(ISC)2 Certified in Cybersecurity - Exam Prep
|\ |\ |\ |\ |\ |\ |\
questions with answers |\ |\
Document specific requirements that a customer has about any
|\ |\ |\ |\ |\ |\ |\ |\ |\
aspect of a vendor's service performance.
|\ |\ |\ |\ |\
A) DLR
|\
B) Contract
|\
C) SLR
|\
D) NDA - CORRECT ANSWERS ✔✔C) SLR (Service-Level
|\ |\ |\ |\ |\ |\ |\ |\
Requirements)
_________ identifies and triages risks. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\
✔✔Risk Assessment
|\
_________ are external forces that jeopardize security. - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Threats |\
_________ are methods used by attackers. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Threat Vectors |\
_________ are the combination of a threat and a vulnerability. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Risks |\ |\
,We rank risks by _________ and _________. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Likelihood and impact |\ |\
_________ use subjective ratings to evaluate risk likelihood and
|\ |\ |\ |\ |\ |\ |\ |\ |\
impact. - CORRECT ANSWERS ✔✔Qualitative Risk Assessment
|\ |\ |\ |\ |\ |\
_________ use objective numeric ratings to evaluate risk likelihood
|\ |\ |\ |\ |\ |\ |\ |\
and impact. - CORRECT ANSWERS ✔✔Quantitative Risk
|\ |\ |\ |\ |\ |\ |\ |\
Assessment
_________ analyzes and implements possible responses to control
|\ |\ |\ |\ |\ |\ |\ |\
risk. - CORRECT ANSWERS ✔✔Risk Treatment
|\ |\ |\ |\ |\
_________ changes business practices to make a risk irrelevant. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Risk Avoidance |\ |\ |\
_________ reduces the likelihood or impact of a risk. - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Risk Mitigation |\ |\
An organization's _________ is the set of risks that it faces. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Risk Profile |\ |\ |\
_________ Initial Risk of an organization. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Inherent Risk |\
_________ Risk that remains in an organization after controls. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Residual Risk |\ |\ |\
,_________ is the level of risk an organization is willing to accept. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Risk Tolerance
|\ |\ |\
_________ reduce the likelihood or impact of a risk and help
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
identify issues. - CORRECT ANSWERS ✔✔Security Controls
|\ |\ |\ |\ |\ |\
_________ stop a security issue from occurring. - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Preventive Control
|\ |\
_________ identify security issues requiring investigation. -
|\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Detective Control
|\ |\ |\
_________ remediate security issues that have occurred. -
|\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Recovery Control
|\ |\ |\
Hardening == Preventative - CORRECT ANSWERS ✔✔Virus ==
|\ |\ |\ |\ |\ |\ |\ |\
Detective
Backups == Recovery - CORRECT ANSWERS ✔✔For exam (Local
|\ |\ |\ |\ |\ |\ |\ |\ |\
and Technical Controls are the same)
|\ |\ |\ |\ |\
_________ use technology to achieve control objectives. -
|\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Technical Controls
|\ |\ |\
_________ use processes to achieve control objectives. - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Administrative Controls
|\ |\
, _________ impact the physical world. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\
✔✔Physical Controls |\
_________ tracks specific device settings. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\
✔✔Configuration Management |\
_________ provide a configuration snapshot. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\
✔✔Baselines (track changes) |\ |\
_________ assigns numbers to each version. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Versioning
_________ serve as important configuration artifacts. - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Diagrams
|\
_________ and _________ help ensure a stable operating
|\ |\ |\ |\ |\ |\ |\ |\
environment. - CORRECT ANSWERS ✔✔Change and Configuration
|\ |\ |\ |\ |\ |\
Management
|\
Purchasing an insurance policy is an example of which risk
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
management strategy? - CORRECT ANSWERS ✔✔Risk
|\ |\ |\ |\ |\ |\
Transference
What two factors are used to evaluate a risk? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Likelihood and Impact
|\ |\ |\
|\ |\ |\ |\ |\ |\ |\
questions with answers |\ |\
Document specific requirements that a customer has about any
|\ |\ |\ |\ |\ |\ |\ |\ |\
aspect of a vendor's service performance.
