Qualitative loss resulting from the business interruption does NOT usually include:
Correct Answer: A
Explanation/Reference: This question is testing your ability to evaluate whether items on the list are Qualitative or Quantitative. All of the items listed were Qualitative except Lost of Revenue which is Quantitative. Those are mainly two approaches to risk analysis, see a description of each below: A quantitative risk analysis is used to assign monetary and numeric values to all elements of the risk analysis process. Each element within the analysis (asset value, threat frequency, severity of vulnerability, impact damage, safeguard costs, safeguard effectiveness, uncertainty, and probability items) is quantified and entered into equations to determine total and residual risks. It is more of a scientific or mathematical approach to risk analysis compared to qualitative. A qualitative risk analysis uses a "softer" approach to the data elements of a risk analysis . It does not quantify that data, which means that it does not assign numeric values to the data so that they can be used in equations. Qualitative and quantitative impact information should be gathered and then properly analyzed and interpreted. The goal is to see exactly how a business will be affected by different threats. The effects can be economical, operational, or both. Upon completion of the data analysis, it should be reviewed with the most knowledgeable people within the company to ensure that the findings are appropriate and that it describes the real risks and impacts the organization faces. This will help flush out any additional data points not originally obtained and will give a fuller understanding of all the possible business impacts. Loss criteria must be applied to the individual threats that were identified. The criteria may include the following: Loss in reputation and public confidence Loss of competitive advantages Increase in operational expenses Violations of contract agreements Violations of legal and regulatory requirements Delayed income costs Loss in revenue Loss in productivity Reference used for this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 909). McGraw-Hill. Kindle Edition.
Question 813
Which of the following algorithms does NOT provide hashing?
Correct Answer: C
As it is an algorithm used for encryption and does not provide hashing functions , it is also commonly implemented ' Stream Ciphers '. The other answers are incorrect because : SHA-1 was designed by NIST and NSA to be used with the Digital Signature Standard (DSS). SHA was designed to be used in digital signatures and was developed when a more secure hashing algorithm was required for U.S. government applications. MD2 is a one-way hash function designed by Ron Rivest that creates a 128-bit message digest value. It is not necessarily any weaker than the other algorithms in the "MD" family, but it is much slower. MD5 was also created by Ron Rivest and is the newer version of MD4. It still produces a 128-bit hash, but the algorithm is more complex, which makes it harder to break. Reference : Shon Harris , AIO v3 , Chapter - 8 : Cryptography , Page : 644 - 645
Question 814
Which of the following is NOT a system-sensing wireless proximity card?
Correct Answer: A
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, page 342.
Question 815
Related to information security, confidentiality is the opposite of which of the following?
Correct Answer: B
Section: Security Operation Adimnistration Explanation/Reference: Confidentiality is the opposite of disclosure. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 59.
Question 816
TCPWrappers is an example of which type of security tool?