CISSP Exam Free Practice Questions

A rollback plan is a vital component of change management and should adhere to best practices outlined in frameworks such as ITIL (Information Technology Infrastructure Library) and COBIT (Control Objectives for Information and Related Technologies). These frameworks emphasize the importance of having a reliable backup strategy as part of risk management. While having a list of personnel involved in the upgrade process, a timeline for the upgrade, and a communication plan are all important aspects of project management, they do not directly address the technical requirements for reverting to the previous system state. Without a proper backup, even the best communication or project management strategies will not mitigate the risk of data loss or prolonged system outages. Moreover, the backup should be tested prior to the upgrade to ensure that it can be restored effectively. This includes verifying the integrity of the backup data and ensuring that all necessary components are included. In summary, the integrity and completeness of the backup are paramount to the success of any rollback plan, making it the most critical element in this scenario.

In contrast, merely increasing the frequency of employee training sessions on security awareness does not specifically address insider threats and may not lead to behavioral changes if employees are not aware of the specific indicators of such threats. Similarly, while establishing a whistleblower policy is important, it must be coupled with strong protections for whistleblowers to ensure that employees feel safe reporting suspicious activities. Without these protections, employees may be reluctant to come forward, undermining the effectiveness of the policy. Conducting annual audits of user access rights is a good practice, but it lacks the immediacy and responsiveness required to combat insider threats effectively. Real-time monitoring is essential, as insider threats can evolve rapidly, and static audits may miss critical indicators of malicious behavior. Therefore, the integration of a UBA system not only aligns with best practices in cybersecurity but also supports compliance with regulations that mandate proactive risk management strategies, such as the GDPR and HIPAA, which emphasize the importance of safeguarding sensitive information against all potential threats, including those from within the organization.

However, to accommodate the unique needs of different departments, it is crucial to create and link additional GPOs at the OU level. This allows for flexibility in managing settings that may vary by department, such as specific software installations, desktop configurations, or unique security requirements. By linking these department-specific GPOs to their respective OUs, the IT security team can ensure that the unique configurations do not conflict with the overarching security policies established in the default domain policy. This hierarchical approach to Group Policy management not only maintains a strong security posture but also allows for necessary customization, thereby enhancing operational efficiency. It is important to note that applying all settings directly to the domain without using OUs can lead to a rigid structure that does not accommodate departmental needs, while relying solely on local group policies can create inconsistencies and management challenges. Additionally, implementing a single GPO for the entire organization would likely result in conflicts and a lack of tailored configurations, undermining the effectiveness of security measures. Therefore, the combination of a default domain policy with department-specific GPOs linked to OUs is the most balanced and effective strategy for managing security settings in a complex organizational environment.

Reverting all hardening measures (option b) is not advisable as it could lead to vulnerabilities that could be exploited by attackers, negating the purpose of the baseline configuration. While implementing a monitoring solution (option c) is beneficial for ongoing assessment, it does not directly address the immediate need to balance security and performance. Increasing hardware resources (option d) may improve performance but does not resolve the underlying issues related to security configurations. By conducting a risk assessment, the team can make informed decisions about which hardening measures can be modified or temporarily disabled while still maintaining a robust security posture. This approach aligns with best practices in risk management and security governance, ensuring that the organization can operate securely without sacrificing essential application performance.

To address this issue, the IT security team should conduct a thorough review of the RBAC configuration. This includes verifying that all user roles are correctly defined and that access permissions align with the principle of least privilege, which states that users should only have access to the information necessary for their job functions. Regular audits of user access rights should be implemented to ensure ongoing compliance with security policies and to identify any discrepancies. Additionally, while the automated logging mechanism is crucial for monitoring access, it does not directly resolve the issue of unauthorized access if the underlying RBAC configuration is flawed. Users sharing credentials is a significant security risk, but it is a separate issue that should be addressed through user education and enforcement of strong authentication practices. Lastly, while outdated security policies can contribute to compliance issues, they do not directly cause the RBAC system to fail in restricting access. Therefore, the focus should be on ensuring that the RBAC system is correctly configured and maintained to reflect the current state of the organization.