|\ |\ |\ |\ |\
A) DLR
|\
B) Contract
|\
C) SLR
|\
D) NDA - CORRECT ANSWERS ✔✔C) SLR (Service-Level
|\ |\ |\ |\ |\ |\ |\ |\
Requirements)
_________ identifies and triages risks. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\
✔✔Risk Assessment
|\
_________ are external forces that jeopardize security. - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Threats |\
_________ are methods used by attackers. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Threat Vectors |\
_________ are the combination of a threat and a vulnerability. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Risks |\ |\
,We rank risks by _________ and _________. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Likelihood and impact |\ |\
_________ use subjective ratings to evaluate risk likelihood and
|\ |\ |\ |\ |\ |\ |\ |\ |\
impact. - CORRECT ANSWERS ✔✔Qualitative Risk Assessment
|\ |\ |\ |\ |\ |\
_________ use objective numeric ratings to evaluate risk likelihood
|\ |\ |\ |\ |\ |\ |\ |\
and impact. - CORRECT ANSWERS ✔✔Quantitative Risk
|\ |\ |\ |\ |\ |\ |\ |\
Assessment
_________ analyzes and implements possible responses to control
|\ |\ |\ |\ |\ |\ |\ |\
risk. - CORRECT ANSWERS ✔✔Risk Treatment
|\ |\ |\ |\ |\
_________ changes business practices to make a risk irrelevant. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Risk Avoidance |\ |\ |\
_________ reduces the likelihood or impact of a risk. - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Risk Mitigation |\ |\
An organization's _________ is the set of risks that it faces. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Risk Profile |\ |\ |\
_________ Initial Risk of an organization. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Inherent Risk |\
_________ Risk that remains in an organization after controls. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Residual Risk |\ |\ |\
,_________ is the level of risk an organization is willing to accept. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Risk Tolerance
|\ |\ |\
_________ reduce the likelihood or impact of a risk and help
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
identify issues. - CORRECT ANSWERS ✔✔Security Controls
|\ |\ |\ |\ |\ |\
_________ stop a security issue from occurring. - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Preventive Control
|\ |\
_________ identify security issues requiring investigation. -
|\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Detective Control
|\ |\ |\
_________ remediate security issues that have occurred. -
|\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Recovery Control
|\ |\ |\
Hardening == Preventative - CORRECT ANSWERS ✔✔Virus ==
|\ |\ |\ |\ |\ |\ |\ |\
Detective
Backups == Recovery - CORRECT ANSWERS ✔✔For exam (Local
|\ |\ |\ |\ |\ |\ |\ |\ |\
and Technical Controls are the same)
|\ |\ |\ |\ |\
_________ use technology to achieve control objectives. -
|\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Technical Controls
|\ |\ |\
_________ use processes to achieve control objectives. - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Administrative Controls
|\ |\
, _________ impact the physical world. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\
✔✔Physical Controls |\
_________ tracks specific device settings. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\
✔✔Configuration Management |\
_________ provide a configuration snapshot. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\
✔✔Baselines (track changes) |\ |\
_________ assigns numbers to each version. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Versioning
_________ serve as important configuration artifacts. - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Diagrams
|\
_________ and _________ help ensure a stable operating
|\ |\ |\ |\ |\ |\ |\ |\
environment. - CORRECT ANSWERS ✔✔Change and Configuration
|\ |\ |\ |\ |\ |\
Management
|\
Purchasing an insurance policy is an example of which risk
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
management strategy? - CORRECT ANSWERS ✔✔Risk
|\ |\ |\ |\ |\ |\
Transference
What two factors are used to evaluate a risk? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔Likelihood and Impact
|\ |\ |\
