BLOGSPOT atas

Friday, June 26, 2015

Logo Design Inspiration - 26 June 2015



- Muhammad Idham Azhari

CISSP Exam Preparation (Question 302)

(302) Which one of the following risk analysis terms characterizes the absence or weakness of a risk-reducing safegaurd?

A. Threat
B. Probability
C. Vulnerability
D. Loss expectancy

Correct Answer: C

Explanation

Explanation/Reference:

A weakness in system security procedures, system design, implementation, internal controls, and so on that could be exploited to violate system security policy. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 927

- Muhammad Idham Azhari

Friday, June 19, 2015

Logo Design Inspiration - 19 June 2015



- Muhammad Idham Azhari

CISSP Exam Preparation (Question 301)

(301) When conducting a risk assessment, which one of the following is NOT an acceptable social engineering practice?

A. Shoulder surfing
B. Misrepresentation
C. Subversion
D. Dumpster diving

Correct Answer: A

Explanation/Reference:

Explanation:

Shoulder Surfing: Attackers can thwart confidentiality mechanisms by network monitoring, shoulder surfing, stealing password files, and social engineering. These topics will be address more in-depth in later chapters, but shoulder surfing is when a person looks over another person's shoulder and watches keystrokes or data as it appears on the screen. Social engineering is tricking another person into sharing confidential information by posing as an authorized individual to that information. Shon Harris: CISSP Certification pg. 63. Shoulder surfing is not social engineering.

- Muhammad Idham Azhari

Friday, June 12, 2015

Logo Design Inspiration - 12 June 2015



- Muhammad Idham Azhari

CISSP Exam Preparation (Question 300)

(300) A new worm has been released on the Internet. After investigation, you have not been able to determine if you are at risk of exposure. Management is concerned as they have heard that a number of their counterparts are being affected by the worm. How could you determine if you are at risk?

A. Evaluate evolving environment.
B. Contact your anti-virus vendor.
C. Discuss threat with a peer in another organization.
D. Wait for notification from an anti-virus vendor.

Correct Answer: B


Explanation/Reference:

- Muhammad Idham Azhari

Friday, June 5, 2015

Logo Design Inspiration - 5 June 2015



- Muhammad Idham Azhari

CISSP Exam Preparation (Question 299)

(299) Which of the following is not a part of risk analysis?

A. Identify risks
B. Quantify the impact of potential threats
C. Provide an economic balance between the impact of the risk and the cost of the associated
countermeasures
D. Choose the best countermeasure

Correct Answer: D


Explanation/Reference:

- Muhammad Idham Azhari