(ISC)2 Certified in Cybersecurity - Exam Prep Questions and Answers Graded A+

(ISC)2 Certified in Cybersecurity - Exam
Prep Questions and Answers Graded A+

Document specific requirements that a customer has about any aspect of a vendor's

service performance.




A) DLR

B) Contract

C) SLR

D) NDA - Correct answer-C) SLR (Service-Level Requirements)

_________ identifies and triages risks. - Correct answer-Risk Assessment

_________ are external forces that jeopardize security. - Correct answer-Threats

_________ are methods used by attackers. - Correct answer-Threat Vectors

_________ are the combination of a threat and a vulnerability. - Correct answer-

Risks



©COPYRIGHT 2025, ALL RIGHTS RESERVED 1

,We rank risks by _________ and _________. - Correct answer-Likelihood and

impact

_________ use subjective ratings to evaluate risk likelihood and impact. - Correct

answer-Qualitative Risk Assessment

_________ use objective numeric ratings to evaluate risk likelihood and impact. -

Correct answer-Quantitative Risk Assessment

_________ analyzes and implements possible responses to control risk. - Correct

answer-Risk Treatment

_________ changes business practices to make a risk irrelevant. - Correct answer-

Risk Avoidance

_________ reduces the likelihood or impact of a risk. - Correct answer-Risk

Mitigation

An organization's _________ is the set of risks that it faces. - Correct answer-Risk

Profile

_________ Initial Risk of an organization. - Correct answer-Inherent Risk

_________ Risk that remains in an organization after controls. - Correct answer-

Residual Risk



©COPYRIGHT 2025, ALL RIGHTS RESERVED 2

,_________ is the level of risk an organization is willing to accept. - Correct

answer-Risk Tolerance

_________ reduce the likelihood or impact of a risk and help identify issues. -

Correct answer-Security Controls

_________ stop a security issue from occurring. - Correct answer-Preventive

Control

_________ identify security issues requiring investigation. - Correct answer-

Detective Control

_________ remediate security issues that have occurred. - Correct answer-

Recovery Control

Hardening == Preventative - Correct answer-Virus == Detective

Backups == Recovery - Correct answer-For exam (Local and Technical Controls

are the same)

_________ use technology to achieve control objectives. - Correct answer-

Technical Controls

_________ use processes to achieve control objectives. - Correct answer-

Administrative Controls

_________ impact the physical world. - Correct answer-Physical Controls
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3

, _________ tracks specific device settings. - Correct answer-Configuration

Management

_________ provide a configuration snapshot. - Correct answer-Baselines (track

changes)

_________ assigns numbers to each version. - Correct answer-Versioning

_________ serve as important configuration artifacts. - Correct answer-Diagrams

_________ and _________ help ensure a stable operating environment. - Correct

answer-Change and Configuration Management

Purchasing an insurance policy is an example of which risk management strategy?

- Correct answer-Risk Transference

What two factors are used to evaluate a risk? - Correct answer-Likelihood and

Impact

What term best describes making a snapshot of a system or application at a point in

time for later comparison? - Correct answer-Baselining

What type of security control is designed to stop a security issue from occurring in

the first place? - Correct answer-Preventive

What term describes risks that originate inside the organization? - Correct answer-

Internal
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4