ISC2 CERTIFIED CYBERSECURITY COMPREHENSIVE EXAM
QUESTIONS AND ANSWERS RATED A+
✔✔Data Integrity - ✔✔The property that data has not been altered in an unauthorized
manner. Data integrity covers data in storage, during processing and while in transit.
✔✔Encryption - ✔✔The process and act of converting the message from its plaintext to
ciphertext.
Sometimes it is also referred to as enciphering. The two terms are sometimes used
interchangeably in literature and have similar meanings.
✔✔General Data Protection Regulation - ✔✔In 2016, the European Union passed
comprehensive legislation that addresses personal privacy, deeming it an individual
human right.
✔✔Governance - ✔✔The process of how an organization is managed; usually includes
all aspects of how decisions are made for that organization, such as policies, roles, and
procedures the organization uses to make those decisions.
✔✔Health Insurance Portability and Accountability Act (HIPAA) - ✔✔This U.S federal
law is the most important healthcare information regulation in the United States. It
directs the adoption of national standards of electronic healthcare transactions while
protecting the privacy of individual's health information.
Other provisions address fraud reduction, protections for individuals with health
insurance and a wide range of other healthcare related activities. Established in 1996.
✔✔Impact - ✔✔The magnitude of harm that could be caused by a threat's exercise of a
vulnerability
✔✔Information Security Risk - ✔✔The potential adverse impacts to an organization's
operations (including its mission, functions, and image and reputation), assets,
individuals, other organizations, and even the nation, which results from the possibility
of unauthorized access, use, disclosure, disruption, modification or destruction of
information and/or information systems.
✔✔Integrity - ✔✔The property of information whereby it is recorded, used and
maintained in a way that ensures its completeness, accuracy, internal consistency and
usefulness for a stated purpose.
✔✔International Organization of Standards (ISO) - ✔✔The ISO develops voluntary
international standards in collaboration with its partners in international standardization,
the International Electrotechnical Commission (IEC) and the International
, Telecommunication Union (ITU), particularly in the field of information and
communication technologies.
✔✔Internet Engineering Task Force (IETF) - ✔✔The internet standards organization,
made up of network designers, operators, vendors and researchers, that defines
protocol standards (IP, TCP, DNS) through a process of collaboration and consensus.
✔✔Likelihood - ✔✔The probability that a potential vulnerability may be exercised within
the construct of the associated threat environment.
✔✔Likelihood of Occurence - ✔✔A weighted factor based on a subjective analysis of
the probability that a given threat is capable of exploiting a given vulnerability or set of
vulnerabilities
✔✔Multi-Factor Authentication - ✔✔Using two or more distinct instances of the three
factors of authentication (something you know, something you have, something you are)
for identity verification
✔✔National Institutes of Standards and Technology (NIST) - ✔✔The NIST is part of the
U.S. Department of Commerce and addresses the measurement infrastructure within
science and technology efforts within the U.S. federal government.
NIST sets standards in a number of areas, including information security within the
Computer Security Resource Center of the Computer Security Divisions.
✔✔Non-repudiation - ✔✔The inability to deny taking an action such as creating
information, approving information and sending or receiving a message
✔✔Personally Identifiable Information (PII) - ✔✔The National Institute of Standards and
Technology (NIST) defines Personally Identifiable Information (PII) as any data that ca
distinguish or trace an individual's identity, including common identifiers like name and
Social Security number, as well as other information linked to an individual such as
biometric records, medical, educational, financial, and employment information
✔✔Physical Controls - ✔✔Controls implemented through a tangible mechanism.
Examples, include walls, fences, guards, locks, etc. In modern organizations, many
physical control systems are linked to technical/logical systems, such as badge readers
connected to door locks.
✔✔Privacy - ✔✔The right of an individual to control the distribution of information about
themselves
✔✔Probability - ✔✔The chances, or likelihood, that a given threat is capable of
exploiting a given vulnerability or a set of vulnerabilities.
