Appendix Answers to Review Questions

Chapter 1: Security and Risk Management (Domain 1)

  1. D. The final step of a quantitative risk analysis is conducting a cost/benefit analysis to determine whether the organization should implement proposed countermeasure(s).
  2. A. Spoofing attacks use falsified identities. Spoofing attacks may use false IP addresses, email addresses, names, or, in the case of an evil twin attack, SSIDs.
  3. C. The DMCA states that providers are not responsible for the transitory activities of their users. Transmission of information over a network would qualify for this exemption. The other activities listed are all nontransitory actions that require remediation by the provider.
  4. A. The Notice principle says that organizations ...

Get CISSP Official (ISC)2 Practice Tests now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.