Friday, July 3, 2015

CISSP Exam Preparation (Question 303)

(303) Risk is commonly expressed as a function of the

A. Systems vulnerabilities and the cost to mitigate.
B. Types of countermeasures needed and the system's vulnerabilities.
C. Likelihood that the harm will occur and its potential impact.
D. Computer system-related assets and their costs.

Correct Answer: C

Explanation

Explanation/Reference:

The likelihood of a threat agent taking advantage of a vulnerability. A risk is the loss potential, or probability, that a threat will exploit a vulnerability. - Shon Harris All-in-one CISSP Certification Guide pg 937

- Muhammad Idham Azhari

No comments: