Free CSSLP Braindumps


  • Exam Number: CSSLP
  • Provider: ISC
  • Questions: 349
  • Updated On: 11-Dec-2018


QUESTION: 1
You work as a Network Auditor for Net Perfect Inc. The company has a Windows-based network.
While auditing the company's network, you are facing problems in searching the faults and other
entities that belong to it. Which of the following risks may occur due to the existence of these
problems?

A. Residual risk
B. Secondary risk
C. Detection risk
D. Inherent risk
Answer(s): C
Explanation:F
Detection risks are the risks that an auditor wil not be able to find what they are looking to detect.
Hence, it becomes tedious to report negative results when material conditions (faults) actual y
exist. Detection risk includes two types of risk: Sampling risk: This risk occurs when an auditor
falsely accepts or erroneously rejects an audit sample. Nonsampling risk: This risk occurs when an
auditor fails to detect a condition because of not applying the appropriate procedure or using
procedures inconsistent with the audit objectives (detection faults). Answer A is incorrect. Residual
risk is the risk or danger of an action or an event, a method or a (technical) process that, although
being abreast with science, stil conceives these dangers, even if all theoretical y possible safety
measures would be applied (scientifically conceivable measures). The formula to calculate residual
risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). In the economic
context, residual means "the quantity left over at the end of a process; a remainder". Answer D is
incorrect. Inherent risk, in auditing, is the risk that the account or section being audited is material y
misstated without considering internal controls due to error or fraud. The assessment of inherent
risk depends on the professional judgment of the auditor, and it is done after assessing the
business environment of the entity being audited. Answer B is incorrect. A secondary risk is a risk
that arises as a straight consequence of implementing a risk response. The secondary risk is an
outcome of dealing with the original risk. Secondary risks are not as rigorous or important as
primary risks, but can turn out to be so if not estimated and planned properly.

QUESTION:
2
The National Information Assurance Certification and Accreditation Process (NIACAP) is the
minimum standard process for the certification and accreditation of computer and
telecommunications systems that handle U.S. national security information. Which of the following
participants are required in a NIACAP security assessment? Each correct answer represents a part
of the solution. Choose al that apply.

A. Certification agent
B. Designated Approving Authority
C. IS program manager
D. Information Assurance Manager
E. User representative
Answer(s): A, B, C, E
Explanation:
The NIACAP roles are nearly the same as the DITSCAP roles. Four minimum participants (roles)
are required to perform a NIACAP security assessment: IS program manager: The IS program
manager is the primary authorization advocate. He is responsible for the Information Systems (IS)
throughout the life cycle of the system development. Designated Approving Authority (DAA): The
Designated Approving Authority (DAA), in the United States Department of Defense, is the official
with the authority to formally assume responsibility for operating a system at an acceptable level of
risk. Certification agent: The certification agent is also referred to as the certifier. He provides the
technical expertise to conduct the certification throughout the system life cycle. User
representative: The user representative focuses on system availability, access, integrity,



Get The Premium Version

Allbraindumps.com
 Test Questions PDF from Myitguides.com

 Test Questions PDF from Myitguides.com