(ISC)2 Certified in Cybersecurity - Exam Prep / Newest Actual Exam Review Questions and Correct Answers (Verified Answers) A Grade

(ISC)2 Certified in Cybersecurity - Exam Prep /
Newest Actual Exam Review Questions and
Correct Answers (Verified Answers) A Grade

Terms in this set (598)

Document specific C) SLR (Service-Level Requirements)
requirements that a
customer has about any
aspect of a vendor's
service performance.


A) DLR
B) Contract
C) SLR
D) NDA

_________ identifies and Risk Assessment
triages risks.

_________ are external Threats
forces that jeopardize
security.
_________ are methods Threat Vectors
used by attackers.

_________ are the Risks
combination of a threat
and a vulnerability.

We rank risks by _________ Likelihood and impact
and _________.

, Qualitative Risk Assessment
_________ use subjective
ratings to evaluate risk
likelihood and impact.


_________ use objective Quantitative Risk Assessment
numeric ratings to evaluate
risk likelihood and impact.



_________ analyzes and Risk Treatment
implements possible
responses to control risk.

_________ changes business Risk Avoidance
practices to make a risk
irrelevant.

_________ reduces the Risk Mitigation
likelihood or impact of a
risk.

An organization's _________ Risk Profile
is the set of risks that it
faces.

_________ Initial Risk of an Inherent Risk
organization.

_________ Risk that remains Residual Risk
in an organization after
controls.

_________ is the level of Risk Tolerance
risk an organization is
willing to accept.

_________ reduce the Security Controls
likelihood or impact of a
risk and help identify
issues.

,_________ stop a security Preventive Control
issue from occurring.


_________ identify security Detective Control
issues requiring
investigation.


_________ remediate Recovery Control
security issues that have
occurred.
Hardening == Preventative Virus == Detective

Backups == Recovery For exam (Local and Technical Controls are the same)

_________ use technology Technical Controls
to achieve control objectives.



_________ use processes to Administrative Controls
achieve control objectives.



_________ impact the Physical Controls
physical world.

_________ tracks specific Configuration Management
device settings.

_________ provide a Baselines (track changes)
configuration snapshot.

_________ assigns numbers Versioning
to each version.

_________ serve as Diagrams
important configuration
artifacts.
_________ and _________ Change and Configuration Management
help ensure a stable
operating environment.

, Risk Transference
Purchasing an insurance
policy is an example of which
risk management strategy?



What two factors are used to Likelihood and Impact
evaluate a risk?

What term best describes Baselining
making a snapshot of a
system or application at a
point in time for later
comparison?


What type of security control Preventive
is designed to stop a security
issue from occurring in the
first place?



What term describes risks Internal
that originate inside the
organization?

What four items belong to Policies, Standards, Guidelines, Procedures
the security policy
framework?

_________ describe an Policies (mandatory and approved at the highest level of an
organization's security organization)
expectations.

_________ describe Standards (mandatory)
specific security controls
and are often derived from
policies.


_________ describe best Guidelines (recommendations/advice and compliance is not
practices. mandatory)