Effective CISSP Questions

Which of the following is not a characteristic of the adversarial threat sources mentioned in the NIST generic risk model introduced in the NIST SP 800-30 R1? (Wentz QOTD)
A. Capability
B. Intent
C. Targeting
D. Range of effects

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Range of effects.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

NIST Generic Risk Model (NIST SP 800-30 R1)
NIST Generic Risk Model (NIST SP 800-30 R1)

NIST SP 800-30 R1 introduces four types of threat sources; each type of threat source has characteristics such as capability, intent, targeting, and range of effects.

  • Adversarial threat sources: Capability, Intent, Targeting
  • Accidental threat sources: Range of effects
  • Structural threat sources: Range of effects
  • Envinronmental threat sources: Range of effects
Taxonomy of Threat Sources
Taxonomy of Threat Sources (Source: NIST SP 800-20 R1)


以下哪一項不是 NIST SP 800-30 R1 中引入的 NIST 通用風險模型中提到的對抗性威脅來源的特徵? (Wentz QOTD)
A. 能力
B. 意圖
C. 瞄準 (Targeting)
D. 影響範圍

Leave a Reply