Reviewing the security group settings involves checking whether the appropriate ports (such as port 80 for HTTP and port 443 for HTTPS) are open and accessible from the internet. If these ports are closed or misconfigured, users will be unable to reach the web application, resulting in a flood of help desk requests. This step is crucial because it directly addresses the potential network barriers that could be causing the problem. On the other hand, conducting a full system reboot may temporarily resolve some issues but does not address the underlying configuration problems that could be causing the access issues. Increasing CPU and memory allocation might help if the server is under heavy load, but it does not solve the immediate problem of users being unable to access the application. Lastly, implementing a CDN could improve performance and reduce load on the server, but it is not a direct solution to the current access issues and may complicate the troubleshooting process further. Thus, prioritizing the review of cloud security group settings and firewall rules is essential for diagnosing and resolving the access issues effectively, ensuring that the web application is reachable by users.

By sending these logs to a centralized logging server, the administrator can analyze the data more efficiently, allowing for real-time monitoring and historical analysis. This approach not only adheres to best practices in security logging but also aligns with compliance requirements such as those outlined in the NIST SP 800-53 framework, which emphasizes the importance of audit logs in detecting and responding to security incidents. In contrast, the other options present significant limitations. For instance, relying solely on Windows Event Forwarding to collect error events would miss a vast amount of potentially malicious activity, as many attacks may not generate errors. Similarly, limiting logging to commands executed by administrative users ignores the fact that attackers often exploit non-privileged accounts to escalate privileges. Finally, logging only commands that return errors would provide an incomplete picture, as many malicious commands may execute successfully without raising any immediate alarms. Thus, the most effective strategy for comprehensive monitoring of PowerShell activities involves a combination of transcription and module logging, ensuring that all relevant actions are captured while maintaining a manageable performance impact on the servers.

In contrast, regularly updating the server’s operating system and applications without testing can introduce vulnerabilities rather than mitigate them. Updates should be applied in a controlled manner, ideally in a staging environment, to ensure that they do not disrupt existing functionalities or introduce new security risks. Disabling logging features is counterproductive, as logs are essential for monitoring access and detecting potential security incidents. They provide a trail of actions that can be analyzed for forensic purposes and compliance audits. Allowing anonymous access to certain directories undermines the very purpose of hardening the server. While it may seem to facilitate ease of use, it significantly increases the risk of unauthorized access to sensitive information. Therefore, prioritizing strict access controls and user permissions is essential for maintaining the integrity and confidentiality of the data stored on the file server, aligning with best practices in information security management.

Moreover, compliance with regulations such as GDPR and HIPAA mandates that organizations take appropriate measures to protect sensitive data. Regular backups not only safeguard data but also demonstrate due diligence in protecting personal information, which is a requirement under these regulations. While increasing employee training on phishing attacks (option b) is important for reducing the risk of initial infection, it does not directly address the recovery aspect of the incident response plan. Establishing a dedicated incident response team (option c) can enhance the organization’s ability to respond to incidents but does not inherently improve data recovery capabilities. Upgrading firewall and antivirus software (option d) is a preventive measure that can help reduce the likelihood of infections but does not provide a solution for data recovery after an attack has occurred. In summary, a comprehensive approach that includes regular data backups and a robust recovery plan is essential for ensuring organizational resilience against ransomware attacks while also meeting compliance requirements. This strategy not only mitigates the impact of such incidents but also aligns with best practices in information security management.

By conducting simulations, employees can practice their response to various scenarios, which helps to reinforce their knowledge and improve their confidence in handling real incidents. This proactive approach not only addresses the identified weaknesses in communication protocols but also fosters a culture of security awareness throughout the organization. On the other hand, simply increasing the budget for cybersecurity tools without addressing the underlying issues in the incident response plan does not guarantee improved effectiveness. Tools are only as effective as the processes and people using them. Limiting training to the IT department neglects the fact that incidents can arise from any part of the organization, and all employees should be equipped to recognize and report potential security issues. Lastly, developing a new incident response plan without consulting existing frameworks or guidelines can lead to inconsistencies and gaps in the response strategy, undermining the overall effectiveness of the incident management process. Therefore, comprehensive training and awareness initiatives are essential for a robust incident response capability.

