(ISC)2 Certified in Cybersecurity -
Exam Prep 2025 With 100% Correct
Answers
Document specific requirements that a customer has about any aspect of a vendor's service
performance.
A) DLR
B) Contract
C) SLR
D) NDA - CORRECT ANSWER✔✔C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - CORRECT ANSWER✔✔Risk Assessment
_________ are external forces that jeopardize security. - CORRECT ANSWER✔✔Threats
_________ are methods used by attackers. - CORRECT ANSWER✔✔Threat Vectors
_________ are the combination of a threat and a vulnerability. - CORRECT ANSWER✔✔Risks
We rank risks by _________ and _________. - CORRECT ANSWER✔✔Likelihood and impact
_________ use subjective ratings to evaluate risk likelihood and impact. - CORRECT
ANSWER✔✔Qualitative Risk Assessment
,_________ use objective numeric ratings to evaluate risk likelihood and impact. - CORRECT
ANSWER✔✔Quantitative Risk Assessment
_________ analyzes and implements possible responses to control risk. - CORRECT
ANSWER✔✔Risk Treatment
_________ changes business practices to make a risk irrelevant. - CORRECT ANSWER✔✔Risk
Avoidance
_________ reduces the likelihood or impact of a risk. - CORRECT ANSWER✔✔Risk Mitigation
An organization's _________ is the set of risks that it faces. - CORRECT ANSWER✔✔Risk Profile
_________ Initial Risk of an organization. - CORRECT ANSWER✔✔Inherent Risk
_________ Risk that remains in an organization after controls. - CORRECT ANSWER✔✔Residual
Risk
_________ is the level of risk an organization is willing to accept. - CORRECT ANSWER✔✔Risk
Tolerance
_________ reduce the likelihood or impact of a risk and help identify issues. - CORRECT
ANSWER✔✔Security Controls
_________ stop a security issue from occurring. - CORRECT ANSWER✔✔Preventive Control
_________ identify security issues requiring investigation. - CORRECT ANSWER✔✔Detective
Control
,_________ remediate security issues that have occurred. - CORRECT ANSWER✔✔Recovery
Control
Hardening == Preventative - CORRECT ANSWER✔✔Virus == Detective
Backups == Recovery - CORRECT ANSWER✔✔For exam (Local and Technical Controls are the
same)
_________ use technology to achieve control objectives. - CORRECT ANSWER✔✔Technical
Controls
_________ use processes to achieve control objectives. - CORRECT ANSWER✔✔Administrative
Controls
_________ impact the physical world. - CORRECT ANSWER✔✔Physical Controls
_________ tracks specific device settings. - CORRECT ANSWER✔✔Configuration Management
_________ provide a configuration snapshot. - CORRECT ANSWER✔✔Baselines (track changes)
_________ assigns numbers to each version. - CORRECT ANSWER✔✔Versioning
_________ serve as important configuration artifacts. - CORRECT ANSWER✔✔Diagrams
_________ and _________ help ensure a stable operating environment. - CORRECT
ANSWER✔✔Change and Configuration Management
, Purchasing an insurance policy is an example of which risk management strategy? - CORRECT
ANSWER✔✔Risk Transference
What two factors are used to evaluate a risk? - CORRECT ANSWER✔✔Likelihood and Impact
What term best describes making a snapshot of a system or application at a point in time for
later comparison? - CORRECT ANSWER✔✔Baselining
What type of security control is designed to stop a security issue from occurring in the first
place? - CORRECT ANSWER✔✔Preventive
What term describes risks that originate inside the organization? - CORRECT
ANSWER✔✔Internal
What four items belong to the security policy framework? - CORRECT ANSWER✔✔Policies,
Standards, Guidelines, Procedures
_________ describe an organization's security expectations. - CORRECT ANSWER✔✔Policies
(mandatory and approved at the highest level of an organization)
_________ describe specific security controls and are often derived from policies. - CORRECT
ANSWER✔✔Standards (mandatory)
_________ describe best practices. - CORRECT ANSWER✔✔Guidelines
(recommendations/advice and compliance is not mandatory)
_________ step-by-step instructions. - CORRECT ANSWER✔✔Procedures (not mandatory)
Exam Prep 2025 With 100% Correct
Answers
Document specific requirements that a customer has about any aspect of a vendor's service
performance.
