(ISC)2 Certified in Cybersecurity - Exam
Prep Questions And Answers
Document specific requirements that a customer has about any aspect
of a vendor's service performance.
A) DLR
B) Contract
C) SLR
D) NDA - - correct answer ✅C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - - correct answer ✅Risk
Assessment
_________ are external forces that jeopardize security. - - correct
answer ✅Threats
_________ are methods used by attackers. - - correct answer ✅Threat
Vectors
_________ are the combination of a threat and a vulnerability. - -
correct answer ✅Risks
We rank risks by _________ and _________. - - correct answer
✅Likelihood and impact
,(ISC)2 Certified in Cybersecurity - Exam
Prep Questions And Answers
_________ use subjective ratings to evaluate risk likelihood and impact.
- - correct answer ✅Qualitative Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood and
impact. - - correct answer ✅Quantitative Risk Assessment
_________ analyzes and implements possible responses to control risk.
- - correct answer ✅Risk Treatment
_________ changes business practices to make a risk irrelevant. - -
correct answer ✅Risk Avoidance
_________ reduces the likelihood or impact of a risk. - - correct answer
✅Risk Mitigation
An organization's _________ is the set of risks that it faces. - - correct
answer ✅Risk Profile
_________ Initial Risk of an organization. - - correct answer ✅Inherent
Risk
_________ Risk that remains in an organization after controls. - - correct
answer ✅Residual Risk
,(ISC)2 Certified in Cybersecurity - Exam
Prep Questions And Answers
_________ is the level of risk an organization is willing to accept. - -
correct answer ✅Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify
issues. - - correct answer ✅Security Controls
_________ stop a security issue from occurring. - - correct answer
✅Preventive Control
_________ identify security issues requiring investigation. - - correct
answer ✅Detective Control
_________ remediate security issues that have occurred. - - correct
answer ✅Recovery Control
Hardening == Preventative - - correct answer ✅Virus == Detective
Backups == Recovery - - correct answer ✅For exam (Local and
Technical Controls are the same)
_________ use technology to achieve control objectives. - - correct
answer ✅Technical Controls
, (ISC)2 Certified in Cybersecurity - Exam
Prep Questions And Answers
_________ use processes to achieve control objectives. - - correct
answer ✅Administrative Controls
_________ impact the physical world. - - correct answer ✅Physical
Controls
_________ tracks specific device settings. - - correct answer
✅Configuration Management
_________ provide a configuration snapshot. - - correct answer
✅Baselines (track changes)
_________ assigns numbers to each version. - - correct answer
✅Versioning
_________ serve as important configuration artifacts. - - correct answer
✅Diagrams
_________ and _________ help ensure a stable operating environment.
- - correct answer ✅Change and Configuration Management
Prep Questions And Answers
Document specific requirements that a customer has about any aspect
of a vendor's service performance.
A) DLR
B) Contract
C) SLR
D) NDA - - correct answer ✅C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - - correct answer ✅Risk
Assessment
_________ are external forces that jeopardize security. - - correct
answer ✅Threats
_________ are methods used by attackers. - - correct answer ✅Threat
Vectors
_________ are the combination of a threat and a vulnerability. - -
correct answer ✅Risks
We rank risks by _________ and _________. - - correct answer
✅Likelihood and impact
,(ISC)2 Certified in Cybersecurity - Exam
Prep Questions And Answers
_________ use subjective ratings to evaluate risk likelihood and impact.
- - correct answer ✅Qualitative Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood and
impact. - - correct answer ✅Quantitative Risk Assessment
_________ analyzes and implements possible responses to control risk.
- - correct answer ✅Risk Treatment
_________ changes business practices to make a risk irrelevant. - -
correct answer ✅Risk Avoidance
_________ reduces the likelihood or impact of a risk. - - correct answer
✅Risk Mitigation
An organization's _________ is the set of risks that it faces. - - correct
answer ✅Risk Profile
_________ Initial Risk of an organization. - - correct answer ✅Inherent
Risk
_________ Risk that remains in an organization after controls. - - correct
answer ✅Residual Risk
,(ISC)2 Certified in Cybersecurity - Exam
Prep Questions And Answers
_________ is the level of risk an organization is willing to accept. - -
correct answer ✅Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify
issues. - - correct answer ✅Security Controls
_________ stop a security issue from occurring. - - correct answer
✅Preventive Control
_________ identify security issues requiring investigation. - - correct
answer ✅Detective Control
_________ remediate security issues that have occurred. - - correct
answer ✅Recovery Control
Hardening == Preventative - - correct answer ✅Virus == Detective
Backups == Recovery - - correct answer ✅For exam (Local and
Technical Controls are the same)
_________ use technology to achieve control objectives. - - correct
answer ✅Technical Controls
, (ISC)2 Certified in Cybersecurity - Exam
Prep Questions And Answers
_________ use processes to achieve control objectives. - - correct
answer ✅Administrative Controls
_________ impact the physical world. - - correct answer ✅Physical
Controls
_________ tracks specific device settings. - - correct answer
✅Configuration Management
_________ provide a configuration snapshot. - - correct answer
✅Baselines (track changes)
_________ assigns numbers to each version. - - correct answer
✅Versioning
_________ serve as important configuration artifacts. - - correct answer
✅Diagrams
_________ and _________ help ensure a stable operating environment.
- - correct answer ✅Change and Configuration Management
