(ISC)2 Certified in Cybersecurity - Exam Prep Questions and
Answers Rated A
Document specific requirements that a customer Treatment
has about any aspect of a vendor's service
performance.
_________ changes business practices to make
A) DLR a risk irrelevant. - ANSWER -Risk
B) Contract Avoidance
C) SLR
D) NDA - ANSWER -C) SLR (Service-Level
Requirements) _________ reduces the likelihood or impact of a
risk. - ANSWER -Risk Mitigation
_________ identifies and triages risks. -
ANSWER -Risk Assessment An organization's _________ is the set of risks
that it faces. - ANSWER -Risk Profile
_________ are external forces that jeopardize
security. - ANSWER -Threats _________ Initial Risk of an organization. -
ANSWER -Inherent Risk
_________ are methods used by attackers. -
ANSWER -Threat Vectors _________ Risk that remains in an organization
after controls. - ANSWER -Residual Risk
_________ are the combination of a threat and a
vulnerability. - ANSWER -Risks _________ is the level of risk an organization is
willing to accept. - ANSWER -Risk
Tolerance
We rank risks by _________ and _________. -
ANSWER -Likelihood and impact
_________ reduce the likelihood or impact of a
risk and help identify issues. - ANSWER -
_________ use subjective ratings to evaluate Security Controls
risk likelihood and impact. - ANSWER -
Qualitative Risk Assessment
_________ stop a security issue from occurring. -
ANSWER -Preventive Control
_________ use objective numeric ratings to
evaluate risk likelihood and impact. -
ANSWER -Quantitative Risk Assessment _________ identify security issues requiring
investigation. - ANSWER -Detective Control
_________ analyzes and implements possible
responses to control risk. - ANSWER -Risk _________ remediate security issues that have
,(ISC)2 Certified in Cybersecurity - Exam Prep Questions and
Answers Rated A
occurred. - ANSWER -Recovery Control Change and Configuration Management
Hardening == Preventative - ANSWER - Purchasing an insurance policy is an example of
Virus == Detective which risk management strategy? -
ANSWER -Risk Transference
Backups == Recovery - ANSWER -For
exam (Local and Technical Controls are the What two factors are used to evaluate a risk? -
same) ANSWER -Likelihood and Impact
_________ use technology to achieve control What term best describes making a snapshot of a
objectives. - ANSWER -Technical Controls system or application at a point in time for later
comparison? - ANSWER -Baselining
_________ use processes to achieve control
objectives. - ANSWER -Administrative What type of security control is designed to stop
Controls a security issue from occurring in the first place?
- ANSWER -Preventive
_________ impact the physical world. -
ANSWER -Physical Controls What term describes risks that originate inside
the organization? - ANSWER -Internal
_________ tracks specific device settings. -
ANSWER -Configuration Management What four items belong to the security policy
framework? - ANSWER -Policies,
Standards, Guidelines, Procedures
_________ provide a configuration snapshot. -
ANSWER -Baselines (track changes)
_________ describe an organization's security
expectations. - ANSWER -Policies
_________ assigns numbers to each version. - (mandatory and approved at the highest level of
ANSWER -Versioning an organization)
_________ serve as important configuration _________ describe specific security controls
and are often derived from policies. -
artifacts. - ANSWER -Diagrams
ANSWER -Standards (mandatory)
_________ and _________ help ensure a stable
_________ describe best practices. -
operating environment. - ANSWER -
,(ISC)2 Certified in Cybersecurity - Exam Prep Questions and
Answers Rated A
ANSWER -Guidelines What law applies to the use of personal
(recommendations/advice and compliance is not information belonging to European Union
mandatory) residents? - ANSWER -GDPR
_________ step-by-step instructions. - What type of security policy normally describes
ANSWER -Procedures (not mandatory) how users may access business information with
their own devices? - ANSWER -BYOD
Policy
_________ describe authorized uses of
technology. - ANSWER -Acceptable Use
Policies (AUP) _________ the set of controls designed to keep a
business running in the face of adversity, whether
natural or man-made. - ANSWER -Business
_________ describe how to protect sensitive Continuity Planning (BCP)
information. - ANSWER -Data Handling
Policies
BCP is also known as _________. -
ANSWER -Continuity of Operations
_________ cover password security practices. - Planning (COOP)
ANSWER -Password Policies
Defining the BCP Scope: - ANSWER -What
_________ cover use of personal devices with business activities will the plan cover? What
company information. - ANSWER -Bring systems will it cover? What controls will it
Your Own Device (BYOD) Policies consider?