Moreover, the change review board should assess how the proposed changes align with the overall security policies of the organization. For instance, adding new fields may inadvertently expose sensitive information if not handled correctly, leading to compliance issues with regulations such as GDPR or HIPAA. It is also essential to consider how these changes might affect existing data relationships and constraints, as any misalignment could result in orphaned records or broken references. While performance implications and alignment with data retention policies are important factors, they are secondary to ensuring that the application continues to function correctly and that data integrity is maintained. The estimated time for implementation, while relevant for project management, does not directly address the critical security and functionality concerns that must be prioritized in the change review process. Therefore, a comprehensive evaluation of the impact on application functionality and data integrity is paramount for the change review board to make informed decisions.

In contrast, disabling PowerShell entirely (option b) may seem like a straightforward solution, but it can hinder legitimate administrative operations that rely on PowerShell for automation and management tasks. This could lead to inefficiencies and increased operational overhead as administrators would need to find alternative methods to perform their duties. Enforcing strict password policies (option c) is essential for overall security but does not directly address the specific risks associated with PowerShell access. Even with strong passwords, if an attacker gains access to a legitimate account, they could still exploit PowerShell. Configuring Windows Firewall to block inbound connections to the PowerShell executable (option d) is also not a comprehensive solution. While it may prevent remote access, it does not mitigate risks from local attacks or misuse by authorized users. Thus, JEA stands out as the most effective measure, as it provides a balanced approach to security by allowing controlled access while significantly reducing the risk of unauthorized use of PowerShell. This aligns with best practices in security management, emphasizing the principle of least privilege and role-based access control.

By aligning security measures with business objectives, the CISO can ensure that security does not become a bottleneck for business processes. This is particularly important in a financial organization where regulatory compliance is crucial, but so is the ability to operate efficiently in a competitive market. In contrast, a compliance-only approach may lead to a false sense of security, as it does not account for the specific risks the organization faces. Increasing security measures uniformly across all departments can lead to unnecessary costs and operational disruptions, as not all areas may require the same level of security. Lastly, outsourcing all security functions could result in a lack of control and oversight, potentially exposing the organization to greater risks. Thus, the most effective strategy is to implement a risk-based security framework that not only addresses the identified threats but also supports the organization’s overall business goals and regulatory obligations. This approach fosters a culture of security that is integrated into the business processes rather than viewed as a separate, hindering factor.

$$ \text{Expected Loss} = \text{Potential Loss} \times \text{Likelihood of Occurrence} $$ In this scenario, the potential loss is $500,000, and the likelihood of occurrence is 20%, which can be expressed as a decimal (0.20). Plugging these values into the formula gives: $$ \text{Expected Loss} = 500,000 \times 0.20 = 100,000 $$ Thus, the annual expected loss for this asset is $100,000. This calculation is crucial for the CISO as it provides a quantitative basis for prioritizing risk management efforts and allocating resources effectively. By understanding the expected loss, the organization can make informed decisions about implementing controls, transferring risk through insurance, or accepting certain risks based on their potential financial impact. Moreover, this approach aligns with the principles outlined in frameworks such as NIST SP 800-30, which emphasizes the importance of risk assessment in the overall risk management process. It also highlights the need for organizations to adopt a systematic approach to identify, analyze, and respond to risks, ensuring compliance with various regulatory requirements while supporting strategic objectives. In contrast, the other options represent common misconceptions or errors in calculating expected loss. For instance, $50,000 would imply a misunderstanding of the likelihood percentage, while $200,000 and $250,000 suggest incorrect multiplications of the potential loss or likelihood. Understanding these nuances is essential for effective risk management in a complex organizational environment.

Disabling the firewall temporarily is not advisable, as it would expose the entire network to potential attacks, negating the protective benefits of the firewall. Additionally, opening more ports for other applications without proper assessment can lead to unnecessary vulnerabilities, as each open port represents a potential entry point for attackers. While documenting the change and monitoring the application for anomalies is important, it should not be the sole action taken after modifying firewall rules. Monitoring alone does not mitigate the risks associated with an open port. In summary, the best practice involves a combination of opening necessary ports while implementing strict access controls, ensuring that the firewall configuration remains secure and that only authorized traffic is allowed. This aligns with the principles of least privilege and defense in depth, which are fundamental to effective network security management.

