Official (ISC)² CISSP - Domain 1: Security and Risk Management questions with correct answers

Administrative Controls Correct Answer-Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment. Annualized Rate of Occurrence (ARO) Correct Answer-An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year. Arms Export Control Act of 1976 Correct Answer-Authorizes the President to designate those items that shall be considered as defense articles and defense services and control their import and the export. Availability Correct Answer-The principle that ensures that information is available and accessible to users when needed. Breach Correct Answer-An incident that results in the disclosure or potential exposure of data. Compensating Controls Correct Answer-Controls that substitute for the loss of primary controls and mitigate risk down to an acceptable level. Compliance Correct Answer-Actions that ensure behavior that complies with established rules. Confidentiality Correct Answer-Supports the principle of "least privilege" by providing that only authorized individuals, processes, or systems should have access to information on a need-to-know basis.