ISC2 Certified in Cybersecurity (CC) Exam With Complete Solutions

ISC2 Certified in Cybersecurity (CC) Exam With Complete Solutions Adequate Security - answerSecurity commensurate with the risk and the magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of information. Source: OMB Circular A-130 Administrative Controls - answerControls implemented through policy and procedures. Examples include access control processes and requiring multiple personnel to conduct a specific operation. Administrative controls in modern environments are often enforced in conjunction with physical and/or technical controls, such as an access-granting policy for new users that requires login and approval by the hiring manager. Adverse Events - answerEvents with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, defacement of a web page or execution of malicious code that destroys data. Application Programming Interface (API) - answerA set of routines, standards, protocols, and tools for building software applications to access a web-based software application or web tool. Application Server - answerA computer responsible for hosting applications to user workstations. NIST SP 800-82 Rev.2 Artificial Intelligence - answerThe ability of computers and robots to simulate human intelligence and behavior. Asset - answerAnything of value that is owned by an organization. Assets include both tangible items such as information systems and physical property and intangible assets such as intellectual property. Asymmetric Encryption - answerAn algorithm that uses one key to encrypt and a different key to decrypt the input plaintext. Audit - answerIndependent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. NIST SP 1800-15B Authentication - answerAccess control process validating that the identity being claimed by a user or entity is known to the system, by comparing one (single-factor or SFA) or more (multi- factor authentication or MFA) factors of identification. Authorization - answerThe right or a permission that is granted to a system entity to access a system resource. NIST 800-82 Rev.2 Availability - answerEnsuring timely and reliable access to and use of information by authorized users. Baseline - answerA documented, lowest level of security configuration allowed by a standard or organization. Biometric - answerBiological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns. Bit - answerThe most essential representation of data (zero or one) at Layer 1 of the Open Systems Interconnection (OSI) model. Bot - answerMalicious code that acts like a remotely controlled "robot" for an attacker, with other Trojan and worm capabilities. Breach - answerThe loss of control, compromise, unauthorized disclosure, unauthorized acquisition or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose. Source: NIST SP 800- 53 Rev. 5 Broadcast - answerBroadcast transmission is a one-to-many (one-to-everyone) form of sending internet traffic. Business Continuity (BC) - answerActions, processes and tools for ensuring an organization can continue critical operations during a contingency. Business Continuity Plan (BCP) - answerThe documentation of a predetermined set of instructions or procedures that describe how an organization's mission/business processes will be sustained during and after a significant disruption. Business Impact Analysis (BIA) - answerAn analysis of an information system's requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption. NIST SP 800-34 Rev. 1 Byte - answerThe byte is a unit of digital information that most commonly consists of eight bits. Checksum - answerA digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data. Ciphertext - answerThe altered form of a plaintext message so it is unreadable for anyone except the intended recipients. In other words, it has been turned into a secret. Classification - answerClassification identifies the degree of harm to the organization, its stakeholders or others that might result if an information asset is divulged to an unauthorized person, process or organization. In short, classification is focused first and foremost on maintaining the confidentiality of the data, based on the data sensitivity. Classified or Sensitive Information - answerInformation that has been determined to require protection against unauthorized disclosure and is marked to indicate its classified status and classification level when in documentary form. Cloud Computing - answerA model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. NIST 800-145 Community Cloud - answerA system in w