CISSP Guide to Security Essentials
Chapter 1 (pgs. 31-33)

1. An organization that needs to understand vulnerabilities and threats needs to perform a:
Answer: c. Qualitative risk assessment (pg. 5)

2. A risk manager has performed a risk analysis on a server that is worth $120,000. The risk manager has determined that the single loss expectancy is $100,000. The exposure factor is:
Answer: a. 83% (pg. 6)

3. A risk manager has performed a risk analysis on a server that is worth $120,000. The single loss expectancy (SLE) is $100,000, and the annual loss expectancy (ALE) is
$8,000. The annual rate of occurrence (ARO) is:
Answer d. 8% (pg. 6)

4. A risk manager needs to implement countermeasures on a critical server. What factors
Answer b. Annualized loss expectancy (ALE) that results from the implementation of the countermeasure (pg. 7-8)

5. The general approaches to risk treatment are:
Answer: c. Risk acceptance, risk avoidance, risk reduction, and risk transfer (pg. 8) 6. CIA refers to:
Answer c. Confidentiality, integrity, and availability of information and systems
(pg. 9-10)

7. A recent failure in a firewall resulted in all incoming packets being blocked. This type of failure is known as:
d. Fail closed (pg. 12)

8. The definition of PII:
b. Is name, date of birth, home address, and home telephone number (pg. 12)

9. The statement, “All financial transactions are to be encrypted using 3DES” is an example of a:
c. Standard (pg. 181)

10. The purpose of information classification is:
b. To establish procedures for the protection of information (pg. 18)

11. An organization is concerned that its employees will intentionally reveal its secrets to other parties. The organization should implement:
b. Non-disclosure agreements (pg. 23)

12. The purpose of background verification is to:
a. Obtain independent verification of