Focusing solely on employee training, while important, does not address the technical vulnerabilities that could lead to data breaches. Training can raise awareness but should be part of a broader strategy that includes technical controls. Increasing the budget for cybersecurity tools without a clear assessment of current vulnerabilities is inefficient and may lead to overspending on unnecessary tools while neglecting critical areas that require immediate attention. Lastly, limiting security measures to only the most stringent jurisdiction is a dangerous approach, as it leaves the organization vulnerable in less stringent jurisdictions, potentially leading to compliance failures and increased risk exposure. In summary, the most effective approach for the CISO is to implement a comprehensive data encryption strategy along with regular audits, as this not only mitigates risks but also ensures compliance with multiple regulatory requirements, thereby safeguarding the organization’s data integrity and reputation.

In contrast, allowing all users full access (option b) can lead to significant security vulnerabilities, as it increases the likelihood of accidental or intentional data breaches. Similarly, using default configurations (option c) is risky because these settings are often well-known to attackers and may not be tailored to the specific security needs of the organization. Disabling security features (option d) to enhance performance is a dangerous practice that can expose the system to various threats, including malware and unauthorized access. In summary, implementing the principle of least privilege during the initial setup of a system is a proactive measure that helps to secure sensitive customer data by minimizing vulnerabilities. This practice aligns with industry standards and frameworks, such as the NIST Cybersecurity Framework and ISO/IEC 27001, which emphasize the importance of access control and risk management in safeguarding information assets.

Enabling security updates for both the operating system and applications is equally important. Software vendors regularly release patches to fix vulnerabilities that could be exploited by attackers. By ensuring that these updates are enabled and applied promptly, the administrator can significantly reduce the risk of exploitation. While changing default passwords for user accounts and services is also a critical security measure, it is typically part of the initial setup process and should be done concurrently with the installation. However, if the firewall is not configured and security updates are not enabled, the server remains exposed to threats, making these actions more urgent. Installing additional software applications that are not immediately needed can introduce unnecessary vulnerabilities and complexity to the environment, which is not advisable at this stage. Conducting a full system backup is important for disaster recovery but does not directly address the immediate security posture of the server. In summary, the priority should be to configure a firewall and enable security updates to establish a secure baseline for the server environment, thereby mitigating potential vulnerabilities effectively.

An impact assessment helps identify potential risks associated with the changes, including system downtime, data loss, or security vulnerabilities that could arise from the new hardware and software. It also allows for the identification of dependencies between systems, ensuring that all affected components are considered. This proactive approach is essential for maintaining operational continuity and compliance, as it enables the organization to implement necessary controls and mitigation strategies before the changes are made. While informing employees about the changes is important for communication and awareness, it does not address the technical and regulatory implications of the changes. Scheduling upgrades during off-peak hours can help reduce user disruption but does not mitigate the risks associated with the changes themselves. Testing in a production environment is generally discouraged as it can lead to unforeseen issues that impact live operations. Instead, testing should occur in a controlled staging environment to validate the changes without affecting production systems. Thus, the most critical step in this scenario is the comprehensive impact assessment and risk analysis, which lays the groundwork for a successful and compliant change management process.

Weak password policies, while important, generally represent a lower immediate risk compared to unpatched software, especially if the software in question is critical to the organization’s operations. Weak passwords can lead to unauthorized access, but they often require an attacker to have some level of access or knowledge about the user accounts. Network segmentation is a valuable long-term strategy that can significantly enhance security by limiting the lateral movement of attackers within a network. However, implementing segmentation can be complex and time-consuming, and it may not provide immediate protection against existing threats. Remediating all vulnerabilities simultaneously may seem comprehensive, but it can lead to resource strain and ineffective prioritization. Organizations often have limited resources, and focusing on the most critical vulnerabilities first allows for a more strategic approach to risk management. By addressing the unpatched software first, the SOC team can significantly reduce the risk of exploitation and create a more secure environment before tackling other vulnerabilities. In summary, the SOC team should prioritize remediation efforts based on the severity and exploitability of vulnerabilities, focusing first on unpatched software to mitigate the most significant risks effectively.

While increasing the web server’s security settings (option b) can provide an additional layer of protection, it does not directly address the root cause of the SQL injection vulnerability. Similarly, conducting regular security training for developers (option c) is essential for fostering a culture of security awareness, but it may not yield immediate results in terms of vulnerability mitigation. Lastly, deploying a web application firewall (WAF) (option d) can help filter out malicious requests, but it should not be relied upon as the primary defense mechanism against SQL injection. WAFs can be bypassed by sophisticated attacks and may not fully protect against all forms of SQL injection. In summary, while all options contribute to a comprehensive security strategy, the implementation of parameterized queries and prepared statements directly addresses the vulnerability at its source, making it the most effective and immediate solution for mitigating SQL injection risks. This approach aligns with best practices outlined in the OWASP Top Ten, which emphasizes the importance of secure coding techniques to prevent common vulnerabilities.

