©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
Official (ISC)² CISSP (All Domains) Exam
Study Guide.
Administrative Controls - answer✔Procedures implemented to define the roles, responsibilities,
policies, and administrative functions needed to manage the control environment.
Annualized Rate of Occurrence (ARO) - answer✔An estimate of how often a threat will be
successful in exploiting a vulnerability over the period of a year.
Arms Export Control Act of 1976 - answer✔Authorizes the President to designate those items
that shall be considered as defense articles and defense services and control their import and
the export.
Availability - answer✔The principle that ensures that information is available and accessible to
users when needed.
Breach - answer✔An incident that results in the disclosure or potential exposure of data.
Compensating Controls - answer✔Controls that substitute for the loss of primary controls and
mitigate risk down to an acceptable level.
Compliance - answer✔Actions that ensure behavior that complies with established rules.
Confidentiality - answer✔Supports the principle of "least privilege" by providing that only
authorized individuals, processes, or systems should have access to information on a need-to-
know basis.
Copyright - answer✔Covers the expression of ideas rather than the ideas themselves; it usually
protects artistic property such as writing, recordings, databases, and computer programs.
Corrective: Controls - answer✔Controls implemented to remedy circumstance, mitigate
damage, or restore controls.
Data Disclosure - answer✔A breach for which it was confirmed that data was actually disclosed
(not just exposed) to an unauthorized party.
1|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
Detective Controls - answer✔Controls designed to signal a warning when a security control has
been breached.
Deterrent Controls - answer✔Controls designed to discourage people from violating security
directives.
Directive Controls - answer✔Controls designed to specify acceptable rules of behavior within an
organization.
Due Care - answer✔The care a "reasonable person" would exercise under given circumstances.
Due Diligence - answer✔Is similar to due care with the exception that it is a pre-emptive
measure made to avoid harm to other persons or their property.
Enterprise Risk Management - answer✔A process designed to identify potential events that
may affect the entity, manage risk so it is within its risk appetite, and provide reasonable
assurance regarding the achievement of entity objectives.
Export Administration Act of 1979 - answer✔Authorized the President to regulate exports of
civilian goods and technologies that have military applications.
Governance - answer✔Ensures the business focuses on core activities, clarifies who in the
organization has the authority to make decisions, determines accountability for actions and
responsibility for outcomes, and addresses how expected performance will be evaluated.
Incident - answer✔A security event that compromises the confidentiality, integrity, or
availability of an information asset.
Integrity - answer✔Comes in two forms; making sure that information is processed correctly
and not modified by unauthorized persons, and protecting information as it transits a network.
Information Security Officer - answer✔Accountable for ensuring the protection of all of the
business information assets from intentional and unintentional loss, disclosure, alteration,
destruction, and unavailability.
Least Privilege - answer✔Granting users only the accesses that are required to perform their
job functions.
Logical (Technical) Controls - answer✔Electronic hardware and software solutions implemented
to control access to information and information networks.
Patent - answer✔Protects novel, useful, and nonobvious inventions.
2|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
Physical Controls - answer✔Controls to protect the organization's people and physical
environment, such as locks, fire management, gates, and guards; physical controls may be
called "operational controls" in some contexts.
Preventive Controls - answer✔Controls implemented to prevent a security incident or
information breach.
Recovery Controls - answer✔Controls implemented to restore conditions to normal after a
security incident.
Recovery Time Objective (RTO) - answer✔How quickly you need to have that application's
information available after downtime has occurred.
Recovery Point Objective (RPO) - answer✔The point in time to which data must be restored in
order to successfully resume processing.
Risk - answer✔1. A combination of the probability of an event and its consequence (ISO 27000)
2. An expectation of loss expressed as the probability that a particular threat will exploit a
particular vulnerability with a particular harmful result.(RFC 2828)
Risk Acceptance - answer✔The practice of accepting certain risk(s), typically based on a
business decision that may also weigh the cost versus the benefit of dealing with the risk in
another way.
Risk Avoidance - answer✔The practice of coming up with alternatives so that the risk in
question is not realized.
Risk Mitigation - answer✔The practice of the elimination of or the significant decrease in the
level of risk presented.
Risk Transfer - answer✔The practice of passing on the risk in question to another entity, such as
an insurance company.
Risk Management - answer✔A systematic process for identifying, analyzing, evaluating,
remedying, and monitoring risk.
Single Loss Expectancy (SLE) - answer✔Defined as the difference between the original value and
the remaining value of an asset after a single exploit.
Single Points of Failure (SPOF) - answer✔Any single input to a process that, if missing, would
cause the process or several processes to be unable to function.
3|Page
ALL RIGHTS RESERVED.
