CRISC – ISACA UPDATED ACTUAL Questions and CORRECT Answers
1. Acceptable inter- The maximum period of time that a system can be unavailable before compro-
ruption window mising the achievement of the organizational business objectives
2. Acceptable use A policy that establishes an agreement between users and the organization and
policy defines for all parties the ranges of use that are approved before gaining access
to a network or the Internet
3. Access controls The processes, rules and deployment mechanisms that control access to informa-
tion systems, resources and physical access to premises
4. Access path The logical route that an end user takes to access computerized information.
Typically it includes a route through the operating system, telecommunications
software, selected application software and the access control system.
5. Access rights The permission or privileges granted to users, programs or workstations to
create, change, delete or view data and files within a system, as defined by rules
established by data owners and the information security policy
6. Accountability The ability to map a given activity or event back to the responsible party
7. Address Reso- Defines the exchanges between network interfaces connected to an Ethernet
lution Protocol media segment in order to map an IP address to a link layer address on demand
(ARP)
8. Administrative The rules, procedures and practices dealing with operational effectiveness, efl-
control ciency and adherence to regulations and management policies
9. Advance encryp- The international encryption standard that replaced 3DES
tion standard
(AES)
10. Alert situation The point in an emergency procedure when the elapsed time passes a threshold
and the interruption is not resolved. The organization entering into an alert
situation initiates a series of escalation steps.
,11. Algorithm A finite set of step-by-step instructions for a problem-solving or computation
procedure, especially one that can be implemented by a computer
12. Alternate facili- Locations and infrastructures from which emergency or backup processes are
ties executed, when the main premises are unavailable or destroyed. This includes
other buildings, oflces or data processing centers.
13. Alternate Automatic or manual process designed and established to continue critical busi-
process ness processes from point-of-failure to return-to-normal
14. Annual loss ex- The total expected loss divided by the number of years in the forecast period
pectancy (ALE) yielding the average annual loss
15. Anomaly detec- Detection on the basis of whether the system activity matches that defined as
tion abnormal
16. Anonymous File A method of downloading public files using the File Transfer Protocol (FTP).
Transfer Protocol AFTP does not require users to identify themselves before accessing files from a
(AFTP) particular server.
17. Antivirus soft- An application software deployed at multiple points in an IT architecture. It is
ware designed to detect and potentially eliminate virus code before damage is done,
and repair or quarantine files that have already been infected.
18. Application con- The policies, procedures and activities designed to provide reasonable assurance
trols that objectives relevant to a given automated solution (application) are achieved
19. Application layer In the Open Systems Interconnection (OSI) communications model, the applica-
tion layer provides services for an application program to ensure that effective
communication with another application program in a network is possible. The
application layer is not the application that is doing the communication; it is a
service layer that provides these services.
,20. Application pro- A set of routines, protocols and tools referred to as "building blocks" used in
gramming inter- business application software development.
face (API)
21. Application ser- Also known as managed service provider (MSP), it deploys, hosts and manages
vice provider access to a packaged application to multiple parties from a centrally managed
(ASP) facility. The applications are delivered over networks on a subscription basis.
22. Architecture Description of the fundamental underlying design of the components of the
business system, or of one element of the business system (e.g., technology), the
relationships among them, and the manner in which they support the organiza-
tions objectives
23. Asymmetric key A cipher technique in which different cryptographic keys are used to encrypt and
decrypt a message
24. Attack signature A specific sequence of events indicative of an unauthorized access attempt. Typi-
cally a characteristic byte pattern used in malicious code or an indicator, or set of
indicators, that allows the identification of malicious network activities.
25. Audit trail A visible trail of evidence enabling one to trace information contained in state-
ments or reports back to the original input source
26. Authentication The act of verifying the identity (i.e., user, system)
27. Authorization Access privileges granted to a user, program or process, or the act of granting
those privileges
28. Availability Information that is accessible when required by the business process now and in
the future
29. Backup center An alternate facility to continue IT/IS operations when the primary data processing
(DP) center is unavailable
, 30. Baseline security The minimum security controls required for safeguarding an IT system based on
its identified needs for confidentiality, integrity and/or availability protection
31. Benchmarking A systematic approach to comparing enterprise performance against peers and
competitors in an effort to learn the best ways of conducting business.
32. Bit The smallest unit of information storage; a contraction of the term binary digit
33. Bit copy Provides an exact image of the original and is a requirement for legally justifiable
forensics
34. Bit stream image Bit-stream backups, also referred to as mirror image backups, involve the backup
of all areas of a computer hard disk drive or other type of storage media. Such
backups exactly replicate all sectors on a given storage device including all files
and ambient data storage areas.
35. Botnet A large number of compromised computers that are used to create and send
spam or viruses or flood a network with messages such as a denial-of-service
attack
36. Brute force at- Repeatedly trying all possible combinations of passwords or encryption keys until
tack the correct one is found
37. Business case Documentation of the rationale for making a business investment, used both to
support a business decision on whether to proceed with the investment and as
an operational tool to support management of the investment through its full
economic life cycle
38. Business conti- A plan used by an organization to respond to disruption of critical business
nuity plan (BCP) processes. Depends on the contingency plan for restoration of critical systems.