Updating software is also crucial for security, as outdated software can contain vulnerabilities that attackers may exploit. However, if user permissions are not properly managed, even updated software may not prevent unauthorized access. Implementing a firewall is an important security measure, but it does not directly address the issue of excessive permissions. Scheduling regular security audits is a proactive approach to maintaining security compliance, but it is more of a long-term strategy rather than an immediate corrective action. By prioritizing the review and adjustment of user permissions, the administrator ensures that only authorized personnel have access to sensitive data, thereby reducing the attack surface and enhancing the overall security posture of the server. This approach aligns with best practices outlined in frameworks such as NIST SP 800-53, which emphasizes the importance of access control measures in safeguarding sensitive information.

Backups should be stored offline or in a secure location that is not directly accessible from the network to prevent them from being targeted by the ransomware itself. Additionally, these backups must be tested frequently to ensure that they can be restored successfully when needed. This proactive approach minimizes downtime and data loss, which are crucial for maintaining business continuity. While increasing security personnel, developing communication plans, and conducting vulnerability assessments are all important components of a comprehensive security strategy, they do not directly address the immediate need for data recovery in the event of a ransomware attack. Increased monitoring may help in early detection of threats, but without reliable backups, the organization may still face significant challenges in recovering from an incident. Similarly, while communication plans are vital for managing stakeholder expectations during an incident, they do not contribute to the technical recovery of data. Vulnerability assessments are essential for identifying weaknesses, but they do not provide a solution for data recovery post-incident. Therefore, prioritizing the implementation of robust backup solutions is the most effective way to enhance the organization’s incident response capabilities.

When a GPO is linked to an OU, it propagates its settings to all user and computer accounts within that OU. This automatic application of settings is a core feature of Group Policy, allowing for centralized management and enforcement of security policies. The GPO can be configured to apply at startup, ensuring that the security setting is enforced every time a computer boots up. In contrast, manually configuring the security setting on each computer is inefficient and prone to human error, as it requires significant time and effort, especially in larger organizations. Using third-party software solutions may introduce additional complexity and potential compatibility issues, while setting up scheduled tasks on each computer to apply the security setting is also not ideal, as it does not guarantee immediate compliance and can lead to inconsistencies. Overall, leveraging GPOs for centralized management is the best practice in this scenario, aligning with the principles of security governance and risk management outlined in the CISSP domains. This approach not only simplifies the administration of security settings but also enhances the organization’s overall security posture by ensuring consistent application of policies across all systems.

The risk management strategy should focus on the most pressing threat, which is the data breach. Implementing advanced security measures, such as encryption, intrusion detection systems, and regular security audits, can significantly reduce the likelihood of a data breach occurring. This proactive approach not only addresses the immediate risk but also enhances the overall security posture of the organization. While developing a disaster recovery plan for natural disasters, conducting employee training to mitigate insider threats, and investing in physical security are all important components of a comprehensive risk management strategy, they do not address the most critical risk identified in the assessment. The low likelihood of natural disasters and the medium likelihood of insider threats, combined with their respective impacts, suggest that these areas should be addressed after the more significant risk of data breaches has been mitigated. Therefore, the CISO should allocate resources primarily towards implementing advanced security measures to protect sensitive customer data from the imminent threat of data breaches, ensuring that the organization is better prepared to handle this high-risk scenario effectively.

In contrast, Attribute-Based Access Control (ABAC) considers various attributes of users, resources, and the environment to make access decisions. While ABAC can provide fine-grained access control, it may introduce complexity and potential misconfigurations, making it less suitable for straightforward role assignments in a provisioning context. Mandatory Access Control (MAC) enforces strict policies that do not allow users to change their access levels, which can hinder flexibility and responsiveness in dynamic environments. Discretionary Access Control (DAC) allows users to manage their own permissions, which can lead to excessive privileges being granted inadvertently, violating the principle of least privilege. By prioritizing RBAC in the provisioning system, the organization can effectively manage user access, ensure compliance with security policies, and reduce the risk of unauthorized access. This structured approach aligns with best practices in identity and access management, making it the most appropriate choice for maintaining security and compliance in a cloud-based environment.

