(ISC)2 Certified in Cybersecurity - Exam Prep Test
with 100% Verified Answers Graded A+
Document specific requirements that a customer has about any aspect of a vendor's
Page | 1
service performance.
A) DLR
B) Contract
C) SLR
D) NDA - -C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - -Risk Assessment
_________ are external forces that jeopardize security. - -Threats
_________ are methods used by attackers. - -Threat Vectors
_________ are the combination of a threat and a vulnerability. - -Risks
We rank risks by _________ and _________. - -Likelihood and impact
_________ use subjective ratings to evaluate risk likelihood and impact. - -Qualitative
Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood and impact. - -
Quantitative Risk Assessment
, _________ analyzes and implements possible responses to control risk. - -Risk
Treatment
Page | 2
_________ changes business practices to make a risk irrelevant. - -Risk Avoidance
_________ reduces the likelihood or impact of a risk. - -Risk Mitigation
An organization's _________ is the set of risks that it faces. - -Risk Profile
_________ Initial Risk of an organization. - -Inherent Risk
_________ Risk that remains in an organization after controls. - -Residual Risk
_________ is the level of risk an organization is willing to accept. - -Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify issues. - -
Security Controls
_________ stop a security issue from occurring. - -Preventive Control
_________ identify security issues requiring investigation. - -Detective Control
_________ remediate security issues that have occurred. - -Recovery Control
, Hardening == Preventative - -Virus == Detective
Backups == Recovery - -For exam (Local and Technical Controls are the same)
Page | 3
_________ use technology to achieve control objectives. - -Technical Controls
_________ use processes to achieve control objectives. - -Administrative Controls
_________ impact the physical world. - -Physical Controls
_________ tracks specific device settings. - -Configuration Management
_________ provide a configuration snapshot. - -Baselines (track changes)
_________ assigns numbers to each version. - -Versioning
_________ serve as important configuration artifacts. - -Diagrams
_________ and _________ help ensure a stable operating environment. - -Change and
Configuration Management
Purchasing an insurance policy is an example of which risk management strategy? - -
Risk Transference
What two factors are used to evaluate a risk? - -Likelihood and Impact
, What term best describes making a snapshot of a system or application at a point in time
for later comparison? - -Baselining
Page | 4
What type of security control is designed to stop a security issue from occurring in the first
place? - -Preventive
What term describes risks that originate inside the organization? - -Internal
What four items belong to the security policy framework? - -Policies, Standards,
Guidelines, Procedures
_________ describe an organization's security expectations. - -Policies (mandatory
and approved at the highest level of an organization)
_________ describe specific security controls and are often derived from policies. - -
Standards (mandatory)
_________ describe best practices. - -Guidelines (recommendations/advice and
compliance is not mandatory)
_________ step-by-step instructions. - -Procedures (not mandatory)
_________ describe authorized uses of technology. - -Acceptable Use Policies (AUP)
_________ describe how to protect sensitive information. - -Data Handling Policies
with 100% Verified Answers Graded A+
Document specific requirements that a customer has about any aspect of a vendor's
Page | 1
service performance.
A) DLR
B) Contract
C) SLR
D) NDA - -C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - -Risk Assessment
_________ are external forces that jeopardize security. - -Threats
_________ are methods used by attackers. - -Threat Vectors
_________ are the combination of a threat and a vulnerability. - -Risks
We rank risks by _________ and _________. - -Likelihood and impact
_________ use subjective ratings to evaluate risk likelihood and impact. - -Qualitative
Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood and impact. - -
Quantitative Risk Assessment
, _________ analyzes and implements possible responses to control risk. - -Risk
Treatment
Page | 2
_________ changes business practices to make a risk irrelevant. - -Risk Avoidance
_________ reduces the likelihood or impact of a risk. - -Risk Mitigation
An organization's _________ is the set of risks that it faces. - -Risk Profile
_________ Initial Risk of an organization. - -Inherent Risk
_________ Risk that remains in an organization after controls. - -Residual Risk
_________ is the level of risk an organization is willing to accept. - -Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify issues. - -
Security Controls
_________ stop a security issue from occurring. - -Preventive Control
_________ identify security issues requiring investigation. - -Detective Control
_________ remediate security issues that have occurred. - -Recovery Control
, Hardening == Preventative - -Virus == Detective
Backups == Recovery - -For exam (Local and Technical Controls are the same)
Page | 3
_________ use technology to achieve control objectives. - -Technical Controls
_________ use processes to achieve control objectives. - -Administrative Controls
_________ impact the physical world. - -Physical Controls
_________ tracks specific device settings. - -Configuration Management
_________ provide a configuration snapshot. - -Baselines (track changes)
_________ assigns numbers to each version. - -Versioning
_________ serve as important configuration artifacts. - -Diagrams
_________ and _________ help ensure a stable operating environment. - -Change and
Configuration Management
Purchasing an insurance policy is an example of which risk management strategy? - -
Risk Transference
What two factors are used to evaluate a risk? - -Likelihood and Impact
, What term best describes making a snapshot of a system or application at a point in time
for later comparison? - -Baselining
Page | 4
What type of security control is designed to stop a security issue from occurring in the first
place? - -Preventive
What term describes risks that originate inside the organization? - -Internal
What four items belong to the security policy framework? - -Policies, Standards,
Guidelines, Procedures
_________ describe an organization's security expectations. - -Policies (mandatory
and approved at the highest level of an organization)
_________ describe specific security controls and are often derived from policies. - -
Standards (mandatory)
_________ describe best practices. - -Guidelines (recommendations/advice and
compliance is not mandatory)
_________ step-by-step instructions. - -Procedures (not mandatory)
_________ describe authorized uses of technology. - -Acceptable Use Policies (AUP)
_________ describe how to protect sensitive information. - -Data Handling Policies
