Question

Which of the following represents a subcategory of the Framework Category: Information Protection Procedures?

1. Privileged User Roles

2. Maintenance and Repair

3. Removable Media

4. Continuous Improvement

Q.

Which of the following is considered a primary reason that an organization has unmanaged assets that have a high likelihood of compromise?

	1.	Threats to critical assets
	2.	Vulnerabilities that are mitigated with weak controls
	3.	Vulnerabilities that are mitigated by strong controls
	4.	High value assets

Answer 1

1. Ans 2.Maintenance and Repairs The performance of organisational assets Logged in a timely way, with Tools that are licenced and regulated. Maintanance and Repairs is a subcategory of the function Protect its id is (PR.MA) The framework category is divided into 3 parts 1.Function 2.Category and 3 is ID where protect is the function Maintainance and Repairs is the subcategory and id is(PR.MA).It is perfomed with policies and as well as procedures.

where as the other options,

Privileged User Roles given the right to implement a statement,It is a role to gain access to another statement or object.It is not a subcategory of the Framework Category.

And Removable Media is a media which stores data and information it is a drive such as cd dvd pendrive all are part of removable media.It is also not a subcategory of the Framework Category.

Continuous Improvement is an continuous betterment of an process and increase the improvement of the products for better perfomance.It is also not a subcategory of the Framework Category.

2.Ans 2. Vulnerabilities that are mitigated with weak controls

If an organisation doesn't take care and and manage its properties ,assets and data ,uses weak encryption .not thinking of taking care of its data,having weak link to data loss .An attacker can easily access data that have weak security leading to data loss or steal. Not managing of the valuable assets and lack of awareness can lead to security threat with massive loss.An asset is an very important thing for an organisation for the organisation mission.So it important that they be aware from the start with strong security managements.Some points related to Vulnerabilities that are mitigated with weak controls are -

• Unprotected communication betweeen server with weak encryption
• Absence of strong security.
• Absence of strong control.
• Weak encryption or password login credential which are default and are guessed easily.

Where as the other options ,

Threats to critical assets is an threat which happens because of data modification,losing of data or information and stopage of an ongoing project because of some reasons.

Vulnerabilities that are mitigated by strong controls means that the data is being protected using strong encryption.Strong authentication is being provided .High secuirty checking of incomming connections using softwaresthat provides strong protections.

High value assets is an asset of the organisation or a company which is very important for them for the project they are working on losing this by any means can stop the entire project and lead to serious loss to conitue the project.