSWER - Annual Rate
of Occurance * Single Loss Expectancy
The formula to arrive at Single Loss Expectancy is - CORRECT ANSWER - Asset Value *
Exposure Factor
Which approach to Risk Assessment is based on money? - CORRECT ANSWER -
Quantitative
Which approach to Risk Assessment is based on severity and likelihood? - CORRECT
ANSWER - Qualitative
Of the three control areas, which deals with authentication? - CORRECT ANSWER -
Technical Controls
Of the three control types, which deals with authentication? - CORRECT ANSWER -
Preventive
Which Risk Strategy deals with stopping risky activities or business practices? - CORRECT
ANSWER - Risk Avoidance
Which Risk Strategy involves buying insurance? - CORRECT ANSWER - Risk
Transference
Separation of duties means - CORRECT ANSWER - No person has control of a critical
process from beginning to end
If completed correctly, a Non-Disclosure Agreement (NDA) is a legally binding contract -
CORRECT ANSWER - True
Exam Questions and CORRECT Answers
The elements of the CIA are - CORRECT ANSWER - Confidentiality, Integrity,
Availability
Which role always has ultimate responsibility for security in an organization? - CORRECT
ANSWER - Senior Manager
What is the goal of most Cyber Threats today? - CORRECT ANSWER - Make money for
the attacker
What is the name of the role with primary responsibility for data? - CORRECT
ANSWER - Data Owner
What role is responsible for implementing controls on data? - CORRECT ANSWER -
Data Custodian
The term due care means that senior management has a legal responsibility to - CORRECT
ANSWER - Act as a reasonable person would act in protecting assets
Who in the organization determines if risk is acceptable? - CORRECT ANSWER - Chief
Executive Officer (CEO)
The term Exposure Factor means - CORRECT ANSWER - The percentage of asset value
loss
The term Single Loss Expectancy means - CORRECT ANSWER - What is costs each time
a threat materializes
, The formula to arrive at Annual Loss Expectancy is - CORRECT ANSWER - Annual Rate
of Occurance * Single Loss Expectancy
The formula to arrive at Single Loss Expectancy is - CORRECT ANSWER - Asset Value *
Exposure Factor
Which approach to Risk Assessment is based on money? - CORRECT ANSWER -
Quantitative
Which approach to Risk Assessment is based on severity and likelihood? - CORRECT
ANSWER - Qualitative
Of the three control areas, which deals with authentication? - CORRECT ANSWER -
Technical Controls
Of the three control types, which deals with authentication? - CORRECT ANSWER -
Preventive
Which Risk Strategy deals with stopping risky activities or business practices? - CORRECT
ANSWER - Risk Avoidance
Which Risk Strategy involves buying insurance? - CORRECT ANSWER - Risk
Transference
Separation of duties means - CORRECT ANSWER - No person has control of a critical
process from beginning to end
If completed correctly, a Non-Disclosure Agreement (NDA) is a legally binding contract -
CORRECT ANSWER - True
