CIS 502 MENTOR Future Starts Here/cis502mentor.com CIS 502 MENTOR Future Starts Here/cis502mentor.com | Page 9

• 9 The impact of a specific threat is defined as :
• 10 Annualized loss expectancy is defined as :
• 11 A security manager is performing a quantitative risk assessment on a particular asset . The security manager wants to estimate the yearly loss based on a particular threat . The correct way to calculate this is ::
• 12 An organization wishes to purchase an application , and is undergoing a formal procurement process to evaluate and select a product . What documentation should the organization use to make sure that the application selected has the appropriate security-related characteristics ?
• 13 An organization suffered a virus outbreak when malware was download by an employee in a spam message . This outbreak might not have happened had the organization followed what security principle :
• 14 Which of the following is NOT an authentication protocol :
• 15 The categories of controls are :
• 16 Organizations that implement two-factor authentication often do not adequately plan . One result of this is :
• 17 Buffer overflow , SQL injection , and stack smashing are examples of :

• 9 The impact of a specific threat is defined as :

• 10 Annualized loss expectancy is defined as :

• 11 A security manager is performing a quantitative risk assessment on a particular asset . The security manager wants to estimate the yearly loss based on a particular threat . The correct way to calculate this is ::

• 12 An organization wishes to purchase an application , and is undergoing a formal procurement process to evaluate and select a product . What documentation should the organization use to make sure that the application selected has the appropriate security-related characteristics ?

• 13 An organization suffered a virus outbreak when malware was download by an employee in a spam message . This outbreak might not have happened had the organization followed what security principle :

• 14 Which of the following is NOT an authentication protocol :

• 15 The categories of controls are :

• 16 Organizations that implement two-factor authentication often do not adequately plan . One result of this is :

• 17 Buffer overflow , SQL injection , and stack smashing are examples of :