Which of the following documents were developed by NIST for conducting Certification and Accreditation (CandA)? Each correct answer represents a complete solution. Choose all that apply.
A. NIST Special Publication 800-60Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement information security is to have a security program in place. What are the objectives of a security program? Each correct answer represents a complete solution. Choose all that apply.
A. Security educationAn asset with a value of $600,000 is subject to a successful malicious attack threat twice a year. The asset has an exposure of 30 percent to the threat. What will be the annualized loss expectancy?
A. $360,000There are seven risks responses that a project manager can choose from. Which risk response is appropriate for both positive and negative risk events?
A. AcceptanceAudit trail or audit log is a chronological sequence of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Under which of the following controls does audit control come?
A. Reactive controlsYou work as a systems engineer for BlueWell Inc. Which of the following tools will you use to look outside your own organization to examine how others achieve their performance levels, and what processes they use to reach those levels?
A. BenchmarkingWhich of the following attacks causes software to fail and prevents the intended users from accessing software?
A. Enabling attackWhich of the following processes describes the elements such as quantity, quality, coverage, timelines, and availability, and categorizes the different functions that the system will need to perform in order to gather the documented mission/ business needs?
A. Human factorsFIPS 199 defines the three levels of potential impact on organizations: low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact?
A. The loss of confidentiality, integrity, or availability might result in a major damage to organizational assets.Which of the following are included in Technical Controls? Each correct answer represents a complete solution. Choose all that apply.
A. Identification and authentication methodsNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only ISC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CSSLP exam preparations and ISC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.