2
(ISC)2 Certified in Cybersecurity Exam Prep questions
|| || || || || || || ||
with accurate solutions
|| ||
Document specific requirements that a customer has about any aspect of a vendor's service
|| || || || || || || || || || || || || ||
performance.
A) DLR
||
B) Contract
||
C) SLR
||
D) NDA - ✔✔C) SLR (Service-Level Requirements)
|| || || || || ||
_________ identifies and triages risks. - ✔✔Risk Assessment
|| || || || || || ||
_________ are external forces that jeopardize security. - ✔✔Threats
|| || || || || || || ||
_________ are methods used by attackers. - ✔✔Threat Vectors
|| || || || || || || ||
_________ are the combination of a threat and a vulnerability. - ✔✔Risks
|| || || || || || || || || || ||
We rank risks by _________ and _________. - ✔✔Likelihood and impact
|| || || || || || || || || ||
_________ use subjective ratings to evaluate risk likelihood and impact. - ✔✔Qualitative Risk
|| || || || || || || || || || || || ||
Assessment
_________ use objective numeric ratings to evaluate risk likelihood and impact. -
|| || || || || || || || || || || ||
✔✔Quantitative Risk Assessment || ||
,2
_________ analyzes and implements possible responses to control risk. - ✔✔Risk Treatment
|| || || || || || || || || || ||
_________ changes business practices to make a risk irrelevant. - ✔✔Risk Avoidance
|| || || || || || || || || || ||
_________ reduces the likelihood or impact of a risk. - ✔✔Risk Mitigation
|| || || || || || || || || || ||
An organization's _________ is the set of risks that it faces. - ✔✔Risk Profile
|| || || || || || || || || || || || ||
_________ Initial Risk of an organization. - ✔✔Inherent Risk
|| || || || || || || ||
_________ Risk that remains in an organization after controls. - ✔✔Residual Risk
|| || || || || || || || || || ||
_________ is the level of risk an organization is willing to accept. - ✔✔Risk Tolerance
|| || || || || || || || || || || || || ||
_________ reduce the likelihood or impact of a risk and help identify issues. - ✔✔Security
|| || || || || || || || || || || || || || ||
Controls
_________ stop a security issue from occurring. - ✔✔Preventive Control
|| || || || || || || || ||
_________ identify security issues requiring investigation. - ✔✔Detective Control
|| || || || || || || ||
_________ remediate security issues that have occurred. - ✔✔Recovery Control
|| || || || || || || || ||
Hardening == Preventative - ✔✔Virus == Detective
|| || || || || ||
Backups == Recovery - ✔✔For exam (Local and Technical Controls are the same)
|| || || || || || || || || || || ||
,2
_________ use technology to achieve control objectives. - ✔✔Technical Controls
|| || || || || || || || ||
_________ use processes to achieve control objectives. - ✔✔Administrative Controls
|| || || || || || || || ||
_________ impact the physical world. - ✔✔Physical Controls
|| || || || || || ||
_________ tracks specific device settings. - ✔✔Configuration Management
|| || || || || || ||
_________ provide a configuration snapshot. - ✔✔Baselines (track changes)
|| || || || || || || ||
_________ assigns numbers to each version. - ✔✔Versioning
|| || || || || || ||
_________ serve as important configuration artifacts. - ✔✔Diagrams
|| || || || || || ||
_________ and _________ help ensure a stable operating environment. - ✔✔Change and
|| || || || || || || || || || || ||
Configuration Management ||
Purchasing an insurance policy is an example of which risk management strategy? - ✔✔Risk
|| || || || || || || || || || || || || ||
Transference
What two factors are used to evaluate a risk? - ✔✔Likelihood and Impact
|| || || || || || || || || || || ||
What term best describes making a snapshot of a system or application at a point in time for later
|| || || || || || || || || || || || || || || || || || ||
comparison? - ✔✔Baselining || ||
What type of security control is designed to stop a security issue from occurring in the first place?
|| || || || || || || || || || || || || || || || || ||
- ✔✔Preventive
||
, 2
What term describes risks that originate inside the organization? - ✔✔Internal
|| || || || || || || || || ||
What four items belong to the security policy framework? - ✔✔Policies, Standards, Guidelines,
|| || || || || || || || || || || || ||
Procedures
_________ describe an organization's security expectations. - ✔✔Policies (mandatory and
|| || || || || || || || || ||
approved at the highest level of an organization)
|| || || || || || ||
_________ describe specific security controls and are often derived from policies. -
|| || || || || || || || || || || ||
✔✔Standards (mandatory) ||
_________ describe best practices. - ✔✔Guidelines (recommendations/advice and compliance is
|| || || || || || || || || ||
not mandatory)
||
_________ step-by-step instructions. - ✔✔Procedures (not mandatory)
|| || || || || ||
_________ describe authorized uses of technology. - ✔✔Acceptable Use Policies (AUP)
|| || || || || || || || || ||
_________ describe how to protect sensitive information. - ✔✔Data Handling Policies
|| || || || || || || || || ||
_________ cover password security practices. - ✔✔Password Policies
|| || || || || || ||
_________ cover use of personal devices with company information. - ✔✔Bring Your Own
|| || || || || || || || || || || || ||
Device (BYOD) Policies
|| ||
_________ cover the use of personally identifiable information. - ✔✔Privacy Policies
|| || || || || || || || || ||
_________ cover the documentation, approval, and rollback of technology changes. - ✔✔Change
|| || || || || || || || || || ||
Management Policies
|| ||
(ISC)2 Certified in Cybersecurity Exam Prep questions
|| || || || || || || ||
with accurate solutions
|| ||
Document specific requirements that a customer has about any aspect of a vendor's service
|| || || || || || || || || || || || || ||
performance.