QUESTIONS AND ANSWERS RATED A+
✔✔Data Integrity - ✔✔The property that data has not been altered in an unauthorized
manner. Data integrity covers data in storage, during processing and while in transit.
✔✔Encryption - ✔✔The process and act of converting the message from its plaintext to
ciphertext.
Sometimes it is also referred to as enciphering. The two terms are sometimes used
interchangeably in literature and have similar meanings.
✔✔General Data Protection Regulation - ✔✔In 2016, the European Union passed
comprehensive legislation that addresses personal privacy, deeming it an individual
human right.
✔✔Governance - ✔✔The process of how an organization is managed; usually includes
all aspects of how decisions are made for that organization, such as policies, roles, and
procedures the organization uses to make those decisions.
✔✔Health Insurance Portability and Accountability Act (HIPAA) - ✔✔This U.S federal
law is the most important healthcare information regulation in the United States. It
directs the adoption of national standards of electronic healthcare transactions while
protecting the privacy of individual's health information.
Other provisions address fraud reduction, protections for individuals with health
insurance and a wide range of other healthcare related activities. Established in 1996.
✔✔Impact - ✔✔The magnitude of harm that could be caused by a threat's exercise of a
vulnerability
✔✔Information Security Risk - ✔✔The potential adverse impacts to an organization's
operations (including its mission, functions, and image and reputation), assets,
individuals, other organizations, and even the nation, which results from the possibility
of unauthorized access, use, disclosure, disruption, modification or destruction of
information and/or information systems.
✔✔Integrity - ✔✔The property of information whereby it is recorded, used and
maintained in a way that ensures its completeness, accuracy, internal consistency and
usefulness for a stated purpose.
✔✔International Organization of Standards (ISO) - ✔✔The ISO develops voluntary
international standards in collaboration with its partners in international standardization,
the International Electrotechnical Commission (IEC) and the International
, Telecommunication Union (ITU), particularly in the field of information and
communication technologies.
✔✔Internet Engineering Task Force (IETF) - ✔✔The internet standards organization,
made up of network designers, operators, vendors and researchers, that defines
protocol standards (IP, TCP, DNS) through a process of collaboration and consensus.
✔✔Likelihood - ✔✔The probability that a potential vulnerability may be exercised within
the construct of the associated threat environment.
✔✔Likelihood of Occurence - ✔✔A weighted factor based on a subjective analysis of
the probability that a given threat is capable of exploiting a given vulnerability or set of
vulnerabilities
✔✔Multi-Factor Authentication - ✔✔Using two or more distinct instances of the three
factors of authentication (something you know, something you have, something you are)
for identity verification
✔✔National Institutes of Standards and Technology (NIST) - ✔✔The NIST is part of the
U.S. Department of Commerce and addresses the measurement infrastructure within
science and technology efforts within the U.S. federal government.
NIST sets standards in a number of areas, including information security within the
Computer Security Resource Center of the Computer Security Divisions.
✔✔Non-repudiation - ✔✔The inability to deny taking an action such as creating
information, approving information and sending or receiving a message
✔✔Personally Identifiable Information (PII) - ✔✔The National Institute of Standards and
Technology (NIST) defines Personally Identifiable Information (PII) as any data that ca
distinguish or trace an individual's identity, including common identifiers like name and
Social Security number, as well as other information linked to an individual such as
biometric records, medical, educational, financial, and employment information
✔✔Physical Controls - ✔✔Controls implemented through a tangible mechanism.
Examples, include walls, fences, guards, locks, etc. In modern organizations, many
physical control systems are linked to technical/logical systems, such as badge readers
connected to door locks.
✔✔Privacy - ✔✔The right of an individual to control the distribution of information about
themselves
✔✔Probability - ✔✔The chances, or likelihood, that a given threat is capable of
exploiting a given vulnerability or a set of vulnerabilities.
