(ISC)2 CERTIFIED IN CYBERSECURITY –
EXAM 2024/2025 WITH 100% ACCURATE
SOLUTIONS
Document specific requirements that a customer has about any aspect of
a vendor's service performance.
A) DLR
B) Contract
C) SLR
D) NDA - Precise Answer ✔✔C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - Precise Answer ✔✔Risk
Assessment
_________ are external forces that jeopardize security. - Precise Answer
✔✔Threats
_________ are methods used by attackers. - Precise Answer ✔✔Threat
Vectors
_________ are the combination of a threat and a vulnerability. - Precise
Answer ✔✔Risks
,We rank risks by _________ and _________. - Precise Answer
✔✔Likelihood and impact
_________ use subjective ratings to evaluate risk likelihood and impact.
- Precise Answer ✔✔Qualitative Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood and
impact. - Precise Answer ✔✔Quantitative Risk Assessment
_________ analyzes and implements possible responses to control risk. -
Precise Answer ✔✔Risk Treatment
_________ changes business practices to make a risk irrelevant. -
Precise Answer ✔✔Risk Avoidance
_________ reduces the likelihood or impact of a risk. - Precise Answer
✔✔Risk Mitigation
An organization's _________ is the set of risks that it faces. - Precise
Answer ✔✔Risk Profile
_________ Initial Risk of an organization. - Precise Answer
✔✔Inherent Risk
_________ Risk that remains in an organization after controls. - Precise
Answer ✔✔Residual Risk
,_________ is the level of risk an organization is willing to accept. -
Precise Answer ✔✔Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify
issues. - Precise Answer ✔✔Security Controls
_________ stop a security issue from occurring. - Precise Answer
✔✔Preventive Control
_________ identify security issues requiring investigation. - Precise
Answer ✔✔Detective Control
_________ remediate security issues that have occurred. - Precise
Answer ✔✔Recovery Control
Hardening == Preventative - Precise Answer ✔✔Virus == Detective
Backups == Recovery - Precise Answer ✔✔For exam (Local and
Technical Controls are the same)
_________ use technology to achieve control objectives. - Precise
Answer ✔✔Technical Controls
, _________ use processes to achieve control objectives. - Precise Answer
✔✔Administrative Controls
_________ impact the physical world. - Precise Answer ✔✔Physical
Controls
_________ tracks specific device settings. - Precise Answer
✔✔Configuration Management
_________ provide a configuration snapshot. - Precise Answer
✔✔Baselines (track changes)
_________ assigns numbers to each version. - Precise Answer
✔✔Versioning
_________ serve as important configuration artifacts. - Precise Answer
✔✔Diagrams
_________ and _________ help ensure a stable operating environment. -
Precise Answer ✔✔Change and Configuration Management
Purchasing an insurance policy is an example of which risk management
strategy? - Precise Answer ✔✔Risk Transference
What two factors are used to evaluate a risk? - Precise Answer
✔✔Likelihood and Impact
EXAM 2024/2025 WITH 100% ACCURATE
SOLUTIONS
Document specific requirements that a customer has about any aspect of
a vendor's service performance.
A) DLR
B) Contract
C) SLR
D) NDA - Precise Answer ✔✔C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - Precise Answer ✔✔Risk
Assessment
_________ are external forces that jeopardize security. - Precise Answer
✔✔Threats
_________ are methods used by attackers. - Precise Answer ✔✔Threat
Vectors
_________ are the combination of a threat and a vulnerability. - Precise
Answer ✔✔Risks
,We rank risks by _________ and _________. - Precise Answer
✔✔Likelihood and impact
_________ use subjective ratings to evaluate risk likelihood and impact.
- Precise Answer ✔✔Qualitative Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood and
impact. - Precise Answer ✔✔Quantitative Risk Assessment
_________ analyzes and implements possible responses to control risk. -
Precise Answer ✔✔Risk Treatment
_________ changes business practices to make a risk irrelevant. -
Precise Answer ✔✔Risk Avoidance
_________ reduces the likelihood or impact of a risk. - Precise Answer
✔✔Risk Mitigation
An organization's _________ is the set of risks that it faces. - Precise
Answer ✔✔Risk Profile
_________ Initial Risk of an organization. - Precise Answer
✔✔Inherent Risk
_________ Risk that remains in an organization after controls. - Precise
Answer ✔✔Residual Risk
,_________ is the level of risk an organization is willing to accept. -
Precise Answer ✔✔Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify
issues. - Precise Answer ✔✔Security Controls
_________ stop a security issue from occurring. - Precise Answer
✔✔Preventive Control
_________ identify security issues requiring investigation. - Precise
Answer ✔✔Detective Control
_________ remediate security issues that have occurred. - Precise
Answer ✔✔Recovery Control
Hardening == Preventative - Precise Answer ✔✔Virus == Detective
Backups == Recovery - Precise Answer ✔✔For exam (Local and
Technical Controls are the same)
_________ use technology to achieve control objectives. - Precise
Answer ✔✔Technical Controls
, _________ use processes to achieve control objectives. - Precise Answer
✔✔Administrative Controls
_________ impact the physical world. - Precise Answer ✔✔Physical
Controls
_________ tracks specific device settings. - Precise Answer
✔✔Configuration Management
_________ provide a configuration snapshot. - Precise Answer
✔✔Baselines (track changes)
_________ assigns numbers to each version. - Precise Answer
✔✔Versioning
_________ serve as important configuration artifacts. - Precise Answer
✔✔Diagrams
_________ and _________ help ensure a stable operating environment. -
Precise Answer ✔✔Change and Configuration Management
Purchasing an insurance policy is an example of which risk management
strategy? - Precise Answer ✔✔Risk Transference
What two factors are used to evaluate a risk? - Precise Answer
✔✔Likelihood and Impact
