Official (ISC)² CISSP - Domain 1:
Security and Risk Management Exam
2025 Questions and Answers
Administrative Controls - ANSWER✔✔-Procedures implemented to define the roles,
responsibilities, policies, and administrative functions needed to manage the control environment.
Annualized Rate of Occurrence (ARO) - ANSWER✔✔-An estimate of how often a threat will be
successful in exploiting a vulnerability over the period of a year.
Arms Export Control Act of 1976 - ANSWER✔✔-Authorizes the President to designate those
items that shall be considered as defense articles and defense services and control their import and
the export.
Availability - ANSWER✔✔-The principle that ensures that information is available and accessible to
users when needed.
Breach - ANSWER✔✔-An incident that results in the disclosure or potential exposure of data.
Compensating Controls - ANSWER✔✔-Controls that substitute for the loss of primary controls
and mitigate risk down to an acceptable level.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 1
, Compliance - ANSWER✔✔-Actions that ensure behavior that complies with established rules.
Confidentiality - ANSWER✔✔-Supports the principle of "least privilege" by providing that only
authorized individuals, processes, or systems should have access to information on a need-to-know
basis.
Copyright - ANSWER✔✔-Covers the expression of ideas rather than the ideas themselves; it
usually protects artistic property such as writing, recordings, databases, and computer programs.
Corrective: Controls - ANSWER✔✔-Controls implemented to remedy circumstance, mitigate
damage, or restore controls.
Data Disclosure - ANSWER✔✔-A breach for which it was confirmed that data was actually
disclosed (not just exposed) to an unauthorized party.
Detective Controls - ANSWER✔✔-Controls designed to signal a warning when a security control
has been breached.
Deterrent Controls - ANSWER✔✔-Controls designed to discourage people from violating security
directives.
Directive Controls - ANSWER✔✔-Controls designed to specify acceptable rules of behavior within
an organization.
Due Care - ANSWER✔✔-The care a "reasonable person" would exercise under given
circumstances.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 2
Security and Risk Management Exam
2025 Questions and Answers
Administrative Controls - ANSWER✔✔-Procedures implemented to define the roles,
responsibilities, policies, and administrative functions needed to manage the control environment.
Annualized Rate of Occurrence (ARO) - ANSWER✔✔-An estimate of how often a threat will be
successful in exploiting a vulnerability over the period of a year.
Arms Export Control Act of 1976 - ANSWER✔✔-Authorizes the President to designate those
items that shall be considered as defense articles and defense services and control their import and
the export.
Availability - ANSWER✔✔-The principle that ensures that information is available and accessible to
users when needed.
Breach - ANSWER✔✔-An incident that results in the disclosure or potential exposure of data.
Compensating Controls - ANSWER✔✔-Controls that substitute for the loss of primary controls
and mitigate risk down to an acceptable level.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 1
, Compliance - ANSWER✔✔-Actions that ensure behavior that complies with established rules.
Confidentiality - ANSWER✔✔-Supports the principle of "least privilege" by providing that only
authorized individuals, processes, or systems should have access to information on a need-to-know
basis.
Copyright - ANSWER✔✔-Covers the expression of ideas rather than the ideas themselves; it
usually protects artistic property such as writing, recordings, databases, and computer programs.
Corrective: Controls - ANSWER✔✔-Controls implemented to remedy circumstance, mitigate
damage, or restore controls.
Data Disclosure - ANSWER✔✔-A breach for which it was confirmed that data was actually
disclosed (not just exposed) to an unauthorized party.
Detective Controls - ANSWER✔✔-Controls designed to signal a warning when a security control
has been breached.
Deterrent Controls - ANSWER✔✔-Controls designed to discourage people from violating security
directives.
Directive Controls - ANSWER✔✔-Controls designed to specify acceptable rules of behavior within
an organization.
Due Care - ANSWER✔✔-The care a "reasonable person" would exercise under given
circumstances.
FOR STUDY PURPOSES ONLY COPYRIGHT © 2025 ALL RIGHTS RESERVED 2
