(302) Which one of the following risk analysis terms characterizes the
absence or weakness of a risk-reducing safegaurd?
A. Threat
B. Probability
C. Vulnerability
D. Loss expectancy
Correct Answer: C
Explanation
Explanation/Reference:
A weakness in system security procedures, system
design, implementation, internal controls, and so on that could be exploited to
violate system security policy. -Ronald Krutz The CISSP PREP Guide (gold edition)
pg 927
- Muhammad Idham Azhari
No comments:
Post a Comment