Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

Your Ultimate Guide to Mastering the (ISC)² Certified in Cybersecurity Exam: Strategies for Success. Top Rated Exam Study Guide Latest Updated Exam Study Guide 2025/2026.

Rating
-
Sold
-
Pages
51
Grade
A+
Uploaded on
14-07-2025
Written in
2024/2025

Your Ultimate Guide to Mastering the (ISC)² Certified in Cybersecurity Exam: Strategies for Success. Top Rated Exam Study Guide Latest Updated Exam Study Guide 2025/2026.

Institution
CCISO - Certified Chief Information Security Officer
Course
CCISO - Certified Chief Information Security Officer

Content preview

Your Ultimate Guide to Mastering the (ISC)² Certified
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
Document specific requirements that a customer has about any aspect of a vendor's service
performance.

A) DLR
B) Contract
C) SLR
D) NDA - ANSC) SLR (Service-Level Requirements)
_________ identifies and triages risks. - ANSRisk Assessment
_________ are external forces that jeopardize security. - ANSThreats
_________ are methods used by attackers. - ANSThreat Vectors
_________ are the combination of a threat and a vulnerability. - ANSRisks
We rank risks by _________ and _________. - ANSLikelihood and impact
_________ use subjective ratings to evaluate risk likelihood and impact. - ANSQualitative
Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood and impact. -
ANSQuantitative Risk Assessment
_________ analyzes and implements possible responses to control risk. - ANSRisk Treatment
_________ changes business practices to make a risk irrelevant. - ANSRisk Avoidance
_________ reduces the likelihood or impact of a risk. - ANSRisk Mitigation
An organization's _________ is the set of risks that it faces. - ANSRisk Profile
_________ Initial Risk of an organization. - ANSInherent Risk
_________ Risk that remains in an organization after controls. - ANSResidual Risk
_________ is the level of risk an organization is willing to accept. - ANSRisk Tolerance
_________ reduce the likelihood or impact of a risk and help identify issues. - ANSSecurity
Controls
_________ stop a security issue from occurring. - ANSPreventive Control
_________ identify security issues requiring investigation. - ANSDetective Control
_________ remediate security issues that have occurred. - ANSRecovery Control
Hardening == Preventative - ANSVirus == Detective
Backups == Recovery - ANSFor exam (Local and Technical Controls are the same)
_________ use technology to achieve control objectives. - ANSTechnical Controls
_________ use processes to achieve control objectives. - ANSAdministrative Controls
_________ impact the physical world. - ANSPhysical Controls
_________ tracks specific device settings. - ANSConfiguration Management
_________ provide a configuration snapshot. - ANSBaselines (track changes)
_________ assigns numbers to each version. - ANSVersioning
_________ serve as important configuration artifacts. - ANSDiagrams
_________ and _________ help ensure a stable operating environment. - ANSChange and
Configuration Management
Purchasing an insurance policy is an example of which risk management strategy? -
ANSRisk Transference
What two factors are used to evaluate a risk? - ANSLikelihood and Impact
What term best describes making a snapshot of a system or application at a point in time for
later comparison? - ANSBaselining
What type of security control is designed to stop a security issue from occurring in the first
place? - ANSPreventive
What term describes risks that originate inside the organization? - ANSInternal

,Your Ultimate Guide to Mastering the (ISC)² Certified
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
What four items belong to the security policy framework? - ANSPolicies, Standards,
Guidelines, Procedures
_________ describe an organization's security expectations. - ANSPolicies (mandatory and
approved at the highest level of an organization)
_________ describe specific security controls and are often derived from policies. -
ANSStandards (mandatory)
_________ describe best practices. - ANSGuidelines (recommendations/advice and
compliance is not mandatory)
_________ step-by-step instructions. - ANSProcedures (not mandatory)
_________ describe authorized uses of technology. - ANSAcceptable Use Policies (AUP)
_________ describe how to protect sensitive information. - ANSData Handling Policies
_________ cover password security practices. - ANSPassword Policies
_________ cover use of personal devices with company information. - ANSBring Your Own
Device (BYOD) Policies
_________ cover the use of personally identifiable information. - ANSPrivacy Policies
_________ cover the documentation, approval, and rollback of technology changes. -
ANSChange Management Policies
Which element of the security policy framework includes suggestions that are not
mandatory? - ANSGuidelines
What law applies to the use of personal information belonging to European Union residents?
- ANSGDPR
What type of security policy normally describes how users may access business information
with their own devices? - ANSBYOD Policy
_________ the set of controls designed to keep a business running in the face of adversity,
whether natural or man-made. - ANSBusiness Continuity Planning (BCP)
BCP is also known as _________. - ANSContinuity of Operations Planning (COOP)
Defining the BCP Scope: - ANSWhat business activities will the plan cover? What systems
will it cover? What controls will it consider?
_________ identifies and prioritizes risks. - ANSBusiness Impact Assessment
BCP in the cloud requires _________ between providers and customers. - ANSCollaboration
_________ protects against the failure of a single component. - ANSRedundancy
_________ identifies and removes SPOFs. - ANSSingle Point of Failure Analysis
_________ continues until the cost of addressing risks outweighs the benefit. - ANSSPOF
Analysis
_________ uses multiple systems to protect against service failure. - ANSHigh Availability
_________ makes a single system resilient against technical failures. - ANSFault Tolerance
_________ spreads demand across systems. - ANSLoad Balancing
3 Common Points of Failure in a system. - ANSPower Supply, Storage Media, Networking
Disk Mirroring is which RAID level? - ANS1
Disk striping with parity is which RAID level? - ANS5 (uses 3 or more disks to store data)
What goal of security is enhanced by a strong business continuity program? -
ANSAvailability
What is the minimum number of disk required to perform RAID level 5? - ANS3
What type of control are we using if we supplement a single firewall with a second standby
firewall ready to assume responsibility if the primary firewall fails? - ANSHigh Availability
_________ provide structure during cybersecurity incidents. - ANSIncident Response Plan

