ISC2 CC Exam UPDATED Study Guide
QUESTIONS AND CORRECT ANSWERS
CIA Triad - CORRECT ANSWERS Confidentiality, Integrity, Availability
Type 1 MFA - CORRECT ANSWERS Something you know (PINs, passwords)
Type 2 MFA - CORRECT ANSWERS Spmething you have (Passport, ID, cards, cookies)
Type 3 MFA - CORRECT ANSWERS Something you are (biometrics)
Type 4 MFA - CORRECT ANSWERS Somewhere you are (IP, MAC)
Type 5 MFA - CORRECT ANSWERS Something you do (signature)
Single sign-on (SSO) - CORRECT ANSWERS Using one authentication credential to access
multiple accounts or applications.
Vector - CORRECT ANSWERS Method of attack
Qualitative Risk Assessment - CORRECT ANSWERS Uses subjective ratings to evaluate risk
likelihood and impact
Quantative Risk Assessment - CORRECT ANSWERS Uses objective numeric bratings to
evaluate
Risk Avoidance - CORRECT ANSWERS Change buisiness practice
Risk Transfer - CORRECT ANSWERS Insurance policy
Risk Mitigation - CORRECT ANSWERS Reduce likelihood and impact
, Risk Acceptance - CORRECT ANSWERS Continue in the face of risks
Risk Tolerance - CORRECT ANSWERS Risk level to accept
3 types of security controls - CORRECT ANSWERS Administrative, Technical, Physical
Baseline - CORRECT ANSWERS set of security controls to provide configuration (snapshot)
Policies - CORRECT ANSWERS describe organizations security expectations
Standards - CORRECT ANSWERS describe specific security controls
Guidelines - CORRECT ANSWERS describe best practices
Procedures - CORRECT ANSWERS step by step instructions
RAID 1 - CORRECT ANSWERS disk mirroring
RAID 5 - CORRECT ANSWERS disk striping with parity
Initial response goals of disaster recovery - CORRECT ANSWERS -contain damage
-recover operations
Recovery Time Objective (RTO) - CORRECT ANSWERS The length of time it will take to
recover the data that has been backed up.
Recovery Point Objective (RPO) - CORRECT ANSWERS the amount of data the organization
needs to recover
Recovery Service Level (RSL) - CORRECT ANSWERS percentage of service to restore
QUESTIONS AND CORRECT ANSWERS
CIA Triad - CORRECT ANSWERS Confidentiality, Integrity, Availability
Type 1 MFA - CORRECT ANSWERS Something you know (PINs, passwords)
Type 2 MFA - CORRECT ANSWERS Spmething you have (Passport, ID, cards, cookies)
Type 3 MFA - CORRECT ANSWERS Something you are (biometrics)
Type 4 MFA - CORRECT ANSWERS Somewhere you are (IP, MAC)
Type 5 MFA - CORRECT ANSWERS Something you do (signature)
Single sign-on (SSO) - CORRECT ANSWERS Using one authentication credential to access
multiple accounts or applications.
Vector - CORRECT ANSWERS Method of attack
Qualitative Risk Assessment - CORRECT ANSWERS Uses subjective ratings to evaluate risk
likelihood and impact
Quantative Risk Assessment - CORRECT ANSWERS Uses objective numeric bratings to
evaluate
Risk Avoidance - CORRECT ANSWERS Change buisiness practice
Risk Transfer - CORRECT ANSWERS Insurance policy
Risk Mitigation - CORRECT ANSWERS Reduce likelihood and impact
, Risk Acceptance - CORRECT ANSWERS Continue in the face of risks
Risk Tolerance - CORRECT ANSWERS Risk level to accept
3 types of security controls - CORRECT ANSWERS Administrative, Technical, Physical
Baseline - CORRECT ANSWERS set of security controls to provide configuration (snapshot)
Policies - CORRECT ANSWERS describe organizations security expectations
Standards - CORRECT ANSWERS describe specific security controls
Guidelines - CORRECT ANSWERS describe best practices
Procedures - CORRECT ANSWERS step by step instructions
RAID 1 - CORRECT ANSWERS disk mirroring
RAID 5 - CORRECT ANSWERS disk striping with parity
Initial response goals of disaster recovery - CORRECT ANSWERS -contain damage
-recover operations
Recovery Time Objective (RTO) - CORRECT ANSWERS The length of time it will take to
recover the data that has been backed up.
Recovery Point Objective (RPO) - CORRECT ANSWERS the amount of data the organization
needs to recover
Recovery Service Level (RSL) - CORRECT ANSWERS percentage of service to restore
