ISC2 CERTIFIED CYBERSECURITY FINAL EXAM ACTUAL
QUESTIONS AND ANSWERS RATED A+
✔✔_________ the set of controls designed to keep a business running in the face of
adversity, whether natural or man-made. - ✔✔Business Continuity Planning (BCP)
✔✔BCP is also known as _________. - ✔✔Continuity of Operations Planning (COOP)
✔✔Defining the BCP Scope: - ✔✔What business activities will the plan cover? What
systems will it cover? What controls will it consider?
✔✔_________ identifies and prioritizes risks. - ✔✔Business Impact Assessment
✔✔BCP in the cloud requires _________ between providers and customers. -
✔✔Collaboration
✔✔_________ protects against the failure of a single component. - ✔✔Redundancy
✔✔_________ identifies and removes SPOFs. - ✔✔Single Point of Failure Analysis
✔✔_________ continues until the cost of addressing risks outweighs the benefit. -
✔✔SPOF Analysis
✔✔_________ uses multiple systems to protect against service failure. - ✔✔High
Availability
✔✔_________ makes a single system resilient against technical failures. - ✔✔Fault
Tolerance
✔✔_________ spreads demand across systems. - ✔✔Load Balancing
✔✔3 Common Points of Failure in a system. - ✔✔Power Supply, Storage Media,
Networking
✔✔Disk Mirroring is which RAID level? - ✔✔1
✔✔Disk striping with parity is which RAID level? - ✔✔5 (uses 3 or more disks to store
data)
✔✔What goal of security is enhanced by a strong business continuity program? -
✔✔Availability
✔✔What is the minimum number of disk required to perform RAID level 5? - ✔✔3
,✔✔What type of control are we using if we supplement a single firewall with a second
standby firewall ready to assume responsibility if the primary firewall fails? - ✔✔High
Availability
✔✔_________ provide structure during cybersecurity incidents. - ✔✔Incident Response
Plan
✔✔_________ describe the policies and procedures governing cybersecurity incidents.
- ✔✔Incident Response Plans
✔✔_________ leads to strong incident response. - ✔✔Prior Planning
✔✔Incident Response Plans should include: - ✔✔Statement of Purpose, Strategies and
goals for incident response, Approach to incident response, Communication with other
groups, Senior leadership approval
✔✔_________ should be consulted when developing a plan. - ✔✔NIST SP 800-61
✔✔Incident response teams must have personnel available _________. - ✔✔24/7
✔✔_________ is crucial to effective incident identification. - ✔✔Monitoring
✔✔_________ security solution that collects information from diverse sources, analyzes
it for signs for security incidents and retains it for later use. - ✔✔Security Incident and
Event Management (SIEM)
✔✔The highest priority of a first responder must be containing damage through
_________. - ✔✔Isolation
✔✔During an incident response, what is the highest priority of first responders? -
✔✔Containing the damage
✔✔You are normally required to report security incidents to law enforcement if you
believe a law may have been violated. True or False - ✔✔False
✔✔_________ restores normal operations as quickly as possible. - ✔✔Disaster
Recovery
✔✔What are the initial response goals regarding Disaster Recovery? - ✔✔Contain the
Damage, Recover normal operations
,✔✔_________ is the amount of time to restore service. - ✔✔Recovery Time Objective
(RTO)
✔✔_________ is the amount of data to recover. - ✔✔Recovery Point Objective (RPO)
✔✔_________ is the percentage of service to restore. - ✔✔Recovery Service Level
(RSL)
✔✔_________ provide a data "safety net" - ✔✔Backups
✔✔Types of Backup Media: - ✔✔Tape backups, Disk-to-disk backups, Cloud backups
✔✔_________ include a complete copy of all data. - ✔✔Full Backups
✔✔_________ are types of full backups. - ✔✔Snapshots and Images
✔✔_________ include all data modified since the last full backup. - ✔✔Differential
Backups
✔✔_________ include all data modified since the last full or incremental backup. -
✔✔Incremental Backups
✔✔Joe performs full backups every Sunday evening and differential backups every
weekday evening. His system fails on Friday morning. What backups does he restore? -
✔✔Sunday's FULL backup (To establish a base), Thursday's differential backup (To
grab the latest data change)
✔✔Joe performs full backups every Sunday evening and incremental backups every
