CISSP Question #1518: Real Exam Question with Answer & Explanation

Question

Drag and Drop Question Drag the following Security Engineering terms on the left to the BEST definition on the right. Answer:

Options

• draggable_1Security Risk Treatment
• draggable_2Threat Assessment
• draggable_3Protection Needs
• draggable_4Risk
• definition_1The method used to identify the confidentiality, integrity, and availability requirements for organizational and system assets and to characterize the adverse impact or consequences should the asset be lost, modified, degraded, disrupted, compromised, or become unavailable.
• definition_2A measure of the extent to which an entity is threatened by a potential circumstance or event, the adverse impacts that would arise if the circumstance or event occurs, and the likelihood of occurrence.
• definition_3The method used to identify and characterize the dangers anticipated throughout the life cycle of the system.
• definition_4The method used to identify feasible security risk mitigation options and plans.

Explanation

The correct mappings are: 'Protection Needs' matches definition_1 because protection needs analysis is specifically the method used to identify CIA (confidentiality, integrity, availability) requirements for assets and characterize adverse impacts if those assets are compromised. 'Risk' matches definition_2 because risk is classically defined as a measure of the extent to which an entity is threatened by a potential circumstance or event, combining likelihood and impact. 'Security Risk Treatment' refers to the process of selecting and implementing controls to modify risk (avoid, transfer, mitigate, accept), and 'Threat Assessment' is the process of identifying and evaluating threats based on their likelihood and potential impact - neither of which aligns with the provided definitions.

No community discussion yet for this question.