Questions for Domain 1: Security Risk Management

Posted byChrisPosted inUncategorized

Use the following scenario to answer questions 1-3:

Your company sells iPods online and has suffered many DoS attacks. Your company makes an average weekly profit of $20K, and a typical DoS attack lowers sales by 40%. On average, you suffer 7 DoS attacks per year. A DoS mitigation service is available for a subscription fee of $10K. You have tested this service and believe it will mitigate the attacks.

  1. What is the ARO in the above scenario?
    (a) $20,000
    (b) 40%
    (c) 7
    (d) $10,000
  2. What is the ALE of lost iPod sales due to the DoS attacks?
    (a) $20,000
    (b) $8,000
    (c) $84,000
    (d) $56,000
  3. Is the DoS mitigation service a good investment?
    (a) Yes, it will pay for itself
    (b) Yes, $10K is less than the $56K ALE
    (c) No, the annual TCO is higher than the ALE
    (d) No, the annual TCO is lower than the ALE
  4. Which canon of the ISC(2) Code of Ethics should be considered the most important?
    (a) Protect society, the commonwealth and the infrastructure
    (b) Advance & protect the profession
    (c) Act honorably, honestly, justly, responsibly and legally
    (d) Provide diligent & competent service to principals
  5. Identify from the list below items that can be classed as objects. (Select all that apply)
    (a) Readme.txt file
    (b) Database table
    (c) Running login process
    (d) Authenticated user
    (e) 1099 Tax Form

Answers in comments

One thought on “Questions for Domain 1: Security Risk Management

  1. Q1: (c) 7
    The ARO is the number of attacks per year: 7. The AV is $20K, the EV is 40% and the monthly cost of the DoS service (used to calculate TCO) is $10,000.

    Q2: (d) $56,000
    The ALE is derived by first calculating the EV, which is the AV ($20K) multiplied by the EF (40%, i.e. 0.4). The SLE is $8000 (0.4 * $20K), which is multiplied by the ARO of 7 for an ALE of $56K.

    Q3:
    (c) No, the annual TCO is lower than the ALE
    ALE = $56,000
    Annual TCO = $10,000 x 12 = $120,000

    Q4:
    Remember the canons are ordered from most to least important, and from longest to shortest, therefore:
    (a) Protect society, the commonwealth & the infrastructure

    Q5:
    An authenticated user and a running login process would be classed as subjects, and the other options are all objects:
    (a) Files, (b) Databases, (e) Tax forms

    Like

    Reply

Leave a comment

Design a site like this with WordPress.com
Get started