weekday evening. His system fails on Friday morning. What backups does he restore? -
✔✔Sunday's FULL backup (To establish a base), Monday, Tuesday, Wednesday, and
Thursday incremental backups
✔✔_________ provide alternate data processing. - ✔✔Disaster Recovery Sites
✔✔Disaster Recovery Facility Sites: - ✔✔Hot Site, Cold Site, Warm Site
✔✔_________ fully operational data centers stock with equipment an data and are
available at a moment's notice. Very expensive. - ✔✔Hot Site
✔✔_________ empty data centers stock with core equipment, network, and
environmental controls but do not have servers. Relatively Inexpensive but can take
weeks or even months to become operational. - ✔✔Colt Site
, ✔✔_________ stock with all necessary equipment and data but are not maintained in a
parallel fashion. Similar in expense to hot sites and can become operational in hours or
days. - ✔✔Warm Site
✔✔_________ these are geographically distant, offer site resiliency, require manual
transfer or site replication through SAN or VM and provide online or offline backups. -
✔✔Offsite Storage
✔✔Disaster Recovery Testing Goals: - ✔✔Validate that the plan functions correctly,
Identify necessary plan updates
✔✔Disaster Recovery Test types: - ✔✔Read-through, Walk-through, Simulation,
Parallel Test, Full interruption test
✔✔_________ ask each team member to review their role in the disaster recovery
process and provide feedback. - ✔✔Read-throughs
✔✔_________ gather the team together for a formal review of the disaster recovery
plan. - ✔✔Walk-throughs (aka Tabletop exercise)
✔✔_________ use a practice scenario to test the disaster recovery plan. -
✔✔Simulations
✔✔_________ activate the disaster recovery environment but do not switch operations
there. - ✔✔Parallel tests
✔✔_________ this switches primary operations to the alternate environment and can
be very disruptive to business. - ✔✔Full Interruption tests
✔✔Which type of backup includes only those files that have changes since the most
recent full or incremental backup? - ✔✔Incremental
✔✔(Revisit) What disaster recovery metric provides the targeted amount of time to
restore a service after a failure? - ✔✔RTO
✔✔(Revisit) Which disaster recovery tests involve the actual activation of the DR site? -
✔✔Parallel
✔✔What type of disaster recovery site is able to be activated most quickly in the event
of a disruption? - ✔✔Hot site
✔✔Within the organization, who can identify risk? (D1, L1.2.2)
QUESTIONS AND ANSWERS RATED A+
✔✔_________ the set of controls designed to keep a business running in the face of
adversity, whether natural or man-made. - ✔✔Business Continuity Planning (BCP)
✔✔BCP is also known as _________. - ✔✔Continuity of Operations Planning (COOP)
✔✔Defining the BCP Scope: - ✔✔What business activities will the plan cover? What
systems will it cover? What controls will it consider?
✔✔_________ identifies and prioritizes risks. - ✔✔Business Impact Assessment
✔✔BCP in the cloud requires _________ between providers and customers. -
✔✔Collaboration
✔✔_________ protects against the failure of a single component. - ✔✔Redundancy
✔✔_________ identifies and removes SPOFs. - ✔✔Single Point of Failure Analysis
✔✔_________ continues until the cost of addressing risks outweighs the benefit. -
✔✔SPOF Analysis
✔✔_________ uses multiple systems to protect against service failure. - ✔✔High
Availability
✔✔_________ makes a single system resilient against technical failures. - ✔✔Fault
Tolerance
✔✔_________ spreads demand across systems. - ✔✔Load Balancing
✔✔3 Common Points of Failure in a system. - ✔✔Power Supply, Storage Media,
Networking
✔✔Disk Mirroring is which RAID level? - ✔✔1
✔✔Disk striping with parity is which RAID level? - ✔✔5 (uses 3 or more disks to store
data)
✔✔What goal of security is enhanced by a strong business continuity program? -
✔✔Availability
✔✔What is the minimum number of disk required to perform RAID level 5? - ✔✔3
,✔✔What type of control are we using if we supplement a single firewall with a second
standby firewall ready to assume responsibility if the primary firewall fails? - ✔✔High
Availability
✔✔_________ provide structure during cybersecurity incidents. - ✔✔Incident Response
Plan
✔✔_________ describe the policies and procedures governing cybersecurity incidents.
