Section: Mixed questions

Explanation/Reference:
Explanation:
Contingency plans are developed as a result of a risk being identified. Contingency plans are pre-defined actions plans that can be implemented if identified risks actually occur. One type of identified risk is a residual risk. Residual risks are those risks that are expected to remain after implementing the planned risk response, as well as those that have been deliberately accepted.
A contingency plan should address the risks found during risk assessment. Risk assessment includes both the identification of potential risk and the evaluation of the potential impact of the risk.
Incorrect Answers:
A: Contingency plans should not just address potential risks. It should address identified risks and residual risks as well.
B: Contingency plans should not just address residual risks. It should address identified risks and potential risks as well.
C: Contingency plans should not just address identified risks. It should address potential risks and residual risks as well.

Explanation

AH, ESP and IKE are the three main components of IPSec. A KDC (Key Distribution
Center) is a component of Kerberos, not IPSec.
Source: Information Systems Audit and Control Association, Certified Information Systems
Auditor 2002 review manual, Chapter 4: Protection of Information Assets (page 217).

Historically, a code refers to a cryptosystem that deals with linguistic units: words,
phrases, sentences, and so forth. Codes are only useful for specialized circumstances where the
message to transmit has an already defined equivalent ciphertext word.
Source: DUPUIS, Cl?ment, CISSP Open Study Guide on domain 5, cryptography, April 1999.