iSACA Cybersecurity Fundamentals
Certification Exam Questions With
Correct Answers
Confidentiality - ANSWER✔✔✔-Protection from unauthorized access
| | | | |
integrity - ANSWER✔✔✔-Protection from unauthorized modification
| | | | |
Availability - ANSWER✔✔✔-protection from disruptions in access
| | | | | |
Cybersecurity - ANSWER✔✔✔-the protection of information assets
| | | | | | |
(digital assets) by addressing threats to information processed, stored,
| | | | | | | | |
and transported by internetworked information systems
| | | | |
NIST Functions to Protect Digital Assets - ANSWER✔✔✔-IPDRR
| | | | | | |
1) Identify
|
2) Protect
|
3) Detect
|
4) Respond
|
,5) Recover
|
Nonrepudiation - ANSWER✔✔✔-Def: ensuring that a message or other | | | | | | | | |
piece of information is genuine
| | | |
Examples: digital signatures and transaction logs
| | | | |
Risk - ANSWER✔✔✔-combination of the probability of an event and its
| | | | | | | | | | |
consequences, mitigated through controls | | |
Threat - ANSWER✔✔✔-Anything that is capable of acting against an
| | | | | | | | | |
asset in a harmful manner
| | | |
Asset - ANSWER✔✔✔-something of either tangible or intangible value
| | | | | | | | |
that is worth protecting
| | |
Vulnerability - ANSWER✔✔✔-A weakness in the design, | | | | | | |
implementation, operation or internal control of a process that could| | | | | | | | | |
expose the system to adverse threats from threat events
| | | | | | | |
Inherent risk - ANSWER✔✔✔-The risk level or exposure without taking
| | | | | | | | | |
into account the actions that management has taken or might take (e.g.,
| | | | | | | | | | |
|implementing controls) |
,Residual risk - ANSWER✔✔✔-the risk that remains after management
| | | | | | | | |
implements internal controls or some other response to risk
| | | | | | | |
Likelihood - ANSWER✔✔✔-A.K.A probability
| | |
measure of frequency of which an event may occur, which depends on
| | | | | | | | | | | |
the threat and vulnerability
| | |
Approaches to Cybersecurity Risk - ANSWER✔✔✔-Dependent on:
| | | | | |
1) Risk tolerance
| |
2) Size & scope of the environment
| | | | | |
3) Amount of data available
| | | |
Approaches:
1) Ad hoc
| |
2) Compliance-based
|
3) Risk-based
|
Threat Agents - ANSWER✔✔✔-The actors causing the threats that
| | | | | | | | |
might exploit a vulnerability
| | |
, Types:
1) Corporations - competitive advantage
| | | |
2) Cybercriminals - profit
| | |
3) Cyberterrorists - critical infrastructures/government
| | | |
4) Cyberwarriors - politically motivated
| | | |
5) Employees - revenge
| | | |
6) Hacktivists - politically motivated
| | | |
7) Nation states - government/private entities
| | | | |
8) Online social hackers - identity theft, profit
| | | | | | |
9) Script kiddies - learning to hack
| | | | | |
Attack vector - ANSWER✔✔✔-The path or route used to gain access to
| | | | | | | | | | | |
the target (asset)
| |
Types:
1) Ingress - intrusion
| | |
2) Egress - Data removal
| | | |
Attack Attributes - ANSWER✔✔✔-1) Attack Vector
| | | | |
2) Payload
|
3) Exploit
|
Certification Exam Questions With
Correct Answers
Confidentiality - ANSWER✔✔✔-Protection from unauthorized access
| | | | |
integrity - ANSWER✔✔✔-Protection from unauthorized modification
| | | | |
Availability - ANSWER✔✔✔-protection from disruptions in access
| | | | | |
Cybersecurity - ANSWER✔✔✔-the protection of information assets
| | | | | | |
(digital assets) by addressing threats to information processed, stored,
| | | | | | | | |
and transported by internetworked information systems
| | | | |
NIST Functions to Protect Digital Assets - ANSWER✔✔✔-IPDRR
| | | | | | |
1) Identify
|
2) Protect
|
3) Detect
|
4) Respond
|
,5) Recover
|
Nonrepudiation - ANSWER✔✔✔-Def: ensuring that a message or other | | | | | | | | |
piece of information is genuine
| | | |
Examples: digital signatures and transaction logs
| | | | |
Risk - ANSWER✔✔✔-combination of the probability of an event and its
| | | | | | | | | | |
consequences, mitigated through controls | | |
Threat - ANSWER✔✔✔-Anything that is capable of acting against an
| | | | | | | | | |
asset in a harmful manner
| | | |
Asset - ANSWER✔✔✔-something of either tangible or intangible value
| | | | | | | | |
that is worth protecting
| | |
Vulnerability - ANSWER✔✔✔-A weakness in the design, | | | | | | |
implementation, operation or internal control of a process that could| | | | | | | | | |
expose the system to adverse threats from threat events
| | | | | | | |
Inherent risk - ANSWER✔✔✔-The risk level or exposure without taking
| | | | | | | | | |
into account the actions that management has taken or might take (e.g.,
| | | | | | | | | | |
|implementing controls) |
,Residual risk - ANSWER✔✔✔-the risk that remains after management
| | | | | | | | |
implements internal controls or some other response to risk
| | | | | | | |
Likelihood - ANSWER✔✔✔-A.K.A probability
| | |
measure of frequency of which an event may occur, which depends on
| | | | | | | | | | | |
the threat and vulnerability
| | |
Approaches to Cybersecurity Risk - ANSWER✔✔✔-Dependent on:
| | | | | |
1) Risk tolerance
| |
2) Size & scope of the environment
| | | | | |
3) Amount of data available
| | | |
Approaches:
1) Ad hoc
| |
2) Compliance-based
|
3) Risk-based
|
Threat Agents - ANSWER✔✔✔-The actors causing the threats that
| | | | | | | | |
might exploit a vulnerability
| | |
, Types:
1) Corporations - competitive advantage
| | | |
2) Cybercriminals - profit
| | |
3) Cyberterrorists - critical infrastructures/government
| | | |
4) Cyberwarriors - politically motivated
| | | |
5) Employees - revenge
| | | |
6) Hacktivists - politically motivated
| | | |
7) Nation states - government/private entities
| | | | |
8) Online social hackers - identity theft, profit
| | | | | | |
9) Script kiddies - learning to hack
| | | | | |
Attack vector - ANSWER✔✔✔-The path or route used to gain access to
| | | | | | | | | | | |
the target (asset)
| |
Types:
1) Ingress - intrusion
| | |
2) Egress - Data removal
| | | |
Attack Attributes - ANSWER✔✔✔-1) Attack Vector
| | | | |
2) Payload
|
3) Exploit
|