ISACA Studying Cyber Security
Fundamentals Questions with
Accurate Answers
____ are solutions to software programming and coding errors correct answer
Patches
_____ is a class of malware that hides the existence of other malware by
modifying the underlying operating system correct answer Rootkit
______ communicates required and prohibited activities and behaviors correct
answer Policies
______ contain step-by-step instructions to carry out procedures correct answer
Guidelines
_______ includes many components such as directory services, authentication
and authorization services, and user management capabilities such as
provisioning and deprovisioning correct answer Identity Management
_______ provides details on how to comply with policies and standards. correct
answer Procedures
________ also called malicious code, is software designed to gain access to
targeted computer systems. steal info or disrupt computer operations. correct
answer Malware
,_________ are used to interpret policies in specific situations correct answer
Standards
____________________ is defined as "a model for enabling convenient, on-
demand network access to a shared pool of configurable resources (e.g.,
networks, servers, storage, applications and services) that can be rapidly
provisioned and released with minimal management or service provider
interaction."
a. Software as a Service (SaaS)
b. Cloud computing
c. Big data
d. Platform as a Service (PaaS) correct answer B. Cloud Computing
A _______ is something of value worth protecting. correct answer Asset
A ________ is anything capable of acting against an asset in a manner that can
cause harm. correct answer Threat
A _________ is a weakness in the design, implementation, operation or internal
controls in a process that could be exploited to violate the system security correct
answer vulnerability
A router is at what layer of the OSI model correct answer Network
A security architecture which emphasizes the protection of data regardless of its
location correct answer Data Centric
, A violation or immanent threat of violation of a computer security policies or
standard security practices.
A) Threat
B) Event
C) Incident correct answer C) Incident
Access control policy correct answer provides proper access to internal and
external stakeholders to accomplish business goals. examples:
-number of access violations that exceed the amount allowed
- amount of work disruption due to insufficient access rights
- number of segregation of duties incidents or audit findings
adversarial vs non adversarial threats correct answer adversarial= human mande
threat
non adversarial = error, malfunction or mishap
Any change, error or interruption within an IT infrastructure such as a system
crash, disk error or a user forgetting their password.
A) Occurrence
B) Incident
C)Event correct answer C) Event
Approaches to cybersecurity: Ad Hoc correct answer implements security with no
particular rational or criteria
Fundamentals Questions with
Accurate Answers
____ are solutions to software programming and coding errors correct answer
Patches
_____ is a class of malware that hides the existence of other malware by
modifying the underlying operating system correct answer Rootkit
______ communicates required and prohibited activities and behaviors correct
answer Policies
______ contain step-by-step instructions to carry out procedures correct answer
Guidelines
_______ includes many components such as directory services, authentication
and authorization services, and user management capabilities such as
provisioning and deprovisioning correct answer Identity Management
_______ provides details on how to comply with policies and standards. correct
answer Procedures
________ also called malicious code, is software designed to gain access to
targeted computer systems. steal info or disrupt computer operations. correct
answer Malware
,_________ are used to interpret policies in specific situations correct answer
Standards
____________________ is defined as "a model for enabling convenient, on-
demand network access to a shared pool of configurable resources (e.g.,
networks, servers, storage, applications and services) that can be rapidly
provisioned and released with minimal management or service provider
interaction."
a. Software as a Service (SaaS)
b. Cloud computing
c. Big data
d. Platform as a Service (PaaS) correct answer B. Cloud Computing
A _______ is something of value worth protecting. correct answer Asset
A ________ is anything capable of acting against an asset in a manner that can
cause harm. correct answer Threat
A _________ is a weakness in the design, implementation, operation or internal
controls in a process that could be exploited to violate the system security correct
answer vulnerability
A router is at what layer of the OSI model correct answer Network
A security architecture which emphasizes the protection of data regardless of its
location correct answer Data Centric
, A violation or immanent threat of violation of a computer security policies or
standard security practices.
A) Threat
B) Event
C) Incident correct answer C) Incident
Access control policy correct answer provides proper access to internal and
external stakeholders to accomplish business goals. examples:
-number of access violations that exceed the amount allowed
- amount of work disruption due to insufficient access rights
- number of segregation of duties incidents or audit findings
adversarial vs non adversarial threats correct answer adversarial= human mande
threat
non adversarial = error, malfunction or mishap
Any change, error or interruption within an IT infrastructure such as a system
crash, disk error or a user forgetting their password.
A) Occurrence
B) Incident
C)Event correct answer C) Event
Approaches to cybersecurity: Ad Hoc correct answer implements security with no
particular rational or criteria