39. Business depen- A process of identifying resources critical to the operation of a business process
dency assess-
ment
1. Acceptable inter- The maximum period of time that a system can be unavailable before compro-
ruption window mising the achievement of the organizational business objectives
2. Acceptable use A policy that establishes an agreement between users and the organization and
policy defines for all parties the ranges of use that are approved before gaining access
to a network or the Internet
3. Access controls The processes, rules and deployment mechanisms that control access to informa-
tion systems, resources and physical access to premises
4. Access path The logical route that an end user takes to access computerized information.
Typically it includes a route through the operating system, telecommunications
software, selected application software and the access control system.
5. Access rights The permission or privileges granted to users, programs or workstations to
create, change, delete or view data and files within a system, as defined by rules
established by data owners and the information security policy
6. Accountability The ability to map a given activity or event back to the responsible party
7. Address Reso- Defines the exchanges between network interfaces connected to an Ethernet
lution Protocol media segment in order to map an IP address to a link layer address on demand
(ARP)
8. Administrative The rules, procedures and practices dealing with operational effectiveness, efl-
control ciency and adherence to regulations and management policies
9. Advance encryp- The international encryption standard that replaced 3DES
tion standard
(AES)
10. Alert situation The point in an emergency procedure when the elapsed time passes a threshold
and the interruption is not resolved. The organization entering into an alert
situation initiates a series of escalation steps.
,11. Algorithm A finite set of step-by-step instructions for a problem-solving or computation
procedure, especially one that can be implemented by a computer
12. Alternate facili- Locations and infrastructures from which emergency or backup processes are
ties executed, when the main premises are unavailable or destroyed. This includes
other buildings, oflces or data processing centers.
13. Alternate Automatic or manual process designed and established to continue critical busi-
process ness processes from point-of-failure to return-to-normal
14. Annual loss ex- The total expected loss divided by the number of years in the forecast period
pectancy (ALE) yielding the average annual loss
15. Anomaly detec- Detection on the basis of whether the system activity matches that defined as
tion abnormal
16. Anonymous File A method of downloading public files using the File Transfer Protocol (FTP).
Transfer Protocol AFTP does not require users to identify themselves before accessing files from a
(AFTP) particular server.
17. Antivirus soft- An application software deployed at multiple points in an IT architecture. It is
ware designed to detect and potentially eliminate virus code before damage is done,
and repair or quarantine files that have already been infected.
18. Application con- The policies, procedures and activities designed to provide reasonable assurance
trols that objectives relevant to a given automated solution (application) are achieved
19. Application layer In the Open Systems Interconnection (OSI) communications model, the applica-
tion layer provides services for an application program to ensure that effective
communication with another application program in a network is possible. The
application layer is not the application that is doing the communication; it is a
service layer that provides these services.
,20. Application pro- A set of routines, protocols and tools referred to as "building blocks" used in
gramming inter- business application software development.
face (API)
21. Application ser- Also known as managed service provider (MSP), it deploys, hosts and manages
vice provider access to a packaged application to multiple parties from a centrally managed
(ASP) facility. The applications are delivered over networks on a subscription basis.
22. Architecture Description of the fundamental underlying design of the components of the
business system, or of one element of the business system (e.g., technology), the
relationships among them, and the manner in which they support the organiza-
tions objectives
23. Asymmetric key A cipher technique in which different cryptographic keys are used to encrypt and
decrypt a message
24. Attack signature A specific sequence of events indicative of an unauthorized access attempt. Typi-
cally a characteristic byte pattern used in malicious code or an indicator, or set of
indicators, that allows the identification of malicious network activities.
25. Audit trail A visible trail of evidence enabling one to trace information contained in state-
ments or reports back to the original input source
26. Authentication The act of verifying the identity (i.e., user, system)
27. Authorization Access privileges granted to a user, program or process, or the act of granting
those privileges
28. Availability Information that is accessible when required by the business process now and in
the future
29. Backup center An alternate facility to continue IT/IS operations when the primary data processing
(DP) center is unavailable
, 30. Baseline security The minimum security controls required for safeguarding an IT system based on
its identified needs for confidentiality, integrity and/or availability protection
31. Benchmarking A systematic approach to comparing enterprise performance against peers and
competitors in an effort to learn the best ways of conducting business.
32. Bit The smallest unit of information storage; a contraction of the term binary digit
33. Bit copy Provides an exact image of the original and is a requirement for legally justifiable
forensics
34. Bit stream image Bit-stream backups, also referred to as mirror image backups, involve the backup
of all areas of a computer hard disk drive or other type of storage media. Such
backups exactly replicate all sectors on a given storage device including all files
and ambient data storage areas.
35. Botnet A large number of compromised computers that are used to create and send
spam or viruses or flood a network with messages such as a denial-of-service
attack
36. Brute force at- Repeatedly trying all possible combinations of passwords or encryption keys until
tack the correct one is found
37. Business case Documentation of the rationale for making a business investment, used both to
support a business decision on whether to proceed with the investment and as
an operational tool to support management of the investment through its full
economic life cycle
38. Business conti- A plan used by an organization to respond to disruption of critical business
nuity plan (BCP) processes. Depends on the contingency plan for restoration of critical systems.
39. Business depen- A process of identifying resources critical to the operation of a business process
dency assess-
ment
