98%(107)105 out of 107 people found this document helpful
This preview shows page 1 - 3 out of 6 pages.
QUESTION 11.A ____________ would be a misconfiguration of a system that allows the hacker to gain unauthorized access, whereas a______________ is a combination of the likelihood that such a misconfiguration could happen, a hacker’s exploitation of it, and the impact if the event occurred.vulnerability, riskrisk, vulnerabilitythreat, riskrisk, threatQUESTION 21.As employees find new ways to improve a system or process, it is important to have a way to capture their ideas. ________________________ can beunderstood as finding a better way or as a lesson learned.QUESTION 31.Generally, regardless of threat or vulnerability, there will ____________ be a chance a threat can exploit a vulnerability.QUESTION 41.In the Build, Acquire, and Implement domain, the ability to manage change is very important. Thus, there are often ___________________ set to avoid disrupting current services while new services are added.
guidelinesQUESTION 51.When an organization lacks policies, its operations become less predictable. Which of the following is a challenge you can expect without policies?lower costsincreased regulatory compliancecustomer dissatisfactionlow retention rates for employeesQUESTION 61.A good security awareness program makes employees aware of the behaviors expected of them. All security awareness programs have two enforcement components: the carrot and the stick. Which of the following bestcaptures the relationship of the two components?