CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. ISSAP

Free ISSAP Exam Braindumps (page: 28)

Page 28 of 61
PDF with 241 Questions

You are calculating the Annualized Loss Expectancy (ALE) using the following formula: ALE=AV * EF * ARO What information does the AV (Asset Value) convey?

  1. It represents how many times per year a specific threat occurs.
  2. It represents the percentage of loss that an asset experiences if an anticipated threat occurs.
  3. It is expected loss for an asset due to a risk over a one year period.
  4. It represents the total cost of an asset, including the purchase price, recurring maintenance, expenses, and all other costs.

Answer(s): D

Explanation:

AV (Asset Value) is a factor that represents the total cost of an asset, including the purchase price, recurring maintenance, expenses, and all other costs associated with acquiring an asset.
Answer option B is incorrect. EF (Exposure Factor) is a factor that represents the percentage of loss that an asset experiences if an anticipated threat occurs.
Answer option A is incorrect. ARO (Annualized Rate of Occurrence) is a factor that represents how many times per year a specific threat occurs.
Answer option C is incorrect. Annualized Loss Expectancy (ALE) is a monetary value that is expected for an asset due to a risk over a one year period.



You work as a Network Administrator for NetTech Inc.
When you enter http://66.111.64.227 in the browser's address bar, you are able to access the site. But, you are unable to access the site when you enter http://www.company.com.
What is the most likely cause?

  1. The site's Web server is offline.
  2. The site's Web server has heavy traffic.
  3. WINS server has no NetBIOS name entry for the server.
  4. DNS entry is not available for the host name.

Answer(s): D

Explanation:

You are unable to access the site on entering http://www.company.com because the DNS server has no entry for the host name www.company.com. DNS server resolves host name to IP address. If the DNS entry is not found, the browser's request by host name cannot be resolved. Hence, you will access the site only by specifying the IP address of the site.



In software development, which of the following analysis is used to document the services and functions that have been accidentally left out, deliberately eliminated or still need to be developed?

  1. Gap analysis
  2. Requirement analysis
  3. Cost-benefit analysis
  4. Vulnerability analysis

Answer(s): A

Explanation:

Gap analysis is used to document the services and functions that have been accidentally left out, deliberately eliminated or still need to be developed.
Gap analysis is a tool that helps a company to compare its actual performance with its potential performance. It is a formal study of what a business is doing currently and where it wants to go in the future. Gap analysis provides a foundation for measuring investment of time, money and human resources required to achieve a particular outcome. The goal of gap analysis is to identify the gap between the optimized allocation and integration of the inputs, and the current level of allocation. This helps provide the company with insight into areas, which could be improved. The gap analysis process involves determining, documenting and approving the variance between business requirements and current capabilities. Answer option D is incorrect. Vulnerability analysis is also known as vulnerability assessment. It is a process that defines systematic examination of a critical infrastructure, identifies and classifies the security vulnerabilities in a computer, network, or communications infrastructure. In addition, vulnerability analysis forecasts the effectiveness of proposed countermeasures, identifies the security deficiencies, evaluates the security alternatives, and verifies the adequacy of such measures after implementation.
Answer option C is incorrect. A cost benefit analysis is a technique related to the cost effectiveness of different alternatives in order to see whether the benefits outweigh the costs. Its aim is to gauge the efficiency of the intervention relative to the status quo.
To implement cost-effective controls and allocate resources, organizations, after identifying all likely controls and evaluating their feasibility and usefulness, must conduct a cost-benenifit analysis. This process must be conducted for each new or enhanced control to determine if the control recommended is appropriate for the organization. A cost benenifit analysis mainly determines the impact of implementing the new or enhanced control and then determines the impact of not implementing the control. Answer option B is incorrect. The requirements analysis processes are a collection of processes that work together to define the stakeholder requirements, the solution to satisfy the stakeholder, and a definition of the solution in enough detail that the solution components can be constructed.



Which of the following processes identifies the threats that can impact the business continuity of operations?

  1. Function analysis
  2. Risk analysis
  3. Business impact analysis
  4. Requirement analysis

Answer(s): C

Explanation:

A business impact analysis (BIA) is a crisis management and business impact analysis technique that identifies those threats that can impact the business continuity of operations. Such threats can be either natural or man-made. The BIA team should have a clear understanding of the organization, key business processes, and IT resources for assessing the risks associated with continuity. In the BIA team, there should be senior management, IT personnel, and end users to identify all resources that are to be used during normal operations.
Answer option B is incorrect. Risk analysis is the science of risks and their probability and evaluation in a business or a process. It is an important factor in security enhancement and prevention in a system. Risk analysis should be performed as part of the risk management process for each project. The outcome of the risk analysis would be the creation or review of the risk register to identify and quantify risk elements to the project and their potential impact.
Answer option A is incorrect. The functional analysis process is used for converting system requirements into a comprehensive function standard. Verification is the result of the functional analysis process, in which the fundamentals of a system level functional architecture are defined adequately to allow for synthesis in the design phase. The functional analysis breaks down the higher-level functions into the lower level functions.
Answer option D is incorrect. Requirements analysis encompasses the tasks that go into determining the needs or conditions to meet for a new or altered product, taking account of the possibly conflicting requirements of the various stakeholders.



Page 28 of 61



Post your Comments and Discuss ISC2 ISSAP exam with other Community members:

Terry commented on May 24, 2023
i can practice for exam
Anonymous
upvote

Rahul Kumar commented on August 31, 2023
need certification.
CANADA
upvote

Rahul Kumar commented on August 31, 2023
need certification.
CANADA
upvote

Terry commented on May 24, 2023
I can practice for exam
Anonymous
upvote