Practice Test Questions

29 Nov

Posted at 12:49h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Domer Industries is conducting a risk analysis of the risk of an earthquake damaging their data center. The data center is valued at $10 million and seismologists expect that a serious earthquake will damage 75% of the facility once every 50 years. In this scenario, what is the annualized loss expectancy? A. $7,500,000 B. $150,000 C. $5,625,000 D. $10,000,000 Correct Answer: B In this scenario, the annualized rate of occurrence (ARO) is once every 50 years, or a 0.02 ARO on an annual basis. The asset value (AV) is $10,000,000 and the exposure factor (EF) is 75%, resulting in a single loss expectancy (SLE) of $7,500,000. The annualized loss expectancy (ALE) is computed by multiplying the SLE by the ARO to get $150,000. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

29 Nov

Posted at 12:39h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Wanda would like to implement an operational security control that increases the likelihood that internal fraud will be detected. Which one of the following controls would best meet her objective? A. Two-Person Control B. Least Privilege C. Separation of Duties D. Job Rotation Correct Answer: D Two-person control, least privilege, and separation of duties are all designed to deter and prevent fraud from occurring in the first place. None of which would meet Wanda’s objective. Of the controls listed, only job rotation serves to detect fraud that has already taken place. So, this is the correct answer.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

29 Nov

Posted at 12:24h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which metric from a CVSS 3 rating describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability? A. AC B. PR C. UI D. AV Correct Answer: A The Privileges Required (PR) metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. So, this is not the answer we are looking for.The Attack Complexity (AC) metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. So, this is the correct answer. The User Interaction (UI) metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. That is not what we are looking for here. The Attack Vector (AV) metric describes the context by which vulnerability exploitation is possible. So, that is not the correct answer here either.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...