A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?
Correct Answer: A
The residual risk is 25% in this scenario. Residual risk is the portion of risk that remains after security measures have been applied to mitigate the risk. Residual risk can be calculated by subtracting the risk reduction from the total risk. In this scenario, the total risk is 100%, and the risk reduction is 75%. The risk reduction is 75% because the control stops 50% of attacks, and reduces the impact of an attack by 50%. Therefore, the residual risk is 100% - 75% = 25%. Alternatively, the residual risk can be calculated by multiplying the probability and the impact of the remaining risk. In this scenario, the probability of an attack is 50%, and the impact of an attack is 50%. Therefore, the residual risk is 50% x 50% = 25%. 50%, 75%, and 100% are not the correct answers to the question, as they do not reflect the correct calculation of the residual risk.
CISSP Exam Question 7
A development operations team would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. Which of the following environments BEST fits their need?
Correct Answer: B
A cloud application container within a Virtual Machine (VM) is the environment that best fits the need of a development operations team that would like to start building new applications delegating the cybersecurity responsibility as much as possible to the service provider. A cloud application container within a VM is a type of cloud computing service that allows the development operations team to deploy and run their applications in isolated and lightweight environments that are hosted on a VM in the cloud. A cloud application container within a VM can provide several benefits to the development operations team, such as improving the portability, the scalability, the efficiency, and the performance of their applications. A cloud application container within a VM can also delegate the cybersecurity responsibility as much as possible to the service provider, as the service provider is responsible for managing and securing the underlying infrastructure, platform, and VM that host the application container. The development operations team only needs to focus on securing their application container and the data that is stored and processed within it, and rely on the service provider to provide the security controls and the protection for the rest of the cloud environment.
CISSP Exam Question 8
Which of the following would qualify as an exception to the "right to be forgotten" of the General Data Protection Regulation's (GDPR)?
Correct Answer: A
The right to be forgotten is a principle of the GDPR that grants data subjects the right to request the erasure of their personal data from a data controller under certain conditions. However, there are some exceptions to this right, where the data controller can refuse to erase the personal data if it is necessary for a legitimate purpose. One of the exceptions is for the establishment, exercise, or defense of legal claims, where the personal data is required for the data controller to assert, pursue, or protect its legal rights or obligations.
CISSP Exam Question 9
Which of the following outsourcing agreement provisions has the HIGHEST priority from a security operations perspective?
Correct Answer: C
An escalation process for problem resolution during incidents is a provision that defines how to escalate and resolve issues that arise during security incidents, such as breaches, attacks, or disruptions. An escalation process is a high priority from a security operations perspective, as it can help to minimize the impact and duration of the incidents, as well as to coordinate the response and recovery efforts among the involved parties. An escalation process may include the following elements: the roles and responsibilities of the incident response team, the communication channels and methods, the criteria and thresholds for escalation, the escalation levels and procedures, the escalation matrix and contacts, and the escalation reporting and feedback.
CISSP Exam Question 10
Which of the following is the MOST critical success factor in the security patch management process?
Correct Answer: D
Security patch management is a process of identifying, acquiring, testing, deploying, and verifying patches or updates for software systems or applications to fix security vulnerabilities or bugs. The most critical success factor in the security patch management process is to perform a risk and impact analysis before applying any patches or updates. A risk and impact analysis helps to evaluate the severity and urgency of the patch or update, the potential threats and consequences of not applying the patch or update, and the possible side effects or disruptions of applying the patch or update. A risk and impact analysis can help to prioritize, plan, and implement the patch or update in a timely and effective manner, while minimizing the risks and impacts to the system or application. Tracking and reporting on inventory, supporting documentation, and management review of reports are also important factors in the security patch management process, but they are not as critical as the risk and impact analysis.
Newest CISSP Exam PDF Dumps shared by Actual4test.com for Helping Passing CISSP Exam! Actual4test.com now offer the updated CISSP exam dumps, the Actual4test.com CISSP exam questions have been updated and answers have been corrected get the latest Actual4test.com CISSP pdf dumps with Exam Engine here: