nerdexam
GIAC

GSEC · Question #38

GSEC Question #38: Real Exam Question with Answer & Explanation

The correct answer is E. Identification of critical information. The OPSEC five-step process always begins with identifying critical information because every subsequent step - threat analysis, vulnerability analysis, risk assessment, and countermeasures - depends on first knowing what must be protected.

Question

Which of the following is the FIRST step in performing an Operational Security (OP5EC) Vulnerabilities Assessment?

Options

  • AAssess the threat
  • BAssess vulnerabilities of critical information to the threat
  • CConduct risk versus benefit analysis
  • DImplement appropriate countermeasures
  • EIdentification of critical information

Explanation

The OPSEC five-step process always begins with identifying critical information because every subsequent step - threat analysis, vulnerability analysis, risk assessment, and countermeasures - depends on first knowing what must be protected.

Common mistakes.

  • A. Assessing the threat is the second OPSEC step and cannot be meaningfully performed until critical information has been identified in step one.
  • B. Assessing vulnerabilities of critical information is the third step and presupposes that both critical information (step 1) and threats (step 2) are already known.
  • C. Risk versus benefit analysis is the fourth step and requires completed threat and vulnerability assessments from the preceding steps before it can be conducted.
  • D. Implementing countermeasures is the fifth and final step; applying measures before completing all prior analysis steps would be arbitrary and potentially misdirected.

Concept tested. OPSEC five-step process - first step identification

Reference. https://www.cisa.gov/opsec

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice