ISC2 Certified in Cybersecurity: Chapter 1 Exam Questions with 100% Correct Answers 2024

ISC2 Certified in Cybersecurity: Chapter 1 Exam Questions with 100% Correct Answers 2024 The National Institute of Standards and Technology defines _____ as the characteristic of data or information when it is not made available or disclosed to unauthorized persons or processes. NIST SP 800-66 Confidentiality A term pertaining to any data about an individual that could be used to identify them. Personally Identifiable Information (PII) A term referring to information regarding one's health status. Protected Health Information (PHI) What measures the degree to which something is whole and complete, internally consistent and correct? Integrity _____ _____ is the assurance that data has not been altered in an unauthorized manner. Data Integrity _____ _____ refers to the maintenance of a known good configuration and expected operational function as the system processes the information. System Integrity The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental. NIST SP 800-27 Rev. A System Integrity The property that data has not been altered in an unauthorized manner. This covers data in storage, during processing and while in transit. NIST SP 800-27 Rev. A Data Integrity The condition an entity is at a point in time. State A documented, lowest level of security configuration allowed by a standard or organization. Baseline Integrity of data or system can always be ascertained by comparing the _____ with the current _____. Baseline and State If the two match, then the integrity of the data or the system is intact; if they two do not match, then the integrity of hte data or the system has been compromised. What is a measure of the importance assigned to information by its owner, or the purpose of denoting its need for protection? NIST SP 800-60 Vol 1 Rev 1 Sensitivity _____ information is information that if improperly disclosed (confidentiality) or modified (integrity) would harm an organization or individual. Sensitive What can be defined as timely and reliable access to information and the ability to use it by authorized users? Availability A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function. NIST SP 800-60 Vol 1 Rev 1 Criticality To define security, it has become common to use the CIA Triad. Define the CIA Triad. Confidentiality Integrity Availability Access control process validating that the identity being claimed by a user or entity is known to the system by comparing one or more factors of identification. Authentication When users have stated their identity, it is necessary to validate that they are the rightful owners of that identity. This process of verifying or proving the user's identification is known as _____. Authentication What are the common methods of authentication? 1. Something you know (Knowledge-Based) 2. Something you have (Token-Based) 3. Something you are (Characteristics-Based) Something you know authentication methods. Passwords, Paraphrases, PIN (Personal Identification Number), Secret Code Something you have authentication methods. Tokens, Memory Cards, Smart Cards Something you are authentication methods. Biometrics, Measurable Characteristics A physical object a user possesses and controls that is used to authenticate the user's identity. NIST IR 7711 Tokens Biological characteristics of an individual, such as a fingerprint, hadn't geometry, voice, or iris patterns. Biometrics What are the types of authentication? 1. Single-Factor Authentication (SFA) 2. Multi-Factor Authentication (MFA) Use of just one of the three available factors to carry out the authentication process is known as? Single-Factor Authentication (SFA) Using two or more distinct instances of the three factors of authentication for identity verification is known as? Multi-Factor Authentication (MFA) The right or a permission that is granted to a system entity to access a system resource.