According to NIST SP 800-30 R1, “assessing risk requires the careful analysis of threat and vulnerability information to determine the extent to which circumstances or events could adversely impact an organization and the likelihood that such circumstances or events will occur.” Which of the following should be determined first before conducting a risk assessment? (Wentz QOTD)
A. Risk assessment methodology
B. Analysis approach
C. Assessment approach
D. Analytic approach

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

You are conducting a risk assessment based on NIST SP 800-30 R1, in which adversarial threat events are expressed as tactics, techniques, and procedures (TTPs). Which of the following risk factors best describes an adversarial threat event? (Wentz QOTD)
A. Fire at the primary facility
B. Compliance with technical standards
C. Perform network sniffing of exposed networks
D. Inability to perform current missions/business functions

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

According to NIST SP 800-30 R1, risk models define the risk factors to be assessed and the relationships among those factors. Risk factors are characteristics used in risk models as inputs to determining levels of risk in risk assessments. Which risk factor is not mentioned in the NIST generic risk model? (Wentz QOTD)
A. Security posture
B. Predisposing conditions
C. Likelihood of the success of a threat event
D. Likelihood of a threat source Initiating a threat event

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

The Authorizations to Operate (ATO) for information systems is granted after controls assessment and system authorization as a formal decision for the management to accept the residual risk. To support continuous authorization, which of the following tasks should be implemented first? (Wentz QOTD)
A. Automation for enforcement of policies and controls
B. Continuous integration and delivery
C. Continuous monitoring approach for the applicable security controls
D. Automated ways of performing security assessments

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

You are developing an intelligent agent as software to identify phishing emails. To develop, select, and optimize the model, a data set containing thousands of emails, either normal or phishing, is used for training, validation, and testing. Which of the following types of learning best describes the process? (Wentz QOTD)
A. Supervised learning
B. Unsupervised learning
C. Reinforcement learning
D. Machine learning

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

You are going to apply scoping considerations and tailor security controls based on a baseline. Which of the following should be done first? (Wentz QOTD)
A. Add controls based on risk assessment
B. Determine asset value
C. Assign asset owners
D. Identify asset inventory

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Which of the following best describes the purpose of security controls in terms of ISO 31000? (Wentz QOTD)
A. To lower the likelihood or possibility of risk
B. To reduce the adverse impact of threats
C. To modify the effect of uncertainty on objectives
D. To mitigate the threats

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Key exchange is an inherent problem of symmetric ciphers. Which of the following is commonly considered the best solution in TLS nowadays? (Wentz QOTD)
A. DH
B. RSA
C. ECDH
D. ECDHE

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

In the cipher block chaining (CBC) mode of operation, the plaintext of the first block is XORed with the initialization vector (IV) and serves as the input of a block cipher. Which of the following best describes the purpose of the binary operation of plaintext and IV? (Wentz QOTD)
A. Confusion
B. Diffusion
C. Permutation
D. Substitution

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

Which of the following cryptographic algorithms is considered quantum-resistant? (Wentz QOTD)
A. RSA
B. ECC
C. AES
D. ECDH

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.