ISACA CYBERSECURITY
FUNDAMENTALS CERTIFICATION
EXAM LATEST UPDATE
Nonrepudiation - ANSWER --Def: ensuring that a message or other piece of information is
genuine
Examples: digital signatures and transaction logs
Confidentiality - ANSWER --Protection from unauthorized access
integrity - ANSWER --Protection from unauthorized modification
Availability - ANSWER --protection from disruptions in access
Cybersecurity - ANSWER --the protection of information assets (digital assets) by
addressing threats to information processed, stored, and transported by internetworked
information systems
NIST Functions to Protect Digital Assets - ANSWER --IPDRR
1) Identify
2) Protect
,3) Detect
4) Respond
5) Recover
Risk - ANSWER --combination of the probability of an event and its consequences,
mitigated through controls
Threat - ANSWER --Anything that is capable of acting against an asset in a harmful
manner
Asset - ANSWER --something of either tangible or intangible value that is worth protecting
Vulnerability - ANSWER --A weakness in the design, implementation, operation or internal
control of a process that could expose the system to adverse threats from threat events
Attack Attributes - ANSWER --1) Attack Vector
2) Payload
3) Exploit
4) Vulnerability
5) Target (Asset)
Threat Process - ANSWER --1) Perform reconnaissance (gathering information)
2) Create attack tools
3) Deliver malicious capabilities
4) Exploit and compromise
, 5) Conduct an attack
6) Achieve results
7) Maintain a presence or set of capabilities
8) Coordinate a campaign
Malware - ANSWER --Def: software designed to infiltrate or damage a computer system
without the user's informed consent
Examples: Viruses, network worms, Trojan horses
Policies - ANSWER --communicate required and prohibited activities and behaviors
Standards - ANSWER --Interpret policies in specific situations
Procedures - ANSWER --Provide details on how to comply with policies and standards
Guidelines - ANSWER --Provide general guidance on issues; not requirements but strongly
recommended
Defense in Depth - ANSWER --Layering defenses to provide added protection
Types:
1) Concentric rings
2) Overlapping Redundancy
3) Segregation
FUNDAMENTALS CERTIFICATION
EXAM LATEST UPDATE
Nonrepudiation - ANSWER --Def: ensuring that a message or other piece of information is
genuine
Examples: digital signatures and transaction logs
Confidentiality - ANSWER --Protection from unauthorized access
integrity - ANSWER --Protection from unauthorized modification
Availability - ANSWER --protection from disruptions in access
Cybersecurity - ANSWER --the protection of information assets (digital assets) by
addressing threats to information processed, stored, and transported by internetworked
information systems
NIST Functions to Protect Digital Assets - ANSWER --IPDRR
1) Identify
2) Protect
,3) Detect
4) Respond
5) Recover
Risk - ANSWER --combination of the probability of an event and its consequences,
mitigated through controls
Threat - ANSWER --Anything that is capable of acting against an asset in a harmful
manner
Asset - ANSWER --something of either tangible or intangible value that is worth protecting
Vulnerability - ANSWER --A weakness in the design, implementation, operation or internal
control of a process that could expose the system to adverse threats from threat events
Attack Attributes - ANSWER --1) Attack Vector
2) Payload
3) Exploit
4) Vulnerability
5) Target (Asset)
Threat Process - ANSWER --1) Perform reconnaissance (gathering information)
2) Create attack tools
3) Deliver malicious capabilities
4) Exploit and compromise
, 5) Conduct an attack
6) Achieve results
7) Maintain a presence or set of capabilities
8) Coordinate a campaign
Malware - ANSWER --Def: software designed to infiltrate or damage a computer system
without the user's informed consent
Examples: Viruses, network worms, Trojan horses
Policies - ANSWER --communicate required and prohibited activities and behaviors
Standards - ANSWER --Interpret policies in specific situations
Procedures - ANSWER --Provide details on how to comply with policies and standards
Guidelines - ANSWER --Provide general guidance on issues; not requirements but strongly
recommended
Defense in Depth - ANSWER --Layering defenses to provide added protection
Types:
1) Concentric rings
2) Overlapping Redundancy
3) Segregation
