ISACA Cybersecurity Exam
Questions with Accurate
Answers
Acceptable Use policy correct answer A policy that establishes an agreement
between users and the enterprise and defines for all parties' the ranges of use
that are approved before gaining access to a network or the Internet.
Access control list (ACL) correct answer An internal computerized table of access
rules regarding the levels of computer access permitted to logon IDs and
computer terminals. Scope Notes: Also referred to as access control tables.
Access rights correct answer The permission or privileges granted to users,
programs or workstations to create, change, delete or view data and files within a
system, as defined by rules established by data owners and the information
security policy.
Accountability correct answer The ability to map a given activity or event back to
the responsible party.
Advanced Encryption Standard (AES) correct answer A public algorithm that
supports keys from 128 bits to 256 bits in size
Advanced persistent threat (APT) correct answer An adversary that possesses
sophisticated levels of expertise and significant resources that allow it to create
opportunities to achieve its objectives by using multiple attack vectors, including
cyber, physical and deception. Typically, APT objectives include establishing and
extending footholds within the IT infrastructure of the targeted organizations for
,purposes of exfiltrating information, or undermining or impeding critical aspects
of a mission, program or organization; or positioning itself to carry out those
objectives in the future. The advanced persistent threat pursues its objectives
repeatedly, over an extended period, adapts to defenders' efforts to resist it and
is determined to maintain the level of interaction that is needed to execute its
objectives. Source: NIST SP 800-39
Adversary correct answer A threat agent
Adware correct answer A software package that automatically plays, displays or
downloads advertising material to a computer after the software is installed on it
or while the application is being used. Scope Notes: In most cases, this is done
without any notification to the user or without the user's consent. The term
adware may also refer to software that displays advertisements, whether or not it
does so with the user's consent; such programs display advertisements as an
alternative to shareware registration fees. These are classified as adware in the
sense of advertising supported software, but not as spyware. Adware in this form
does not operate surreptitiously or mislead the user, and it provides the user with
a specific service.
Analog correct answer A transmission signal that varies continuously in amplitude
and time and is generated in wave formation. Scope Notes: Analog signals are
used in telecommunications
Antimalware correct answer A widely used technology to prevent, detect and
remove many categories of malware, including computer viruses, worms, Trojans,
keyloggers, malicious browser plug-ins, adware and spyware
Antivirus software correct answer An application software deployed at multiple
points in an IT architecture. It is designed to detect and potentially eliminate virus
,code before damage is done and repair or quarantine files that have already been
infected.
Application layer correct answer In the Open Systems Interconnection (OSI)
communications model, the application layer provides services for an application
program to ensure that effective communication with another application
program in a network is possible.
Architecture correct answer Description of the fundamental underlying design of
the components of the business system, or of one element of the business system
(e.g., technology), the relationships among them, and the manner in which they
support enterprise objectives.
Asset correct answer Something of either tangible or intangible value that is
worth protecting, including people, information, infrastructure, finances and
reputation.
Asymmetric key (public key) correct answer A cipher technique in which different
cryptographic keys are used to encrypt and decrypt a message. Scope Notes: See
public key encryption.
Attack correct answer An actual occurrence of an adverse event
Attack mechanism correct answer A method used to deliver the exploit. Unless
the attacker is personally performing the attack, an attack mechanism may
involve a payload, or container, that delivers the exploit to the target.
, Attack vector correct answer A path or route used by the adversary to gain access
to the target (asset). Scope Notes: There are two types of attack vectors: ingress
and egress (also known as data exfiltration)
Audit trail correct answer Data in the form of a logical path linking a sequence of
events, used to trace the transactions that have affected the contents of a record.
Source : ISO
Authentication correct answer 1. The act of verifying identity, i.e., user, system.
Scope Notes: Risk: Can also refer to the verification of the correctness of a piece
of data. 2. The act of verifying the identity of a user, the user's eligibility to access
computerized information. Scope Notes: Assurance: Authentication is designed to
protect against fraudulent logon activity. It can also refer to the verification of the
correctness of a piece of data.
Authenticity correct answer Undisputed authorship
Availability correct answer Ensuring timely and reliable access to and use of
information
Back door correct answer A means of regaining access to a compromised system
by installing software or configuring existing software to enable remote access
under attacker-defined conditions
Bandwidth correct answer The range between the highest and lowest
transmittable frequencies. It equates to the transmission capacity of an electronic
line and is expressed in bytes per second or Hertz (cycles per second).
