(ISC)2 CERTIFIED IN CYBERSECURITY -
EXAM PREP (LATEST 2024/ 2025 UPDATE)
100% CORRECT QUESTIONS AND
VERIFIED ANSWERS| GRADE A
Document specific requirements that a customer has about any
aspect of a vendor's service performance.
A) DLR
B) Contract
C) SLR
D) NDA - ✔✔ANSWER✔✔-C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - ✔✔ANSWER✔✔-Risk
Assessment
,_________ are external forces that jeopardize security. -
✔✔ANSWER✔✔-Threats
_________ are methods used by attackers. - ✔✔ANSWER✔✔-Threat
Vectors
_________ are the combination of a threat and a vulnerability. -
✔✔ANSWER✔✔-Risks
We rank risks by _________ and _________. - ✔✔ANSWER✔✔-
Likelihood and impact
_________ use subjective ratings to evaluate risk likelihood and
impact. - ✔✔ANSWER✔✔-Qualitative Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood
and impact. - ✔✔ANSWER✔✔-Quantitative Risk Assessment
_________ analyzes and implements possible responses to control
risk. - ✔✔ANSWER✔✔-Risk Treatment
_________ changes business practices to make a risk irrelevant. -
✔✔ANSWER✔✔-Risk Avoidance
,_________ reduces the likelihood or impact of a risk. -
✔✔ANSWER✔✔-Risk Mitigation
An organization's _________ is the set of risks that it faces. -
✔✔ANSWER✔✔-Risk Profile
_________ Initial Risk of an organization. - ✔✔ANSWER✔✔-Inherent
Risk
_________ Risk that remains in an organization after controls. -
✔✔ANSWER✔✔-Residual Risk
_________ is the level of risk an organization is willing to accept. -
✔✔ANSWER✔✔-Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify
issues. - ✔✔ANSWER✔✔-Security Controls
_________ stop a security issue from occurring. - ✔✔ANSWER✔✔-
Preventive Control
_________ identify security issues requiring investigation. -
✔✔ANSWER✔✔-Detective Control
_________ remediate security issues that have occurred. -
✔✔ANSWER✔✔-Recovery Control
, Hardening == Preventative - ✔✔ANSWER✔✔-Virus == Detective
Backups == Recovery - ✔✔ANSWER✔✔-For exam (Local and
Technical Controls are the same)
_________ use technology to achieve control objectives. -
✔✔ANSWER✔✔-Technical Controls
_________ use processes to achieve control objectives. -
✔✔ANSWER✔✔-Administrative Controls
_________ impact the physical world. - ✔✔ANSWER✔✔-Physical
Controls
_________ tracks specific device settings. - ✔✔ANSWER✔✔-
Configuration Management
_________ provide a configuration snapshot. - ✔✔ANSWER✔✔-
Baselines (track changes)
_________ assigns numbers to each version. - ✔✔ANSWER✔✔-
Versioning
EXAM PREP (LATEST 2024/ 2025 UPDATE)
100% CORRECT QUESTIONS AND
VERIFIED ANSWERS| GRADE A
Document specific requirements that a customer has about any
aspect of a vendor's service performance.
A) DLR
B) Contract
C) SLR
D) NDA - ✔✔ANSWER✔✔-C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - ✔✔ANSWER✔✔-Risk
Assessment
,_________ are external forces that jeopardize security. -
✔✔ANSWER✔✔-Threats
_________ are methods used by attackers. - ✔✔ANSWER✔✔-Threat
Vectors
_________ are the combination of a threat and a vulnerability. -
✔✔ANSWER✔✔-Risks
We rank risks by _________ and _________. - ✔✔ANSWER✔✔-
Likelihood and impact
_________ use subjective ratings to evaluate risk likelihood and
impact. - ✔✔ANSWER✔✔-Qualitative Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood
and impact. - ✔✔ANSWER✔✔-Quantitative Risk Assessment
_________ analyzes and implements possible responses to control
risk. - ✔✔ANSWER✔✔-Risk Treatment
_________ changes business practices to make a risk irrelevant. -
✔✔ANSWER✔✔-Risk Avoidance
,_________ reduces the likelihood or impact of a risk. -
✔✔ANSWER✔✔-Risk Mitigation
An organization's _________ is the set of risks that it faces. -
✔✔ANSWER✔✔-Risk Profile
_________ Initial Risk of an organization. - ✔✔ANSWER✔✔-Inherent
Risk
_________ Risk that remains in an organization after controls. -
✔✔ANSWER✔✔-Residual Risk
_________ is the level of risk an organization is willing to accept. -
✔✔ANSWER✔✔-Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify
issues. - ✔✔ANSWER✔✔-Security Controls
_________ stop a security issue from occurring. - ✔✔ANSWER✔✔-
Preventive Control
_________ identify security issues requiring investigation. -
✔✔ANSWER✔✔-Detective Control
_________ remediate security issues that have occurred. -
✔✔ANSWER✔✔-Recovery Control
, Hardening == Preventative - ✔✔ANSWER✔✔-Virus == Detective
Backups == Recovery - ✔✔ANSWER✔✔-For exam (Local and
Technical Controls are the same)
_________ use technology to achieve control objectives. -
✔✔ANSWER✔✔-Technical Controls
_________ use processes to achieve control objectives. -
✔✔ANSWER✔✔-Administrative Controls
_________ impact the physical world. - ✔✔ANSWER✔✔-Physical
Controls
_________ tracks specific device settings. - ✔✔ANSWER✔✔-
Configuration Management
_________ provide a configuration snapshot. - ✔✔ANSWER✔✔-
Baselines (track changes)
_________ assigns numbers to each version. - ✔✔ANSWER✔✔-
Versioning
