(ISC)2 CERTIFIED IN
CYBERSECURITY- EXAM PREP 600
CYBERSECURITY EXAM QUESTIONS
WITH VERIFIED ANSWERS GRADED
A+
Document specific requirements that a customer has about any aspect of
a vendor's service performance.
A) DLR
B) Contract
C) SLR
D) NDA - ANSWER- C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - ANSWER- Risk Assessment
_________ are external forces that jeopardize security. - ANSWER-
Threats
,_________ are methods used by attackers. - ANSWER- Threat
Vectors
_________ are the combination of a threat and a vulnerability. -
ANSWER- Risks
We rank risks by _________ and _________. - ANSWER- Likelihood
and impact
_________ use subjective ratings to evaluate risk likelihood and impact.
- ANSWER- Qualitative Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood and
impact. - ANSWER- Quantitative Risk Assessment
_________ analyzes and implements possible responses to control risk. -
ANSWER- Risk Treatment
_________ changes business practices to make a risk irrelevant. -
ANSWER- Risk Avoidance
_________ reduces the likelihood or impact of a risk. - ANSWER- Risk
Mitigation
An organization's _________ is the set of risks that it faces. -
ANSWER- Risk Profile
,_________ Initial Risk of an organization. - ANSWER- Inherent Risk
_________ Risk that remains in an organization after controls. -
ANSWER- Residual Risk
_________ is the level of risk an organization is willing to accept. -
ANSWER- Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify
issues. - ANSWER- Security Controls
_________ stop a security issue from occurring. - ANSWER-
Preventive Control
_________ identify security issues requiring investigation. - ANSWER-
Detective Control
_________ remediate security issues that have occurred. - ANSWER-
Recovery Control
Hardening == Preventative - ANSWER- Virus == Detective
Backups == Recovery - ANSWER- For exam (Local and Technical
Controls are the same)
, _________ use technology to achieve control objectives. - ANSWER-
Technical Controls
_________ use processes to achieve control objectives. - ANSWER-
Administrative Controls
_________ impact the physical world. - ANSWER- Physical Controls
_________ tracks specific device settings. - ANSWER- Configuration
Management
_________ provide a configuration snapshot. - ANSWER- Baselines
(track changes)
_________ assigns numbers to each version. - ANSWER- Versioning
_________ serve as important configuration artifacts. - ANSWER-
Diagrams
_________ and _________ help ensure a stable operating environment. -
ANSWER- Change and Configuration Management
Purchasing an insurance policy is an example of which risk management
strategy? - ANSWER- Risk Transference
CYBERSECURITY- EXAM PREP 600
CYBERSECURITY EXAM QUESTIONS
WITH VERIFIED ANSWERS GRADED
A+
Document specific requirements that a customer has about any aspect of
a vendor's service performance.
A) DLR
B) Contract
C) SLR
D) NDA - ANSWER- C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - ANSWER- Risk Assessment
_________ are external forces that jeopardize security. - ANSWER-
Threats
,_________ are methods used by attackers. - ANSWER- Threat
Vectors
_________ are the combination of a threat and a vulnerability. -
ANSWER- Risks
We rank risks by _________ and _________. - ANSWER- Likelihood
and impact
_________ use subjective ratings to evaluate risk likelihood and impact.
- ANSWER- Qualitative Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood and
impact. - ANSWER- Quantitative Risk Assessment
_________ analyzes and implements possible responses to control risk. -
ANSWER- Risk Treatment
_________ changes business practices to make a risk irrelevant. -
ANSWER- Risk Avoidance
_________ reduces the likelihood or impact of a risk. - ANSWER- Risk
Mitigation
An organization's _________ is the set of risks that it faces. -
ANSWER- Risk Profile
,_________ Initial Risk of an organization. - ANSWER- Inherent Risk
_________ Risk that remains in an organization after controls. -
ANSWER- Residual Risk
_________ is the level of risk an organization is willing to accept. -
ANSWER- Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify
issues. - ANSWER- Security Controls
_________ stop a security issue from occurring. - ANSWER-
Preventive Control
_________ identify security issues requiring investigation. - ANSWER-
Detective Control
_________ remediate security issues that have occurred. - ANSWER-
Recovery Control
Hardening == Preventative - ANSWER- Virus == Detective
Backups == Recovery - ANSWER- For exam (Local and Technical
Controls are the same)
, _________ use technology to achieve control objectives. - ANSWER-
Technical Controls
_________ use processes to achieve control objectives. - ANSWER-
Administrative Controls
_________ impact the physical world. - ANSWER- Physical Controls
_________ tracks specific device settings. - ANSWER- Configuration
Management
_________ provide a configuration snapshot. - ANSWER- Baselines
(track changes)
_________ assigns numbers to each version. - ANSWER- Versioning
_________ serve as important configuration artifacts. - ANSWER-
Diagrams
_________ and _________ help ensure a stable operating environment. -
ANSWER- Change and Configuration Management
Purchasing an insurance policy is an example of which risk management
strategy? - ANSWER- Risk Transference