,Your Ultimate Guide to Mastering the (ISC)² Certified
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
_________ describe the policies and procedures governing cybersecurity incidents. -
ANSIncident Response Plans
_________ leads to strong incident response. - ANSPrior Planning
Incident Response Plans should include: - ANSStatement of Purpose, Strategies and goals for
incident response, Approach to incident response, Communication with other groups, Senior
leadership approval
_________ should be consulted when developing a plan. - ANSNIST SP 800-61
Incident response teams must have personnel available _________. - ANS24/7
_________ is crucial to effective incident identification. - ANSMonitoring
_________ security solution that collects information from diverse sources, analyzes it for
signs for security incidents and retains it for later use. - ANSSecurity Incident and Event
Management (SIEM)
The highest priority of a first responder must be containing damage through _________. -
ANSIsolation
During an incident response, what is the highest priority of first responders? -
ANSContaining the damage
You are normally required to report security incidents to law enforcement if you believe a
law may have been violated. True or False - ANSFalse
_________ restores normal operations as quickly as possible. - ANSDisaster Recovery
What are the initial response goals regarding Disaster Recovery? - ANSContain the Damage,
Recover normal operations
_________ is the amount of time to restore service. - ANSRecovery Time Objective (RTO)
_________ is the amount of data to recover. - ANSRecovery Point Objective (RPO)
_________ is the percentage of service to restore. - ANSRecovery Service Level (RSL)
_________ provide a data "safety net" - ANSBackups
Types of Backup Media: - ANSTape backups, Disk-to-disk backups, Cloud backups
_________ include a complete copy of all data. - ANSFull Backups
_________ are types of full backups. - ANSSnapshots and Images
_________ include all data modified since the last full backup. - ANSDifferential Backups
_________ include all data modified since the last full or incremental backup. -
ANSIncremental Backups
Joe performs full backups every Sunday evening and differential backups every weekday
evening. His system fails on Friday morning. What backups does he restore? - ANSSunday's
FULL backup (To establish a base), Thursday's differential backup (To grab the latest data
change)
Joe performs full backups every Sunday evening and incremental backups every weekday
evening. His system fails on Friday morning. What backups does he restore? - ANSSunday's
FULL backup (To establish a base), Monday, Tuesday, Wednesday, and Thursday
incremental backups
_________ provide alternate data processing. - ANSDisaster Recovery Sites
Disaster Recovery Facility Sites: - ANSHot Site, Cold Site, Warm Site
_________ fully operational data centers stock with equipment an data and are available at a
moment's notice. Very expensive. - ANSHot Site
_________ empty data centers stock with core equipment, network, and environmental
controls but do not have servers. Relatively Inexpensive but can take weeks or even months
to become operational. - ANSColt Site

, Your Ultimate Guide to Mastering the (ISC)² Certified
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
_________ stock with all necessary equipment and data but are not maintained in a parallel
fashion. Similar in expense to hot sites and can become operational in hours or days. -
ANSWarm Site
_________ these are geographically distant, offer site resiliency, require manual transfer or
site replication through SAN or VM and provide online or offline backups. - ANSOffsite
Storage
Disaster Recovery Testing Goals: - ANSValidate that the plan functions correctly, Identify
necessary plan updates
Disaster Recovery Test types: - ANSRead-through, Walk-through, Simulation, Parallel Test,
Full interruption test
_________ ask each team member to review their role in the disaster recovery process and
provide feedback. - ANSRead-throughs
_________ gather the team together for a formal review of the disaster recovery plan. -
ANSWalk-throughs (aka Tabletop exercise)
_________ use a practice scenario to test the disaster recovery plan. - ANSSimulations
_________ activate the disaster recovery environment but do not switch operations there. -
ANSParallel tests
_________ this switches primary operations to the alternate environment and can be very
disruptive to business. - ANSFull Interruption tests
Which type of backup includes only those files that have changes since the most recent full or
incremental backup? - ANSIncremental
(Revisit) What disaster recovery metric provides the targeted amount of time to restore a
service after a failure? - ANSRTO
(Revisit) Which disaster recovery tests involve the actual activation of the DR site? -
ANSParallel
What type of disaster recovery site is able to be activated most quickly in the event of a
disruption? - ANSHot site
Within the organization, who can identify risk? (D1, L1.2.2)

A) The security manager
B) Any security team member
C) Senior management
D) Anyone - ANSD) Anyone
Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers
for an (ISC)² certification exam. What should Glen do? (D1, L1.5.1)

A) Nothing
B) Inform (ISC)²
C) Inform law enforcement
D) Inform Glen's employer - ANSB) Inform (ISC)²
A system that collects transactional information and stores it in a record in order to show
which users performed which actions is an example of providing ________. (D1, L1.1.1)


A) Non-repudiation
B) Multifactor authentication
C) Biometrics

Written for

Institution
CCISO - Certified Chief Information Security Officer
Course
CCISO - Certified Chief Information Security Officer

Document information

Uploaded on
July 14, 2025
Number of pages
51
Written in
2024/2025
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$15.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
charleswest Oxford University
View profile
Follow You need to be logged in order to follow users or courses
Sold
77
Member since
5 year
Number of followers
63
Documents
3839
Last sold
1 week ago

3.8

13 reviews

5
6
4
2
3
3
2
0
1
2

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions