Any combination of the following techniques can be used in gathering information relevant to the IT system within its operational boundary: Questionnaire. The questionnaire should be distributed to the applicable technical and nontechnical management personnel who are designing or supporting the IT system. On-site Interviews. On-site visits also allow risk assessment personnel to observe and gather information about the physical, environmental, and operational security of the IT system. Document Review. Policy documents, system documentation, and security-related documentation can provide good information about the security controls used by and planned for the IT system. Use of Automated Scanning Tools. Proactive technical methods can be used to collect system information efficiently. Source: NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems.

Section: Software Development Security

The order of effectiveness has not changed for a few years. It is still the same today as it was three years ago. The list below present them from most effective to list effective: Iris scan Retina scan Fingerprint Hand geometry Voice pattern Keystroke pattern Signature

Explanation/Reference:
Explanation:
Interference interrupts the flow of an electrical current, and fluctuations can actually deliver a different level of voltage than what was expected. Each fluctuation can be damaging to devices and people.
The following explains the different types of voltage fluctuations possible with electric power:
Power excess:
Spike Momentary high voltage

Surge Prolonged high voltage

Power loss:
Fault Momentary power outage

Blackout Prolonged, complete loss of electric power

Power degradation:
Sag/dip Momentary low-voltage condition, from one cycle to a few seconds

Brownout Prolonged power supply that is below normal voltage

In-rush current Initial surge of current required to start a load

Incorrect Answers:
A: A spike is a momentary high voltage, not a momentary low voltage. Therefore, this answer is incorrect.
B: A blackout is a prolonged complete loss of power, not a momentary low voltage. Therefore, this answer is incorrect.
D: A fault is a momentary power outage, not a momentary low voltage. Therefore, this answer is incorrect.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 462-463