Understanding the root cause is crucial before taking any further actions, such as notifying users or rolling back the system. If the discrepancies are due to a legitimate error in the upgrade, notifying users prematurely could cause unnecessary panic and distrust in the system. Conversely, if the issue is a result of a security breach, immediate notification could alert the attackers and exacerbate the situation. Furthermore, implementing additional security measures without understanding the underlying problem may not address the core issue and could lead to further complications. Therefore, the initial focus should be on forensic analysis of the logs and records to ascertain the facts, which will inform subsequent decisions regarding user notifications, system rollbacks, or additional security measures. This approach aligns with best practices in incident response, emphasizing the importance of understanding the situation before taking action.

Delaying the deployment until comprehensive security testing is completed is the most prudent course of action. This approach aligns with best practices in information security, which emphasize the importance of thorough testing to identify and mitigate vulnerabilities before any system goes live. The organization must adhere to the principles outlined in frameworks such as the NIST Cybersecurity Framework and ISO/IEC 27001, which advocate for risk management and the protection of sensitive information. Proceeding with the deployment based solely on approval from the development team disregards the critical need for security validation. This could lead to severe consequences, including data breaches, regulatory penalties, and damage to the organization’s reputation. Implementing the application in a limited capacity may seem like a compromise, but it still poses risks if security flaws are present. Monitoring for security issues post-deployment is reactive rather than proactive, which is not advisable in a financial institution handling sensitive data. Conducting a risk assessment to evaluate the potential impact of the vulnerabilities is a necessary step, but it should not replace the need for security testing. Risk assessments are valuable for understanding the implications of known vulnerabilities, but they cannot substitute for the actual testing required to identify and remediate those vulnerabilities. In summary, the best course of action is to delay the deployment until comprehensive security testing is completed, ensuring that the organization maintains its commitment to protecting customer data and adhering to regulatory requirements. This decision reflects a strong understanding of the importance of security in change management processes and the need for a proactive approach to risk management.

Moreover, IAM solutions often incorporate features such as multi-factor authentication (MFA), which adds an additional layer of security by requiring users to provide multiple forms of verification before accessing sensitive data. This is crucial in preventing unauthorized access, especially in environments where data is stored in the cloud. In contrast, increasing the storage capacity of the cloud service (option b) does not address the security vulnerabilities that led to the incident. Conducting a one-time security audit (option c) may identify some vulnerabilities, but without ongoing monitoring and a proactive approach to security, new vulnerabilities can emerge over time. Finally, shifting all sensitive data to an on-premises solution (option d) may seem like a straightforward fix, but it does not guarantee security and can introduce new challenges, such as increased costs and resource requirements for maintaining on-premises infrastructure. Therefore, a robust IAM solution is essential for establishing a secure cloud environment, ensuring that access is appropriately managed and monitored, and ultimately protecting sensitive customer data from future breaches.

\[ \text{Expected Loss} = \text{Potential Loss} \times \text{Probability of Attack} \] Assuming the probability of the attack occurring without any controls is 100% (or 1), the expected loss is $200,000. If the control is implemented, it is expected to reduce the likelihood of the attack by 80%, meaning the new probability of the attack occurring would be 20% (or 0.2). The expected loss after implementing the control can be calculated as: \[ \text{New Expected Loss} = \text{Potential Loss} \times \text{New Probability of Attack} = 200,000 \times 0.2 = 40,000 \] Now, the CISO must consider the cost of the control, which is $50,000. The net benefit of implementing the control can be determined by comparing the cost of the control to the reduction in expected loss: \[ \text{Reduction in Expected Loss} = \text{Original Expected Loss} – \text{New Expected Loss} = 200,000 – 40,000 = 160,000 \] Since the cost of the control ($50,000) is significantly less than the reduction in expected loss ($160,000), the control is deemed cost-effective. This analysis aligns with risk management principles outlined in both ISO/IEC 27001 and NIST SP 800-53, which emphasize the importance of implementing controls that provide a favorable return on investment in terms of risk mitigation. Therefore, the CISO should conclude that the control is indeed cost-effective as it significantly reduces the expected loss while remaining within a reasonable budget.