Free 212-89 Exam Dumps

Question 36

Which of the following terms may be defined as “a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization’s operation and revenues?

A. Risk
B. Vulnerability
C. Threat
D. Incident Response

Correct Answer:A

Question 37

The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the matrix, one can conclude that:

A. If the insider’s technical literacy is low and process knowledge is high, the risk posed by the threat will be insignificant.
B. If the insider’s technical literacy and process knowledge are high, the risk posed by the threat will be insignificant.
C. If the insider’s technical literacy is high and process knowledge is low, the risk posed by the threat will be high.
D. If the insider’s technical literacy and process knowledge are high, the risk posed by the threat will be high.

Correct Answer:D

Question 38

An adversary attacks the information resources to gain undue advantage is called:

A. Defensive Information Warfare
B. Offensive Information Warfare
C. Electronic Warfare
D. Conventional Warfare

Correct Answer:B

Question 39

Which of the following is a risk assessment tool:

A. Nessus
B. Wireshark
C. CRAMM
D. Nmap

Correct Answer:C

Question 40

Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the risk associated with an IT system through its SDLC. How many primary steps does NIST’s risk assessment methodology involve?

A. Twelve
B. Four
C. Six
D. Nine

Correct Answer:D