A facility will experience a major power failure once in 20 years. A major power failure would cost $1,250,000. The cost of recovery plan is $2,000 per month, and the cost of capital is $25,000. What are the Annualized Loss Expectancy (ALE) and baseline costs, respectively? 1250000=
Correct Answer: B
CISSP Exam Question 852
Which of the following is NOT an asymmetric key algorithm?
Correct Answer: D
Data Encryption Standard (DES) is a symmetric key algorithm. Originally developed by IBM, under project name Lucifer, this 128-bit algorithm was accepted by the NIST in 1974, but the key size was reduced to 56 bits, plus 8 bits for parity. It somehow became a national cryptographic standard in 1977, and an American National Standard Institute (ANSI) standard in 1978. DES was later replaced by the Advanced Encryption Standard (AES) by the NIST. All other options are asymmetric algorithms. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 8: Cryptography (page 525). Reference: DES: http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
CISSP Exam Question 853
What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it?
Correct Answer: C
A fault-tolerant system is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it. In a fail-safe system, program execution is terminated, and the system is protected from being compromised when a hardware or software failure occurs and is detected. In a fail-soft system, when a hardware or software failure occurs and is detected, selected, non-critical processing is terminated. The term failover refers to switching to a duplicate "hot" backup component in real-time when a hardware or software failure occurs, enabling processing to continue. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 196).
CISSP Exam Question 854
What is the MOST efficient way to secure a production program and its data?
Correct Answer: C
CISSP Exam Question 855
An organization is outsourcing its payroll system and is requesting to conduct a full audit on the third-party information technology (IT) systems. During the due diligence process, the third party provides previous audit report on its IT system. Which of the following MUST be considered by the organization in order for the audit reports to be acceptable?
Correct Answer: A
The most important factor that the organization must consider in order for the audit reports to be acceptable is that the audit assessment has been conducted by an independent assessor. An independent assessor is a person or an entity that has no affiliation or interest with the third party or the organization, and that can perform the audit assessment objectively and impartially. An independent assessor can provide a credible and reliable evaluation of the third party's information technology (IT) systems, and identify any risks, issues, or gaps that may affect the security, performance, or compliance of the outsourced payroll system. An independent assessor can also verify that the third party's IT systems meet the organization's requirements and expectations, and that the third party follows the best practices and standards for IT security and management. The audit reports being signed by the third-party senior management, being issued in the last six months, or being conducted by an international audit firm are not as critical as the audit assessment being conducted by an independent assessor, as they do not guarantee the quality, validity, or relevance of the audit reports, or they may not be applicable or feasible in all cases. References: * Audit Assessment * Independent Assessor * Outsourcing IT Services
