Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 122
A new malware variant is discovered hidden in pirated software that is distributed on the Internet. Executives have asked for an organizational risk assessment.
The security officer is given a list of all assets. According to NIST, which two elements are missing to calculate the risk assessment? (Choose two.)
Answer options
- A. incident response playbooks
- B. asset vulnerability assessment
- C. report of staff members with asset relations
- D. key assets and executives
- E. malware analysis report
Correct answer: B, E
Explanation
To conduct a risk assessment, it's essential to identify the vulnerabilities of the assets and understand the nature of the malware involved, which is why 'asset vulnerability assessment' and 'malware analysis report' are crucial. The other options, while relevant to security management, do not directly contribute to the risk assessment process as defined by NIST.