(ISC)2 Certified in Cybersecurity - Exam Prep Questions with Detailed Verified Answers

Page | 1



(ISC)2 Certified in Cybersecurity - Exam Prep
Questions with Detailed Verified Answers




Document specific requirements that a customer has about any aspect of
a vendor's service performance.




A) DLR

B) Contract

C) SLR

D) NDA Ans: C) SLR (Service-Level Requirements)

_________ identifies and triages risks. Ans: Risk Assessment

_________ are external forces that jeopardize security. Ans: Threats

_________ are methods used by attackers. Ans: Threat Vectors

_________ are the combination of a threat and a vulnerability. Ans:
Risks

We rank risks by _________ and _________. Ans: Likelihood and
impact

, Page | 2

_________ use subjective ratings to evaluate risk likelihood and impact.
Ans: Qualitative Risk Assessment

_________ use objective numeric ratings to evaluate risk likelihood and
impact. Ans: Quantitative Risk Assessment

_________ analyzes and implements possible responses to control risk.
Ans: Risk Treatment

_________ changes business practices to make a risk irrelevant. Ans:
Risk Avoidance

_________ reduces the likelihood or impact of a risk. Ans: Risk
Mitigation

An organization's _________ is the set of risks that it faces. Ans: Risk
Profile

_________ Initial Risk of an organization. Ans: Inherent Risk

_________ Risk that remains in an organization after controls. Ans:
Residual Risk

_________ is the level of risk an organization is willing to accept. Ans:
Risk Tolerance

_________ reduce the likelihood or impact of a risk and help identify
issues. Ans: Security Controls

_________ stop a security issue from occurring. Ans: Preventive
Control

, Page | 3

_________ identify security issues requiring investigation. Ans:
Detective Control

_________ remediate security issues that have occurred. Ans:
Recovery Control

Hardening == Preventative Ans: Virus == Detective

Backups == Recovery Ans: For exam (Local and Technical Controls are
the same)

_________ use technology to achieve control objectives. Ans: Technical
Controls

_________ use processes to achieve control objectives. Ans:
Administrative Controls

_________ impact the physical world. Ans: Physical Controls

_________ tracks specific device settings. Ans: Configuration
Management

_________ provide a configuration snapshot. Ans: Baselines (track
changes)

_________ assigns numbers to each version. Ans: Versioning

_________ serve as important configuration artifacts. Ans: Diagrams

_________ and _________ help ensure a stable operating environment.
Ans: Change and Configuration Management

, Page | 4

Purchasing an insurance policy is an example of which risk management
strategy? Ans: Risk Transference

What two factors are used to evaluate a risk? Ans: Likelihood and
Impact

What term best describes making a snapshot of a system or application
at a point in time for later comparison? Ans: Baselining

What type of security control is designed to stop a security issue from
occurring in the first place? Ans: Preventive

What term describes risks that originate inside the organization? Ans:
Internal

What four items belong to the security policy framework? Ans: Policies,
Standards, Guidelines, Procedures

_________ describe an organization's security expectations. Ans:
Policies (mandatory and approved at the highest level of an organization)

_________ describe specific security controls and are often derived from
policies. Ans: Standards (mandatory)

_________ describe best practices. Ans: Guidelines
(recommendations/advice and compliance is not mandatory)

_________ step-by-step instructions. Ans: Procedures (not mandatory)

_________ describe authorized uses of technology. Ans: Acceptable
Use Policies (AUP)