New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSMP Exam - Topic 3 Question 35 Discussion

Actual exam question for ISC2's ISSMP exam
Question #: 35
Topic #: 3
[All ISSMP Questions]

Which of the following statements is related with the second law of OPSEC?

Show Suggested Answer Hide Answer
Suggested Answer: B

OPSEC is also known as operations security. It has three laws.

The First Law of OPSEC. If you don't know the threat, how do you know what to protect? Although specific threats may vary from site to site or program to program. Employees must be aware of the actual and postulated threats. In any given situation, there is likely to be more than one adversary, although each may be interested in different information.

The Second Law of OPSEC. If you don't know what to protect, how do you know you are protecting it? The 'what' is the critical and sensitive, or target, information that adversaries require to meet their objectives.

The Third Law of OPSEC. If you are not protecting it (the critical and sensitive information), the adversary wins! OPSEC vulnerability assessments, (referred to as 'OPSEC assessments' - OA's - or sometimes as Surveys') are conducted to determine whether or not critical information is vulnerable to exploitation. An OA is a critical analysis of 'what we do' and 'how we do it' from the perspective of

an adversary. Internal procedures and information sources are also reviewed to determine whether there is an inadvertent release of sensitive information.

Answer option D is incorrect. The statement given in the option is not a valid law of OPSEC.


by Whitley at May 08, 2022, 10:07 AM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Cordelia
4 months ago
I agree with A, protecting info is key!
upvoted 0 times
...
Dottie
4 months ago
Surprised that people overlook C, it's crucial!
upvoted 0 times
...
Glenn
4 months ago
D makes total sense, you need to know the threat!
upvoted 0 times
...
Cristy
4 months ago
I don't think B is that clear.
upvoted 0 times
...
Alona
5 months ago
Statement A is spot on!
upvoted 0 times
...
Lauran
5 months ago
I feel like option C is relevant too, but I can't recall if it directly ties to the second law. This is tricky!
upvoted 0 times
...
Corrinne
5 months ago
I remember a practice question that emphasized knowing your threats, which makes me lean towards option D. It just feels right.
upvoted 0 times
...
Julio
5 months ago
I think the second law of OPSEC is about understanding what you need to protect, so maybe it's option B? But I'm not entirely sure.
upvoted 0 times
...
Alberto
5 months ago
I’m a bit confused. I thought the second law was more about the consequences of not protecting information, which might point to option A?
upvoted 0 times
...
Glen
5 months ago
Okay, I think I've got it. The boundary of a company's property in an urban area with limited space is likely to be a fence or wall, so I'll go with either A or B.
upvoted 0 times
...
Carolynn
5 months ago
I'm a little confused by the options. Increased hop count doesn't seem like an advantage, so I'll skip that one. The other four all seem plausible, so I'll need to carefully consider which three are the most important.
upvoted 0 times
...
Leslie
5 months ago
I feel like crypto map was used in older setups, but it might not apply to what we're seeing in the exhibit.
upvoted 0 times
...
Marylou
5 months ago
Hmm, I'm a bit confused on this one. I thought the default port was fixed at 8199, but now I'm second-guessing myself. I'll have to review my notes to see if I can find the right answer.
upvoted 0 times
...

Save Cancel