Friday, June 26, 2015

CISSP Exam Preparation (Question 302)

(302) Which one of the following risk analysis terms characterizes the absence or weakness of a risk-reducing safegaurd?

A. Threat
B. Probability
C. Vulnerability
D. Loss expectancy

Correct Answer: C

Explanation

Explanation/Reference:

A weakness in system security procedures, system design, implementation, internal controls, and so on that could be exploited to violate system security policy. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 927

- Muhammad Idham Azhari

No comments: