ISC2 CERTIFIED CYBERSECURITY UPDATED TESTED
QUESTIONS AND ANSWERS RATED A+
✔✔Encryption System - ✔✔The total set of algorithms, processes, hardware, software,
and procedures that taken together provide an encryption and decryption capability.
✔✔Hardening - ✔✔A reference to the process of applying secure configurations (to
reduce the attack surface) and locking down various hardware, communications
systems, and software, including operating system, web server, application server,
application, etc. Hardening is normally performed based on industry guidelines and
benchmarks, such as those provided by the Center for Internet Security (CIS).
✔✔Hash Function - ✔✔An algorithm that computes a numerical value (called the hash
value) on a data file or electronic message that is used to represent that file or message
and depends on the entire contents of the file or message. A hash function can be
considered to be a fingerprint of the file or message. NIST SP 800-152
✔✔Hashing - ✔✔The process of using a mathematical algorithm against data to
produce a numeric value that is representative of that data. Source CNSSI 4009-2015
✔✔Information Sharing - ✔✔The requirements for information sharing by an IT system
with one or more other IT systems or applications, for information sharing to support
multiple internal or external organizations, missions, or public programs. NIST SP 800-
16
✔✔Ingress Monitoring - ✔✔Monitoring of incoming network traffic.
✔✔Message Digest - ✔✔A digital signature that uniquely identifies data and has the
property such that changing a single bit in the data will cause a completely different
message digest to be generated. NISTIR-8011 Vol.3
✔✔Operating System - ✔✔The software "master control application" that runs the
computer. It is the first program loaded when the computer is turned on, and its main
component, the kernel, resides in memory at all times. The operating system sets the
standards for all application programs (such as the Web server) that run in the
computer. The applications communicate with the operating system for most user
interface and file management operations. NIST SP 800-44 Version 2
✔✔Patch - ✔✔A software component that, when installed, directly modifies files or
device settings related to a different software component without changing the version
number or release details for the related software component. Source: ISO/IEC 19770-2
✔✔Patch Management - ✔✔The systematic notification, identification, deployment,
installation and verification of operating system and application software code revisions.
, These revisions are known as patches, hot fixes, and service packs. Source: CNSSI
4009
✔✔Plaintext - ✔✔A message or data in its natural format and in readable form;
extremely vulnerable from a confidentiality perspective.
✔✔Records - ✔✔The recordings (automated and/or manual) of evidence of activities
performed or results achieved (e.g., forms, reports, test results), which serve as a basis
for verifying that the organization and the information system are performing as
intended. Also used to refer to units of related data fields (i.e., groups of data fields that
can be accessed by a program and that contain the complete set of information on
particular items). NIST SP 800-53 Rev. 4
✔✔Records Retention - ✔✔A practice based on the records life cycle, according to
which records are retained as long as necessary, and then are destroyed after the
appropriate time interval has elapsed.
✔✔Remanence - ✔✔Residual information remaining on storage media after clearing.
NIST SP 800-88 Rev. 1
✔✔Request for change (RFC) - ✔✔The first stage of change management, wherein a
change in procedure or product is sought by a stakeholder.
✔✔Security Governance - ✔✔The entirety of the policies, roles, and processes the
organization uses to make security decisions in an organization.
✔✔Social engineering - ✔✔Tactics to infiltrate systems via email, phone, text, or social
media, often impersonating a person or agency in authority or offering a gift. A low-tech
method would be simply following someone into a secure building.
✔✔Symmetric encryption - ✔✔An algorithm that uses the same key in both the
encryption and the decryption processes.
✔✔Web Server - ✔✔A computer that provides World Wide Web (WWW) services on
the Internet. It includes the hardware, operating system, Web server software, and Web
site content (Web pages). If the Web server is used internally and not by the public, it
may be known as an "intranet server." NIST SP 800-44 Version 2
✔✔Whaling Attack - ✔✔Phishing attacks that attempt to trick highly placed officials or
private individuals with sizable assets into authorizing large fund wire transfers to
previously unknown entities.
✔✔Application programming interface (API) - ✔✔A set of routines, standards, protocols,
and tools for building software applications to access a web-based software application
or web tool.