- ✔✔Incident Response Plans
✔✔_________ leads to strong incident response. - ✔✔Prior Planning
✔✔Incident Response Plans should include: - ✔✔Statement of Purpose, Strategies and
goals for incident response, Approach to incident response, Communication with other
groups, Senior leadership approval
✔✔_________ should be consulted when developing a plan. - ✔✔NIST SP 800-61
✔✔Incident response teams must have personnel available _________. - ✔✔24/7
✔✔_________ is crucial to effective incident identification. - ✔✔Monitoring
✔✔_________ security solution that collects information from diverse sources, analyzes
it for signs for security incidents and retains it for later use. - ✔✔Security Incident and
Event Management (SIEM)
✔✔The highest priority of a first responder must be containing damage through
_________. - ✔✔Isolation
✔✔During an incident response, what is the highest priority of first responders? -
✔✔Containing the damage
✔✔You are normally required to report security incidents to law enforcement if you
believe a law may have been violated. True or False - ✔✔False
✔✔_________ restores normal operations as quickly as possible. - ✔✔Disaster
Recovery
✔✔What are the initial response goals regarding Disaster Recovery? - ✔✔Contain the
Damage, Recover normal operations
,✔✔_________ is the amount of time to restore service. - ✔✔Recovery Time Objective
(RTO)
✔✔_________ is the amount of data to recover. - ✔✔Recovery Point Objective (RPO)
✔✔_________ is the percentage of service to restore. - ✔✔Recovery Service Level
(RSL)
✔✔_________ provide a data "safety net" - ✔✔Backups
✔✔Types of Backup Media: - ✔✔Tape backups, Disk-to-disk backups, Cloud backups
✔✔_________ include a complete copy of all data. - ✔✔Full Backups
✔✔_________ are types of full backups. - ✔✔Snapshots and Images
✔✔_________ include all data modified since the last full backup. - ✔✔Differential
Backups
✔✔_________ include all data modified since the last full or incremental backup. -
✔✔Incremental Backups
✔✔Joe performs full backups every Sunday evening and differential backups every
weekday evening. His system fails on Friday morning. What backups does he restore? -
✔✔Sunday's FULL backup (To establish a base), Thursday's differential backup (To
grab the latest data change)
✔✔Joe performs full backups every Sunday evening and incremental backups every
weekday evening. His system fails on Friday morning. What backups does he restore? -
✔✔Sunday's FULL backup (To establish a base), Monday, Tuesday, Wednesday, and
Thursday incremental backups
✔✔_________ provide alternate data processing. - ✔✔Disaster Recovery Sites
✔✔Disaster Recovery Facility Sites: - ✔✔Hot Site, Cold Site, Warm Site
✔✔_________ fully operational data centers stock with equipment an data and are
available at a moment's notice. Very expensive. - ✔✔Hot Site
✔✔_________ empty data centers stock with core equipment, network, and
environmental controls but do not have servers. Relatively Inexpensive but can take
weeks or even months to become operational. - ✔✔Colt Site
, ✔✔_________ stock with all necessary equipment and data but are not maintained in a
parallel fashion. Similar in expense to hot sites and can become operational in hours or
days. - ✔✔Warm Site
✔✔_________ these are geographically distant, offer site resiliency, require manual
transfer or site replication through SAN or VM and provide online or offline backups. -
✔✔Offsite Storage
✔✔Disaster Recovery Testing Goals: - ✔✔Validate that the plan functions correctly,
Identify necessary plan updates
✔✔Disaster Recovery Test types: - ✔✔Read-through, Walk-through, Simulation,
Parallel Test, Full interruption test
✔✔_________ ask each team member to review their role in the disaster recovery
process and provide feedback. - ✔✔Read-throughs
✔✔_________ gather the team together for a formal review of the disaster recovery
plan. - ✔✔Walk-throughs (aka Tabletop exercise)
✔✔_________ use a practice scenario to test the disaster recovery plan. -
✔✔Simulations
✔✔_________ activate the disaster recovery environment but do not switch operations
there. - ✔✔Parallel tests
✔✔_________ this switches primary operations to the alternate environment and can
be very disruptive to business. - ✔✔Full Interruption tests
✔✔Which type of backup includes only those files that have changes since the most
recent full or incremental backup? - ✔✔Incremental
✔✔(Revisit) What disaster recovery metric provides the targeted amount of time to
restore a service after a failure? - ✔✔RTO
✔✔(Revisit) Which disaster recovery tests involve the actual activation of the DR site? -
✔✔Parallel
✔✔What type of disaster recovery site is able to be activated most quickly in the event
of a disruption? - ✔✔Hot site
✔✔Within the organization, who can identify risk? (D1, L1.2.2)
