Effective CISSP Questions

According to the NIST generic risk model, which of the following is not a threat source? (Wentz QOTD)
A. Spammers
B. Phishing
C. Terrorists
D. Bot-Network Operators

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Phishing.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

NIST Generic Risk Model (NIST SP 800-30 R1)
NIST Generic Risk Model (NIST SP 800-30 R1)

The NIST generic risk model describes how a threat source initiates threat events (e.g., TTPs, tactics, techniques, and procedures) that exploit vulnerabilities resulting in adverse impact. Spammers, Terrorists, and Bot-Network Operators are threat sources, while Phishing is a threat event.

Risk and Threat

What is Risk?
What is Risk?


根據 NIST 通用風險模型,以下哪個不是威脅來源? (Wentz QOTD)
A. 垃圾郵件發送者
B. 網絡釣魚
C. 恐怖分子
D. 機器人網絡運營商

1 thought on “CISSP PRACTICE QUESTIONS – 20210819

Leave a Reply