Free CSSLP Exam Braindumps

You work as a Network Auditor for Net Perfect Inc. The company has a Windows-based network. While auditing the company's network, you are facing problems in searching the faults and other entities that belong to it. Which of the following risks may occur due to the existence of these problems?

  1. Residual risk
  2. Secondary risk
  3. Detection risk
  4. Inherent risk

Answer(s): C

Explanation:

Detection risks are the risks that an auditor will not be able to find what they are looking to detect. Hence, it becomes tedious to report negative results when material conditions (faults) actually exist. Detection risk includes two types of risk: Sampling risk: This risk occurs when an auditor falsely accepts or erroneously rejects an audit sample. Nonsampling risk: This risk occurs when an auditor fails to detect a condition because of not applying the appropriate procedure or using procedures inconsistent with the audit objectives (detection faults). Answer A is incorrect. Residual risk is the risk or danger of an action or an event, a method or a (technical) process that, although being abreast with science, still conceives these dangers, even if all theoretically possible safety measures would be applied (scientifically conceivable measures). The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). In the economic context, residual means "the quantity left over at the end of a process; a remainder". Answer D is incorrect. Inherent risk, in auditing, is the risk that the account or section being audited is materially misstated without considering internal controls due to error or fraud. The assessment of inherent risk depends on the professional judgment of the auditor, and it is done after assessing the business environment of the entity being audited. Answer B is incorrect. A secondary risk is a risk that arises as a straight consequence of implementing a risk response. The secondary risk is an outcome of dealing with the original risk. Secondary risks are not as rigorous or important as primary risks, but can turn out to be so if not estimated and planned properly.



In which of the following levels of exception safety are operations succeeded with full guarantee and fulfill all needs in the presence of exceptional situations?

  1. Commit or rollback semantics
  2. Minimal exception safety
  3. Failure transparency
  4. Basic exception safety

Answer(s): C

Explanation:

Failure transparency is the best level of exception safety. In this level, operations are succeeded with full guarantee and fulfill all needs in the presence of exceptional situations. Failure transparency does not throw the exception further up even when an exception occurs. This level is also known as no throw guarantee.



Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

  1. Confidentiality
  2. Non-repudiation
  3. Authentication
  4. Integrity

Answer(s): B

Explanation:

Non-repudiation is a mechanism which proves that the sender really sent a message. It provides an evidence of the identity of the senderand message integrity. It also prevents a person from denying the submission or delivery of the message and the integrity of its contents. Answer C is incorrect. Authentication is a process of verifying the identity of a person or network host. Answer A is incorrect. Confidentiality ensures that no one can read a message except the intended receiver. Answer D is incorrect. Integrity assures the receiver that the received message has not been altered in any way from the original.



How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?

  1. Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO)
  2. Single Loss Expectancy (SLE)/ Exposure Factor (EF)
  3. Asset Value X Exposure Factor (EF)
  4. Exposure Factor (EF)/Single Loss Expectancy (SLE)

Answer(s): A

Explanation:

The Annualized Loss Expectancy (ALE) that occurs due to a threat can be calculated by multiplying the Single Loss Expectancy (SLE) with the Annualized Rate of Occurrence (ARO). Annualized Loss Expectancy (ALE) = Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO) Annualized Rate of Occurrence (ARO) is a number that represents the estimated frequency in which a threat is expected to occur. It is calculated based upon the probability of the event occurring and the number of employees that could make that event occur. Single Loss Expectancy (SLE) is the value in dollars that is assigned to a single event. SLE can be calculated by the following formula: SLE = Asset Value ($) X Exposure Factor (EF) The Exposure Factor (EF) represents the % of assets loss caused by a threat. The EF is required to calculate Single Loss Expectancy (SLE).



Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?

  1. Phase 2
  2. Phase 4
  3. Phase 1
  4. Phase 3

Answer(s): D

Explanation:

The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. Answer C is incorrect. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. Answer A is incorrect. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. Answer B is incorrect. This phase ensures that it will maintain an acceptable level of residual risk.