PrepAway - Latest Free Exam Questions & Answers

which of the following?

Operations Security seeks to PRIMARILY protect against which of the following?

PrepAway - Latest Free Exam Questions & Answers

A.
object reuse

B.
facility disaster

C.
compromising emanations

D.
asset threats

Explanation:
Operations Security refers to the act of understanding the threats to and vulnerabilities of computer operations
in order to routinely support operational activities that enable computer systems to function correctly. It also
refers to the implementation of security controls for normal transaction processing, system administration tasks,
and critical external support operations. These controls can include resolving software or hardware problems
along with the proper maintenance of auditing and monitoring processes.
Like the other domains, the Operations Security domain is concerned with triples — threats, vulnerabilities, and
assets.
A threat in the Operations Security domain can be defined as an event that could cause harm by violating
the security. An example of an operations threat would be an operator’s abuse of privileges, thereby
violating confidentiality.
A vulnerability is defined as a weakness in a system that enables security to be violated. An example of an
operations vulnerability would be a weak implementation of the separation of duties.
An asset is considered anything that is a computing resource or ability, such as hardware, software, data,
and personnel.
Incorrect Answers:
A: Object Reuse is the concept of reusing data storage media after its initial use. Object reuse is one type of
risk. Preventing object reuse alone is not the primary purpose of Operations Security.
B: Operations Security seeks to primarily protect against all types of asset threats. It does not seek to primarily
protect against a single threat such as a facility disaster.
C: Operations Security does not seek to protect against a single threat such as compromising emanations. It
protects all assets against all threats.

Krutz, Ronald L. and Russell Dean Vines, The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams,
2nd Edition, Wiley Publishing, Indianapolis, 2004, p. 302


Leave a Reply