SBOLC Security Fundamentals Exam Newest
2025/2026 Complete Questions and Correct
Detailed Answers Already Graded A+|Brand New
Version
Advantages of Qualitative Risk Assessment - CORRECT ANSWER--Impact is
easily understood
-Can provide rich information beyond financial impacts, such as impact on
perceived safety, health, or reputation
Disadvantages of Qualitative Risk Assessment - CORRECT ANSWER--Prone to
inaccuracy or exaggeration
-Limited usefulness towards cost-benefit analysis
Quantitative Risk Assessment - CORRECT ANSWER--Requires numerical values
or both impact and likelihood using data from a variety of sources
-Can be used to support cost-benefit analysis calculations
,Advantages to Quantitative Risk Assessment - CORRECT ANSWER--Supports
cost-benefit analysis of risk response options
-Allows computation of necessary capital to achieve a business goal
Disadvantages to Quantitative RIsk Assessment - CORRECT ANSWER--Use of
numbers may imply greater precision than what truly exists
-Requires concrete units of measure that may cause obscure, or infrequent risk
from being recognized
Single Loss Expectancy (SLE) - CORRECT ANSWER-SLE = Asset Value (AV) x
Exposure Factor (EF%)
Annualized Loss Expectancy (ALE) - CORRECT ANSWER-ALE = SLE x Annual Rate
of Occurrence (ARO)
NIST - CORRECT ANSWER-National Institute of Standards and Technology
What is the NIST Risk Management Framework (RMF)? - CORRECT ANSWER--
Overall framework for the U.S. federal government to manage
organizational risk throughout the system development life cycle
,-Focuses on security control selection, deployment, and auditing
using a seven-step model
-Includes certification and accreditation
Clean Desk Policy - CORRECT ANSWER-Secure sensitive items when not in use
Principle of least privilege management - CORRECT ANSWER-Just what you
need to do your job
Mandatory vacations - CORRECT ANSWER--best way to uncover fraud
-part of onboarding procedures
Job Rotation (rotation of duties) - CORRECT ANSWER--Identify or uncover
fraud
-Cross training / Experience for employees
Separation of Duties - CORRECT ANSWER-Partitions responsibilities to
minimize abuse or fraud
, Hiring and Termination Policy Elements - CORRECT ANSWER--Background
checks
-Social media analysis
-Onboarding procedures (NDA/AUP/Sign for equipment)
-Offboarding procedures (NDA/Return of equipment)
-Exit interview
-Non-disclosure Agreement (NDA)
AUP - CORRECT ANSWER-Acceptable Use Policy
EOL - CORRECT ANSWER-End of Life
EOS - CORRECT ANSWER-End of Service
MOA - CORRECT ANSWER-Memorandum of Agreement
-A legally binding written document between multiple parties on a
project detailing how they will work together to achieve
agreed-upon goals and objectives.
2025/2026 Complete Questions and Correct
Detailed Answers Already Graded A+|Brand New
Version
Advantages of Qualitative Risk Assessment - CORRECT ANSWER--Impact is
easily understood
-Can provide rich information beyond financial impacts, such as impact on
perceived safety, health, or reputation
Disadvantages of Qualitative Risk Assessment - CORRECT ANSWER--Prone to
inaccuracy or exaggeration
-Limited usefulness towards cost-benefit analysis
Quantitative Risk Assessment - CORRECT ANSWER--Requires numerical values
or both impact and likelihood using data from a variety of sources
-Can be used to support cost-benefit analysis calculations
,Advantages to Quantitative Risk Assessment - CORRECT ANSWER--Supports
cost-benefit analysis of risk response options
-Allows computation of necessary capital to achieve a business goal
Disadvantages to Quantitative RIsk Assessment - CORRECT ANSWER--Use of
numbers may imply greater precision than what truly exists
-Requires concrete units of measure that may cause obscure, or infrequent risk
from being recognized
Single Loss Expectancy (SLE) - CORRECT ANSWER-SLE = Asset Value (AV) x
Exposure Factor (EF%)
Annualized Loss Expectancy (ALE) - CORRECT ANSWER-ALE = SLE x Annual Rate
of Occurrence (ARO)
NIST - CORRECT ANSWER-National Institute of Standards and Technology
What is the NIST Risk Management Framework (RMF)? - CORRECT ANSWER--
Overall framework for the U.S. federal government to manage
organizational risk throughout the system development life cycle
,-Focuses on security control selection, deployment, and auditing
using a seven-step model
-Includes certification and accreditation
Clean Desk Policy - CORRECT ANSWER-Secure sensitive items when not in use
Principle of least privilege management - CORRECT ANSWER-Just what you
need to do your job
Mandatory vacations - CORRECT ANSWER--best way to uncover fraud
-part of onboarding procedures
Job Rotation (rotation of duties) - CORRECT ANSWER--Identify or uncover
fraud
-Cross training / Experience for employees
Separation of Duties - CORRECT ANSWER-Partitions responsibilities to
minimize abuse or fraud
, Hiring and Termination Policy Elements - CORRECT ANSWER--Background
checks
-Social media analysis
-Onboarding procedures (NDA/AUP/Sign for equipment)
-Offboarding procedures (NDA/Return of equipment)
-Exit interview
-Non-disclosure Agreement (NDA)
AUP - CORRECT ANSWER-Acceptable Use Policy
EOL - CORRECT ANSWER-End of Life
EOS - CORRECT ANSWER-End of Service
MOA - CORRECT ANSWER-Memorandum of Agreement
-A legally binding written document between multiple parties on a
project detailing how they will work together to achieve
agreed-upon goals and objectives.
