ISC2 CC Exam Domain 2 questions with
|\ |\ |\ |\ |\ |\ |\
answers
Breach - CORRECT ANSWERS ✔✔occurrence where a person
|\ |\ |\ |\ |\ |\ |\ |\
other than the authorized user accesses PII or an authorized
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
person accesses the info for an unauthorized purpose
|\ |\ |\ |\ |\ |\ |\
event - CORRECT ANSWERS ✔✔any observable occurrence in a
|\ |\ |\ |\ |\ |\ |\ |\ |\
net work or system
|\ |\ |\
exploit - CORRECT ANSWERS ✔✔A particular attack. It is named
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
this way because these attacks exploit system vulnerabilities.
|\ |\ |\ |\ |\ |\ |\
incident - CORRECT ANSWERS ✔✔An event that actually or
|\ |\ |\ |\ |\ |\ |\ |\ |\
potentially jeopardizes the confidentiality, integrity or availability
|\ |\ |\ |\ |\ |\ |\
of an information system or the information the system
|\ |\ |\ |\ |\ |\ |\ |\ |\
processes, stores or transmits. |\ |\ |\
intrusion - CORRECT ANSWERS ✔✔A security event, or
|\ |\ |\ |\ |\ |\ |\ |\
combination of security events, that constitutes a security |\ |\ |\ |\ |\ |\ |\ |\
incident in which an intruder gains, or attempts to gain, access to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
a system or system resource without authorization.
|\ |\ |\ |\ |\ |\ |\
threat - CORRECT ANSWERS ✔✔circumstance or event with the
|\ |\ |\ |\ |\ |\ |\ |\ |\
potential to adversely impact org operations, assets, individuals,
|\ |\ |\ |\ |\ |\ |\ |\
other orgs, or the nation through an info system via unauthorized
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
, |\ access, destruction, disclosure, modification of information
|\ |\ |\ |\ |\
|\ and/or DoS |\
vulnerability - CORRECT ANSWERS ✔✔weakness in an info
|\ |\ |\ |\ |\ |\ |\ |\
system, system security procedures, internal controls, or
|\ |\ |\ |\ |\ |\ |\
implementation that could be exploited by a threat source |\ |\ |\ |\ |\ |\ |\ |\
Zero Source - CORRECT ANSWERS ✔✔a previously unknown
|\ |\ |\ |\ |\ |\ |\ |\
system vulnerability with the potential of exploitation without risk
|\ |\ |\ |\ |\ |\ |\ |\
of detection or prevention because it does not, in general, fit
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
recognized patterns, signatures, or methods.
|\ |\ |\ |\
The goal of incident response - CORRECT ANSWERS ✔✔protect
|\ |\ |\ |\ |\ |\ |\ |\ |\
life, health, society
|\ |\
choose safety first when choosing priorities
|\ |\ |\ |\ |\
goal of incident management - CORRECT ANSWERS ✔✔to be
|\ |\ |\ |\ |\ |\ |\ |\ |\
prepared for a crisis |\ |\ |\
incident response plan is aimed at - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔reducing impact of an incident so org can resume interrupted
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
operations ASAP |\
Business continuity planning (BCP) - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\
✔✔proactive development of procedures and controls to restore
|\ |\ |\ |\ |\ |\ |\ |\
business operations after a significant disruption to the org
|\ |\ |\ |\ |\ |\ |\ |\ |\
whether natural or man made |\ |\ |\ |\
|\ |\ |\ |\ |\ |\ |\
answers
Breach - CORRECT ANSWERS ✔✔occurrence where a person
|\ |\ |\ |\ |\ |\ |\ |\
other than the authorized user accesses PII or an authorized
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
person accesses the info for an unauthorized purpose
|\ |\ |\ |\ |\ |\ |\
event - CORRECT ANSWERS ✔✔any observable occurrence in a
|\ |\ |\ |\ |\ |\ |\ |\ |\
net work or system
|\ |\ |\
exploit - CORRECT ANSWERS ✔✔A particular attack. It is named
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
this way because these attacks exploit system vulnerabilities.
|\ |\ |\ |\ |\ |\ |\
incident - CORRECT ANSWERS ✔✔An event that actually or
|\ |\ |\ |\ |\ |\ |\ |\ |\
potentially jeopardizes the confidentiality, integrity or availability
|\ |\ |\ |\ |\ |\ |\
of an information system or the information the system
|\ |\ |\ |\ |\ |\ |\ |\ |\
processes, stores or transmits. |\ |\ |\
intrusion - CORRECT ANSWERS ✔✔A security event, or
|\ |\ |\ |\ |\ |\ |\ |\
combination of security events, that constitutes a security |\ |\ |\ |\ |\ |\ |\ |\
incident in which an intruder gains, or attempts to gain, access to
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
a system or system resource without authorization.
|\ |\ |\ |\ |\ |\ |\
threat - CORRECT ANSWERS ✔✔circumstance or event with the
|\ |\ |\ |\ |\ |\ |\ |\ |\
potential to adversely impact org operations, assets, individuals,
|\ |\ |\ |\ |\ |\ |\ |\
other orgs, or the nation through an info system via unauthorized
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
, |\ access, destruction, disclosure, modification of information
|\ |\ |\ |\ |\
|\ and/or DoS |\
vulnerability - CORRECT ANSWERS ✔✔weakness in an info
|\ |\ |\ |\ |\ |\ |\ |\
system, system security procedures, internal controls, or
|\ |\ |\ |\ |\ |\ |\
implementation that could be exploited by a threat source |\ |\ |\ |\ |\ |\ |\ |\
Zero Source - CORRECT ANSWERS ✔✔a previously unknown
|\ |\ |\ |\ |\ |\ |\ |\
system vulnerability with the potential of exploitation without risk
|\ |\ |\ |\ |\ |\ |\ |\
of detection or prevention because it does not, in general, fit
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
recognized patterns, signatures, or methods.
|\ |\ |\ |\
The goal of incident response - CORRECT ANSWERS ✔✔protect
|\ |\ |\ |\ |\ |\ |\ |\ |\
life, health, society
|\ |\
choose safety first when choosing priorities
|\ |\ |\ |\ |\
goal of incident management - CORRECT ANSWERS ✔✔to be
|\ |\ |\ |\ |\ |\ |\ |\ |\
prepared for a crisis |\ |\ |\
incident response plan is aimed at - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔reducing impact of an incident so org can resume interrupted
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
operations ASAP |\
Business continuity planning (BCP) - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\
✔✔proactive development of procedures and controls to restore
|\ |\ |\ |\ |\ |\ |\ |\
business operations after a significant disruption to the org
|\ |\ |\ |\ |\ |\ |\ |\ |\
whether natural or man made |\ |\ |\ |\