Official (ISC)² CISSP (All Domains) Exam
Study Guide.
Administrative Controls - answer✔Procedures implemented to define the roles, responsibilities,
policies, and administrative functions needed to manage the control environment.
Annualized Rate of Occurrence (ARO) - answer✔An estimate of how often a threat will be
successful in exploiting a vulnerability over the period of a year.
Arms Export Control Act of 1976 - answer✔Authorizes the President to designate those items
that shall be considered as defense articles and defense services and control their import and
the export.
Availability - answer✔The principle that ensures that information is available and accessible to
users when needed.
Breach - answer✔An incident that results in the disclosure or potential exposure of data.
Compensating Controls - answer✔Controls that substitute for the loss of primary controls and
mitigate risk down to an acceptable level.
Compliance - answer✔Actions that ensure behavior that complies with established rules.
Confidentiality - answer✔Supports the principle of "least privilege" by providing that only
authorized individuals, processes, or systems should have access to information on a need-to-
know basis.
Copyright - answer✔Covers the expression of ideas rather than the ideas themselves; it usually
protects artistic property such as writing, recordings, databases, and computer programs.
Corrective: Controls - answer✔Controls implemented to remedy circumstance, mitigate
damage, or restore controls.
Data Disclosure - answer✔A breach for which it was confirmed that data was actually disclosed
(not just exposed) to an unauthorized party.
1|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
Detective Controls - answer✔Controls designed to signal a warning when a security control has
been breached.
Deterrent Controls - answer✔Controls designed to discourage people from violating security
directives.
Directive Controls - answer✔Controls designed to specify acceptable rules of behavior within an
organization.
Due Care - answer✔The care a "reasonable person" would exercise under given circumstances.
Due Diligence - answer✔Is similar to due care with the exception that it is a pre-emptive
measure made to avoid harm to other persons or their property.
Enterprise Risk Management - answer✔A process designed to identify potential events that
may affect the entity, manage risk so it is within its risk appetite, and provide reasonable
assurance regarding the achievement of entity objectives.
Export Administration Act of 1979 - answer✔Authorized the President to regulate exports of
civilian goods and technologies that have military applications.
Governance - answer✔Ensures the business focuses on core activities, clarifies who in the
organization has the authority to make decisions, determines accountability for actions and
responsibility for outcomes, and addresses how expected performance will be evaluated.
Incident - answer✔A security event that compromises the confidentiality, integrity, or
availability of an information asset.
Integrity - answer✔Comes in two forms; making sure that information is processed correctly
and not modified by unauthorized persons, and protecting information as it transits a network.
Information Security Officer - answer✔Accountable for ensuring the protection of all of the
business information assets from intentional and unintentional loss, disclosure, alteration,
destruction, and unavailability.
Least Privilege - answer✔Granting users only the accesses that are required to perform their
job functions.
Logical (Technical) Controls - answer✔Electronic hardware and software solutions implemented
to control access to information and information networks.
Patent - answer✔Protects novel, useful, and nonobvious inventions.
2|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
Physical Controls - answer✔Controls to protect the organization's people and physical
environment, such as locks, fire management, gates, and guards; physical controls may be
called "operational controls" in some contexts.
Preventive Controls - answer✔Controls implemented to prevent a security incident or
information breach.
Recovery Controls - answer✔Controls implemented to restore conditions to normal after a
security incident.
Recovery Time Objective (RTO) - answer✔How quickly you need to have that application's
information available after downtime has occurred.
Recovery Point Objective (RPO) - answer✔The point in time to which data must be restored in
order to successfully resume processing.
Risk - answer✔1. A combination of the probability of an event and its consequence (ISO 27000)
2. An expectation of loss expressed as the probability that a particular threat will exploit a
particular vulnerability with a particular harmful result.(RFC 2828)
Risk Acceptance - answer✔The practice of accepting certain risk(s), typically based on a
business decision that may also weigh the cost versus the benefit of dealing with the risk in
another way.
Risk Avoidance - answer✔The practice of coming up with alternatives so that the risk in
question is not realized.
Risk Mitigation - answer✔The practice of the elimination of or the significant decrease in the
level of risk presented.
Risk Transfer - answer✔The practice of passing on the risk in question to another entity, such as
an insurance company.
Risk Management - answer✔A systematic process for identifying, analyzing, evaluating,
remedying, and monitoring risk.
Single Loss Expectancy (SLE) - answer✔Defined as the difference between the original value and
the remaining value of an asset after a single exploit.
Single Points of Failure (SPOF) - answer✔Any single input to a process that, if missing, would
cause the process or several processes to be unable to function.
3|Page