A) DLR
||
B) Contract
||
C) SLR
||
D) NDA - ✔✔C) SLR (Service-Level Requirements)
|| || || || || ||
_________ identifies and triages risks. - ✔✔Risk Assessment
|| || || || || || ||
_________ are external forces that jeopardize security. - ✔✔Threats
|| || || || || || || ||
_________ are methods used by attackers. - ✔✔Threat Vectors
|| || || || || || || ||
_________ are the combination of a threat and a vulnerability. - ✔✔Risks
|| || || || || || || || || || ||
We rank risks by _________ and _________. - ✔✔Likelihood and impact
|| || || || || || || || || ||
_________ use subjective ratings to evaluate risk likelihood and impact. - ✔✔Qualitative Risk
|| || || || || || || || || || || || ||
Assessment
_________ use objective numeric ratings to evaluate risk likelihood and impact. -
|| || || || || || || || || || || ||
✔✔Quantitative Risk Assessment || ||
,2
_________ analyzes and implements possible responses to control risk. - ✔✔Risk Treatment
|| || || || || || || || || || ||
_________ changes business practices to make a risk irrelevant. - ✔✔Risk Avoidance
|| || || || || || || || || || ||
_________ reduces the likelihood or impact of a risk. - ✔✔Risk Mitigation
|| || || || || || || || || || ||
An organization's _________ is the set of risks that it faces. - ✔✔Risk Profile
|| || || || || || || || || || || || ||
_________ Initial Risk of an organization. - ✔✔Inherent Risk
|| || || || || || || ||
_________ Risk that remains in an organization after controls. - ✔✔Residual Risk
|| || || || || || || || || || ||
_________ is the level of risk an organization is willing to accept. - ✔✔Risk Tolerance
|| || || || || || || || || || || || || ||
_________ reduce the likelihood or impact of a risk and help identify issues. - ✔✔Security
|| || || || || || || || || || || || || || ||
Controls
_________ stop a security issue from occurring. - ✔✔Preventive Control
|| || || || || || || || ||
_________ identify security issues requiring investigation. - ✔✔Detective Control
|| || || || || || || ||
_________ remediate security issues that have occurred. - ✔✔Recovery Control
|| || || || || || || || ||
Hardening == Preventative - ✔✔Virus == Detective
|| || || || || ||
Backups == Recovery - ✔✔For exam (Local and Technical Controls are the same)
|| || || || || || || || || || || ||
,2
_________ use technology to achieve control objectives. - ✔✔Technical Controls
|| || || || || || || || ||
_________ use processes to achieve control objectives. - ✔✔Administrative Controls
|| || || || || || || || ||
_________ impact the physical world. - ✔✔Physical Controls
|| || || || || || ||
_________ tracks specific device settings. - ✔✔Configuration Management
|| || || || || || ||
_________ provide a configuration snapshot. - ✔✔Baselines (track changes)
|| || || || || || || ||
_________ assigns numbers to each version. - ✔✔Versioning
|| || || || || || ||
_________ serve as important configuration artifacts. - ✔✔Diagrams
|| || || || || || ||
_________ and _________ help ensure a stable operating environment. - ✔✔Change and
|| || || || || || || || || || || ||
Configuration Management ||
Purchasing an insurance policy is an example of which risk management strategy? - ✔✔Risk
|| || || || || || || || || || || || || ||
Transference
What two factors are used to evaluate a risk? - ✔✔Likelihood and Impact
|| || || || || || || || || || || ||
What term best describes making a snapshot of a system or application at a point in time for later
|| || || || || || || || || || || || || || || || || || ||
comparison? - ✔✔Baselining || ||
What type of security control is designed to stop a security issue from occurring in the first place?
|| || || || || || || || || || || || || || || || || ||
- ✔✔Preventive
||
, 2
What term describes risks that originate inside the organization? - ✔✔Internal
|| || || || || || || || || ||
What four items belong to the security policy framework? - ✔✔Policies, Standards, Guidelines,
|| || || || || || || || || || || || ||
Procedures
_________ describe an organization's security expectations. - ✔✔Policies (mandatory and
|| || || || || || || || || ||
approved at the highest level of an organization)
|| || || || || || ||
_________ describe specific security controls and are often derived from policies. -
|| || || || || || || || || || || ||
✔✔Standards (mandatory) ||
_________ describe best practices. - ✔✔Guidelines (recommendations/advice and compliance is
|| || || || || || || || || ||
not mandatory)
||
_________ step-by-step instructions. - ✔✔Procedures (not mandatory)
|| || || || || ||
_________ describe authorized uses of technology. - ✔✔Acceptable Use Policies (AUP)
|| || || || || || || || || ||
_________ describe how to protect sensitive information. - ✔✔Data Handling Policies
|| || || || || || || || || ||
_________ cover password security practices. - ✔✔Password Policies
|| || || || || || ||
_________ cover use of personal devices with company information. - ✔✔Bring Your Own
|| || || || || || || || || || || || ||
Device (BYOD) Policies
|| ||
_________ cover the use of personally identifiable information. - ✔✔Privacy Policies
|| || || || || || || || || ||
_________ cover the documentation, approval, and rollback of technology changes. - ✔✔Change
|| || || || || || || || || || ||
Management Policies
|| ||