Bastion correct answer System heavily fortified against attacks
Questions with Accurate
Answers
Acceptable Use policy correct answer A policy that establishes an agreement
between users and the enterprise and defines for all parties' the ranges of use
that are approved before gaining access to a network or the Internet.
Access control list (ACL) correct answer An internal computerized table of access
rules regarding the levels of computer access permitted to logon IDs and
computer terminals. Scope Notes: Also referred to as access control tables.
Access rights correct answer The permission or privileges granted to users,
programs or workstations to create, change, delete or view data and files within a
system, as defined by rules established by data owners and the information
security policy.
Accountability correct answer The ability to map a given activity or event back to
the responsible party.
Advanced Encryption Standard (AES) correct answer A public algorithm that
supports keys from 128 bits to 256 bits in size
Advanced persistent threat (APT) correct answer An adversary that possesses
sophisticated levels of expertise and significant resources that allow it to create
opportunities to achieve its objectives by using multiple attack vectors, including
cyber, physical and deception. Typically, APT objectives include establishing and
extending footholds within the IT infrastructure of the targeted organizations for
,purposes of exfiltrating information, or undermining or impeding critical aspects
of a mission, program or organization; or positioning itself to carry out those
objectives in the future. The advanced persistent threat pursues its objectives
repeatedly, over an extended period, adapts to defenders' efforts to resist it and
is determined to maintain the level of interaction that is needed to execute its
objectives. Source: NIST SP 800-39
Adversary correct answer A threat agent
Adware correct answer A software package that automatically plays, displays or
downloads advertising material to a computer after the software is installed on it
or while the application is being used. Scope Notes: In most cases, this is done
without any notification to the user or without the user's consent. The term
adware may also refer to software that displays advertisements, whether or not it
does so with the user's consent; such programs display advertisements as an
alternative to shareware registration fees. These are classified as adware in the
sense of advertising supported software, but not as spyware. Adware in this form
does not operate surreptitiously or mislead the user, and it provides the user with
a specific service.
Analog correct answer A transmission signal that varies continuously in amplitude
and time and is generated in wave formation. Scope Notes: Analog signals are
used in telecommunications
Antimalware correct answer A widely used technology to prevent, detect and
remove many categories of malware, including computer viruses, worms, Trojans,
keyloggers, malicious browser plug-ins, adware and spyware
Antivirus software correct answer An application software deployed at multiple
points in an IT architecture. It is designed to detect and potentially eliminate virus
,code before damage is done and repair or quarantine files that have already been
infected.
Application layer correct answer In the Open Systems Interconnection (OSI)
communications model, the application layer provides services for an application
program to ensure that effective communication with another application
program in a network is possible.
Architecture correct answer Description of the fundamental underlying design of
the components of the business system, or of one element of the business system
(e.g., technology), the relationships among them, and the manner in which they
support enterprise objectives.
Asset correct answer Something of either tangible or intangible value that is
worth protecting, including people, information, infrastructure, finances and
reputation.
Asymmetric key (public key) correct answer A cipher technique in which different
cryptographic keys are used to encrypt and decrypt a message. Scope Notes: See
public key encryption.
Attack correct answer An actual occurrence of an adverse event
Attack mechanism correct answer A method used to deliver the exploit. Unless
the attacker is personally performing the attack, an attack mechanism may
involve a payload, or container, that delivers the exploit to the target.
, Attack vector correct answer A path or route used by the adversary to gain access
to the target (asset). Scope Notes: There are two types of attack vectors: ingress
and egress (also known as data exfiltration)
Audit trail correct answer Data in the form of a logical path linking a sequence of
events, used to trace the transactions that have affected the contents of a record.
Source : ISO
Authentication correct answer 1. The act of verifying identity, i.e., user, system.
Scope Notes: Risk: Can also refer to the verification of the correctness of a piece
of data. 2. The act of verifying the identity of a user, the user's eligibility to access
computerized information. Scope Notes: Assurance: Authentication is designed to
protect against fraudulent logon activity. It can also refer to the verification of the
correctness of a piece of data.
Authenticity correct answer Undisputed authorship
Availability correct answer Ensuring timely and reliable access to and use of
information
Back door correct answer A means of regaining access to a compromised system
by installing software or configuring existing software to enable remote access
under attacker-defined conditions
Bandwidth correct answer The range between the highest and lowest
transmittable frequencies. It equates to the transmission capacity of an electronic
line and is expressed in bytes per second or Hertz (cycles per second).
Bastion correct answer System heavily fortified against attacks
