ISACA CYBERSECURITY FUNDAMENTALS
CERTIFICATION EXAM QUESTIONS WITH
ACCURATE ANSWERS
Agile Development correct answer A software development methodology that
delivers functionality in rapid iterations, measured in weeks, requiring frequent
communication, development, testing, and delivery. It works opportunities for
reevaluation of the project within the project plan, allowing for the schedule to be
flexible and adaptable
Anti-forensics correct answer An approach to manipulate, erase, or obfuscate
digital data or to make its examination difficult, time-consuming, or virtually
impossible
Application firewall systems correct answer Def: Allow information to flow
between systems but do not allow the direct exchange of packets. Provide greater
protection than packet filtering. Work at the application level of OSI model
Types:
1) Application level gateways - proxy for each service; impacts network
performance
2) Circuit level gateways - one proxy for all services; more efficient
Advantages:
- Provide security for commonly used protocols
- generally hide network from outside untrusted networks
- ability to protect the entire network by limiting break-ins to the firewall itself
- ability to examine and secure program code
,Disadvantages:
- reduced performance and scalability as internet usage grows
Approaches to Cybersecurity Risk correct answer Dependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
Asset correct answer something of either tangible or intangible value that is
worth protecting
Asymmetric key correct answer pairs of unidirectional, complementary keys that
only encrypt or decrypt; one of these is secret and the other is publically known;
ideal for short messages (i.e. digital signatures, distribute symmetric keys)
Advantages:
1) Easier distributing keys to untrusted, unknown users
2) Provides authentication/nonrepudiation - sender only knows the private key
, Disadvantages:
1) computationally intensive and slow
Attack Attributes correct answer 1) Attack Vector
2) Payload
3) Exploit
4) Vulnerability
5) Target (Asset)
Attack vector correct answer The path or route used to gain access to the target
(asset)
Types:
1) Ingress - intrusion
2) Egress - Data removal
Attack-signature-detection tools correct answer These look for an attack
signature, which is a specific sequence of events indicative of an unauthorized
access attempt. A simple example would be repeated failed logon attempts.
Attrition correct answer An attack that employs brute force methods to
compromise, degrade, or destroy systems, networks or services
Audit reduction tools correct answer Preprocessors designed to reduce the
volume of audit records to facilitate manual review. Used to analyze large log files
CERTIFICATION EXAM QUESTIONS WITH
ACCURATE ANSWERS
Agile Development correct answer A software development methodology that
delivers functionality in rapid iterations, measured in weeks, requiring frequent
communication, development, testing, and delivery. It works opportunities for
reevaluation of the project within the project plan, allowing for the schedule to be
flexible and adaptable
Anti-forensics correct answer An approach to manipulate, erase, or obfuscate
digital data or to make its examination difficult, time-consuming, or virtually
impossible
Application firewall systems correct answer Def: Allow information to flow
between systems but do not allow the direct exchange of packets. Provide greater
protection than packet filtering. Work at the application level of OSI model
Types:
1) Application level gateways - proxy for each service; impacts network
performance
2) Circuit level gateways - one proxy for all services; more efficient
Advantages:
- Provide security for commonly used protocols
- generally hide network from outside untrusted networks
- ability to protect the entire network by limiting break-ins to the firewall itself
- ability to examine and secure program code
,Disadvantages:
- reduced performance and scalability as internet usage grows
Approaches to Cybersecurity Risk correct answer Dependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
Asset correct answer something of either tangible or intangible value that is
worth protecting
Asymmetric key correct answer pairs of unidirectional, complementary keys that
only encrypt or decrypt; one of these is secret and the other is publically known;
ideal for short messages (i.e. digital signatures, distribute symmetric keys)
Advantages:
1) Easier distributing keys to untrusted, unknown users
2) Provides authentication/nonrepudiation - sender only knows the private key
, Disadvantages:
1) computationally intensive and slow
Attack Attributes correct answer 1) Attack Vector
2) Payload
3) Exploit
4) Vulnerability
5) Target (Asset)
Attack vector correct answer The path or route used to gain access to the target
(asset)
Types:
1) Ingress - intrusion
2) Egress - Data removal
Attack-signature-detection tools correct answer These look for an attack
signature, which is a specific sequence of events indicative of an unauthorized
access attempt. A simple example would be repeated failed logon attempts.
Attrition correct answer An attack that employs brute force methods to
compromise, degrade, or destroy systems, networks or services
Audit reduction tools correct answer Preprocessors designed to reduce the
volume of audit records to facilitate manual review. Used to analyze large log files