_________ cover the use of personally _________ identifies and prioritizes risks. -
identifiable information. - ANSWER - ANSWER -Business Impact Assessment
Privacy Policies
BCP in the cloud requires _________ between
_________ cover the documentation, approval, providers and customers. - ANSWER -
and rollback of technology changes. - Collaboration
ANSWER -Change Management Policies
_________ protects against the failure of a single
Which element of the security policy framework component. - ANSWER -Redundancy
includes suggestions that are not mandatory? -
ANSWER -Guidelines
_________ identifies and removes SPOFs. -
ANSWER -Single Point of Failure Analysis
, (ISC)2 Certified in Cybersecurity - Exam Prep Questions and
Answers Rated A
What type of control are we using if we
_________ continues until the cost of addressing supplement a single firewall with a second
risks outweighs the benefit. - ANSWER - standby firewall ready to assume responsibility if
SPOF Analysis the primary firewall fails? - ANSWER -High
Availability
_________ uses multiple systems to protect
against service failure. - ANSWER -High _________ provide structure during cybersecurity
Availability incidents. - ANSWER -Incident Response
Plan
_________ makes a single system resilient
against technical failures. - ANSWER -Fault _________ describe the policies and procedures
Tolerance governing cybersecurity incidents. -
ANSWER -Incident Response Plans
_________ spreads demand across systems. -
ANSWER -Load Balancing _________ leads to strong incident response. -
ANSWER -Prior Planning
3 Common Points of Failure in a system. -
ANSWER -Power Supply, Storage Media, Incident Response Plans should include: -
Networking ANSWER -Statement of Purpose,
Strategies and goals for incident response,
Approach to incident response, Communication
Disk Mirroring is which RAID level? - with other groups, Senior leadership approval
ANSWER -1
_________ should be consulted when developing
Disk striping with parity is which RAID level? - a plan. - ANSWER -NIST SP 800-61
ANSWER -5 (uses 3 or more disks to store
data)
Incident response teams must have personnel
available _________. - ANSWER -24/7
What goal of security is enhanced by a strong
business continuity program? - ANSWER -
Availability _________ is crucial to effective incident
identification. - ANSWER -Monitoring
What is the minimum number of disk required to
perform RAID level 5? - ANSWER -3 _________ security solution that collects
information from diverse sources, analyzes it for
signs for security incidents and retains it for later
Answers Rated A
Document specific requirements that a customer Treatment
has about any aspect of a vendor's service
performance.
_________ changes business practices to make
A) DLR a risk irrelevant. - ANSWER -Risk
B) Contract Avoidance
C) SLR
D) NDA - ANSWER -C) SLR (Service-Level
Requirements) _________ reduces the likelihood or impact of a
risk. - ANSWER -Risk Mitigation
_________ identifies and triages risks. -
ANSWER -Risk Assessment An organization's _________ is the set of risks
that it faces. - ANSWER -Risk Profile
_________ are external forces that jeopardize
security. - ANSWER -Threats _________ Initial Risk of an organization. -
ANSWER -Inherent Risk
_________ are methods used by attackers. -
ANSWER -Threat Vectors _________ Risk that remains in an organization
after controls. - ANSWER -Residual Risk
_________ are the combination of a threat and a
vulnerability. - ANSWER -Risks _________ is the level of risk an organization is
willing to accept. - ANSWER -Risk
Tolerance
We rank risks by _________ and _________. -
ANSWER -Likelihood and impact
_________ reduce the likelihood or impact of a
risk and help identify issues. - ANSWER -
_________ use subjective ratings to evaluate Security Controls
risk likelihood and impact. - ANSWER -
Qualitative Risk Assessment
_________ stop a security issue from occurring. -
ANSWER -Preventive Control
_________ use objective numeric ratings to
evaluate risk likelihood and impact. -
ANSWER -Quantitative Risk Assessment _________ identify security issues requiring
investigation. - ANSWER -Detective Control
_________ analyzes and implements possible
responses to control risk. - ANSWER -Risk _________ remediate security issues that have
,(ISC)2 Certified in Cybersecurity - Exam Prep Questions and
Answers Rated A
occurred. - ANSWER -Recovery Control Change and Configuration Management
Hardening == Preventative - ANSWER - Purchasing an insurance policy is an example of
Virus == Detective which risk management strategy? -
ANSWER -Risk Transference
Backups == Recovery - ANSWER -For
exam (Local and Technical Controls are the What two factors are used to evaluate a risk? -
same) ANSWER -Likelihood and Impact
_________ use technology to achieve control What term best describes making a snapshot of a
objectives. - ANSWER -Technical Controls system or application at a point in time for later
comparison? - ANSWER -Baselining
_________ use processes to achieve control
objectives. - ANSWER -Administrative What type of security control is designed to stop
Controls a security issue from occurring in the first place?