A) DLR
B) Contract
C) SLR
D) NDA - CORRECT ANSWER✔✔C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - CORRECT ANSWER✔✔Risk Assessment
_________ are external forces that jeopardize security. - CORRECT ANSWER✔✔Threats
_________ are methods used by attackers. - CORRECT ANSWER✔✔Threat Vectors
_________ are the combination of a threat and a vulnerability. - CORRECT ANSWER✔✔Risks
We rank risks by _________ and _________. - CORRECT ANSWER✔✔Likelihood and impact
_________ use subjective ratings to evaluate risk likelihood and impact. - CORRECT
ANSWER✔✔Qualitative Risk Assessment
,_________ use objective numeric ratings to evaluate risk likelihood and impact. - CORRECT
ANSWER✔✔Quantitative Risk Assessment
_________ analyzes and implements possible responses to control risk. - CORRECT
ANSWER✔✔Risk Treatment
_________ changes business practices to make a risk irrelevant. - CORRECT ANSWER✔✔Risk
Avoidance
_________ reduces the likelihood or impact of a risk. - CORRECT ANSWER✔✔Risk Mitigation
An organization's _________ is the set of risks that it faces. - CORRECT ANSWER✔✔Risk Profile
_________ Initial Risk of an organization. - CORRECT ANSWER✔✔Inherent Risk
_________ Risk that remains in an organization after controls. - CORRECT ANSWER✔✔Residual
Risk
_________ is the level of risk an organization is willing to accept. - CORRECT ANSWER✔✔Risk
Tolerance
_________ reduce the likelihood or impact of a risk and help identify issues. - CORRECT
ANSWER✔✔Security Controls
_________ stop a security issue from occurring. - CORRECT ANSWER✔✔Preventive Control
_________ identify security issues requiring investigation. - CORRECT ANSWER✔✔Detective
Control
,_________ remediate security issues that have occurred. - CORRECT ANSWER✔✔Recovery
Control
Hardening == Preventative - CORRECT ANSWER✔✔Virus == Detective
Backups == Recovery - CORRECT ANSWER✔✔For exam (Local and Technical Controls are the
same)
_________ use technology to achieve control objectives. - CORRECT ANSWER✔✔Technical
Controls
_________ use processes to achieve control objectives. - CORRECT ANSWER✔✔Administrative
Controls
_________ impact the physical world. - CORRECT ANSWER✔✔Physical Controls
_________ tracks specific device settings. - CORRECT ANSWER✔✔Configuration Management
_________ provide a configuration snapshot. - CORRECT ANSWER✔✔Baselines (track changes)
_________ assigns numbers to each version. - CORRECT ANSWER✔✔Versioning
_________ serve as important configuration artifacts. - CORRECT ANSWER✔✔Diagrams
_________ and _________ help ensure a stable operating environment. - CORRECT
ANSWER✔✔Change and Configuration Management
, Purchasing an insurance policy is an example of which risk management strategy? - CORRECT
ANSWER✔✔Risk Transference
What two factors are used to evaluate a risk? - CORRECT ANSWER✔✔Likelihood and Impact
What term best describes making a snapshot of a system or application at a point in time for
later comparison? - CORRECT ANSWER✔✔Baselining
What type of security control is designed to stop a security issue from occurring in the first
place? - CORRECT ANSWER✔✔Preventive
What term describes risks that originate inside the organization? - CORRECT
ANSWER✔✔Internal
What four items belong to the security policy framework? - CORRECT ANSWER✔✔Policies,
Standards, Guidelines, Procedures
_________ describe an organization's security expectations. - CORRECT ANSWER✔✔Policies
(mandatory and approved at the highest level of an organization)
_________ describe specific security controls and are often derived from policies. - CORRECT
ANSWER✔✔Standards (mandatory)
_________ describe best practices. - CORRECT ANSWER✔✔Guidelines
(recommendations/advice and compliance is not mandatory)
_________ step-by-step instructions. - CORRECT ANSWER✔✔Procedures (not mandatory)
