True or False? Recommendations are rarely included in CBAs to enable readers to draw their own conclusions.

What are critical resources?

True or False? An implicit deny policy starts by allowing all traffic through a firewall.

When performing threat assessments, it’s important to ensure you understand the system or application you are evaluating. To understand a given system or application, you need to understand all of the following, except:

True or False? The following equation is used during a cost-benefit analysis to determine projected benefits: Loss After Control – Loss Before Control

True or False? How an organization starts its risk mitigation process depends entirely on upper management preference.

True or False? If an in-place countermeasure needs to be upgraded or replaced, disable or remove the countermeasure until the new or upgraded control can be installed in order to best reduce vulnerabilities.

True or False? All in-place controls are permanent.

What are overlapping countermeasures?

True or False? In a small organization, a single person can be responsible for the planning, implementation, and execution of a business continuity plan (BCP).