- True
- False
2. The InfoSec community often takes on the leadership role in addressing risk.
- True
- False
3. Some threats can manifest in multiple ways, yielding multiple vulnerabilities for an asset-threat pair.
- True
- False
4. An evaluation of the threats to information assets, including a determination of their potential to endanger the organization is known as exploit assessment.
- True
- False
5. A prioritized lists of assets and threats can be combined with exploit information into a specialized report known as a TVA worksheet.
- True
- False
Answer:
1. False
Reason: Risk management programs do not assure complete protection, rather they demonstrate a diligent effort to assure protection.
2. True:
Reason: Because members of the InfoSec community best understand the threats and attacks that introduce risk, they often take a leadership role in addressing risk.
3. True:
Reason: Since assets operate in a common defended environment, threats that can attack one asset can often attack other assets as well. Likewise, many threats are capable of multiple modes of operation, allowing them to bypass many common defenses.
4. False
Reason: Vulnerability assessment is the process of finding weaknesses. Exploits are a means of using the weakness to cause the loss.
5 False:
Reason: Vulnerabilities are the weaknesses, exploits are the means by which vulnerabilities are used against the defender.
No comments:
Post a Comment