- ANSWER -Preventive
_________ impact the physical world. -
ANSWER -Physical Controls What term describes risks that originate inside
the organization? - ANSWER -Internal
_________ tracks specific device settings. -
ANSWER -Configuration Management What four items belong to the security policy
framework? - ANSWER -Policies,
Standards, Guidelines, Procedures
_________ provide a configuration snapshot. -
ANSWER -Baselines (track changes)
_________ describe an organization's security
expectations. - ANSWER -Policies
_________ assigns numbers to each version. - (mandatory and approved at the highest level of
ANSWER -Versioning an organization)
_________ serve as important configuration _________ describe specific security controls
and are often derived from policies. -
artifacts. - ANSWER -Diagrams
ANSWER -Standards (mandatory)
_________ and _________ help ensure a stable
_________ describe best practices. -
operating environment. - ANSWER -
,(ISC)2 Certified in Cybersecurity - Exam Prep Questions and
Answers Rated A
ANSWER -Guidelines What law applies to the use of personal
(recommendations/advice and compliance is not information belonging to European Union
mandatory) residents? - ANSWER -GDPR
_________ step-by-step instructions. - What type of security policy normally describes
ANSWER -Procedures (not mandatory) how users may access business information with
their own devices? - ANSWER -BYOD
Policy
_________ describe authorized uses of
technology. - ANSWER -Acceptable Use
Policies (AUP) _________ the set of controls designed to keep a
business running in the face of adversity, whether
natural or man-made. - ANSWER -Business
_________ describe how to protect sensitive Continuity Planning (BCP)
information. - ANSWER -Data Handling
Policies
BCP is also known as _________. -
ANSWER -Continuity of Operations
_________ cover password security practices. - Planning (COOP)
ANSWER -Password Policies
Defining the BCP Scope: - ANSWER -What
_________ cover use of personal devices with business activities will the plan cover? What
company information. - ANSWER -Bring systems will it cover? What controls will it
Your Own Device (BYOD) Policies consider?
_________ cover the use of personally _________ identifies and prioritizes risks. -
identifiable information. - ANSWER - ANSWER -Business Impact Assessment
Privacy Policies
BCP in the cloud requires _________ between
_________ cover the documentation, approval, providers and customers. - ANSWER -
and rollback of technology changes. - Collaboration
ANSWER -Change Management Policies
_________ protects against the failure of a single
Which element of the security policy framework component. - ANSWER -Redundancy
includes suggestions that are not mandatory? -
ANSWER -Guidelines
_________ identifies and removes SPOFs. -
ANSWER -Single Point of Failure Analysis
, (ISC)2 Certified in Cybersecurity - Exam Prep Questions and
Answers Rated A
What type of control are we using if we
_________ continues until the cost of addressing supplement a single firewall with a second
risks outweighs the benefit. - ANSWER - standby firewall ready to assume responsibility if
SPOF Analysis the primary firewall fails? - ANSWER -High
Availability
_________ uses multiple systems to protect
against service failure. - ANSWER -High _________ provide structure during cybersecurity
Availability incidents. - ANSWER -Incident Response
Plan
_________ makes a single system resilient
against technical failures. - ANSWER -Fault _________ describe the policies and procedures
Tolerance governing cybersecurity incidents. -
ANSWER -Incident Response Plans
_________ spreads demand across systems. -
ANSWER -Load Balancing _________ leads to strong incident response. -
ANSWER -Prior Planning
3 Common Points of Failure in a system. -
ANSWER -Power Supply, Storage Media, Incident Response Plans should include: -
Networking ANSWER -Statement of Purpose,
Strategies and goals for incident response,
Approach to incident response, Communication
Disk Mirroring is which RAID level? - with other groups, Senior leadership approval
ANSWER -1
_________ should be consulted when developing
Disk striping with parity is which RAID level? - a plan. - ANSWER -NIST SP 800-61
ANSWER -5 (uses 3 or more disks to store
data)
Incident response teams must have personnel
available _________. - ANSWER -24/7
What goal of security is enhanced by a strong
business continuity program? - ANSWER -
Availability _________ is crucial to effective incident
identification. - ANSWER -Monitoring
What is the minimum number of disk required to
perform RAID level 5? - ANSWER -3 _________ security solution that collects
information from diverse sources, analyzes it for
signs for security incidents and retains it for later