QUESTIONS AND ANSWERS RATED A+
✔✔Encryption System - ✔✔The total set of algorithms, processes, hardware, software,
and procedures that taken together provide an encryption and decryption capability.
✔✔Hardening - ✔✔A reference to the process of applying secure configurations (to
reduce the attack surface) and locking down various hardware, communications
systems, and software, including operating system, web server, application server,
application, etc. Hardening is normally performed based on industry guidelines and
benchmarks, such as those provided by the Center for Internet Security (CIS).
✔✔Hash Function - ✔✔An algorithm that computes a numerical value (called the hash
value) on a data file or electronic message that is used to represent that file or message
and depends on the entire contents of the file or message. A hash function can be
considered to be a fingerprint of the file or message. NIST SP 800-152
✔✔Hashing - ✔✔The process of using a mathematical algorithm against data to
produce a numeric value that is representative of that data. Source CNSSI 4009-2015
✔✔Information Sharing - ✔✔The requirements for information sharing by an IT system
with one or more other IT systems or applications, for information sharing to support
multiple internal or external organizations, missions, or public programs. NIST SP 800-
16
✔✔Ingress Monitoring - ✔✔Monitoring of incoming network traffic.
✔✔Message Digest - ✔✔A digital signature that uniquely identifies data and has the
property such that changing a single bit in the data will cause a completely different
message digest to be generated. NISTIR-8011 Vol.3
✔✔Operating System - ✔✔The software "master control application" that runs the
computer. It is the first program loaded when the computer is turned on, and its main
component, the kernel, resides in memory at all times. The operating system sets the
standards for all application programs (such as the Web server) that run in the
computer. The applications communicate with the operating system for most user
interface and file management operations. NIST SP 800-44 Version 2
✔✔Patch - ✔✔A software component that, when installed, directly modifies files or
device settings related to a different software component without changing the version
number or release details for the related software component. Source: ISO/IEC 19770-2
✔✔Patch Management - ✔✔The systematic notification, identification, deployment,
installation and verification of operating system and application software code revisions.
, These revisions are known as patches, hot fixes, and service packs. Source: CNSSI
4009
✔✔Plaintext - ✔✔A message or data in its natural format and in readable form;
extremely vulnerable from a confidentiality perspective.
✔✔Records - ✔✔The recordings (automated and/or manual) of evidence of activities
performed or results achieved (e.g., forms, reports, test results), which serve as a basis
for verifying that the organization and the information system are performing as
intended. Also used to refer to units of related data fields (i.e., groups of data fields that
can be accessed by a program and that contain the complete set of information on
particular items). NIST SP 800-53 Rev. 4
✔✔Records Retention - ✔✔A practice based on the records life cycle, according to
which records are retained as long as necessary, and then are destroyed after the
appropriate time interval has elapsed.
✔✔Remanence - ✔✔Residual information remaining on storage media after clearing.
NIST SP 800-88 Rev. 1
✔✔Request for change (RFC) - ✔✔The first stage of change management, wherein a
change in procedure or product is sought by a stakeholder.
✔✔Security Governance - ✔✔The entirety of the policies, roles, and processes the
organization uses to make security decisions in an organization.
✔✔Social engineering - ✔✔Tactics to infiltrate systems via email, phone, text, or social
media, often impersonating a person or agency in authority or offering a gift. A low-tech
method would be simply following someone into a secure building.
✔✔Symmetric encryption - ✔✔An algorithm that uses the same key in both the
encryption and the decryption processes.
✔✔Web Server - ✔✔A computer that provides World Wide Web (WWW) services on
the Internet. It includes the hardware, operating system, Web server software, and Web
site content (Web pages). If the Web server is used internally and not by the public, it
may be known as an "intranet server." NIST SP 800-44 Version 2
✔✔Whaling Attack - ✔✔Phishing attacks that attempt to trick highly placed officials or
private individuals with sizable assets into authorizing large fund wire transfers to
previously unknown entities.
✔✔Application programming interface (API) - ✔✔A set of routines, standards, protocols,
and tools for building software applications to access a web-based software application
or web tool.
