The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____. a. Vulnerability mitigation controls b. Attack analysis calculation c. Risk assessment estimate factors d. Exploit likelihood equation

?When using the Governing for Enterprise Security (GES) program, an Enterprise Security Program (ESP) should be structured so that governance activities are driven by the organizations executive management, select key stakeholders, as well as the ____________.

	a.	?Board Finance Committee
	b.	?Board Audit Committee
	c.	?Board Risk Committee
	d.	?Chairman of the Board

Which of the following is a feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls?

	a.	DoS
	b.	hoax
	c.	brute force
	d.	back door

An information security professional with authorization to attempt to gain system access in an effort to identify and recommend resolutions for vulnerabilities in those systems is known as a(n) ____________.

	a.	?script kiddie
	b.	?gray-hat hacker
	c.	?zebra team
	d.	?penetration tester

Which of the following provides an identification card of sorts to clients who request services in a Kerberos system?

	a.	Authentication Client
	b.	Key Distribution Center
	c.	Ticket Granting Service
	d.	Authentication Server

?Also known as an economic feasibility study, the formal assessment and presentation of the economic expenditures needed for a particular security control, contrasted with its projected value to the organization is known as costbenefit analysis (CBA). ____________

True

False