Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

Your Ultimate Guide to Mastering the (ISC)² Certified in Cybersecurity Exam: Strategies for Success. Top Rated Exam Study Guide Latest Updated Exam Study Guide 2025/2026.

Puntuación
-
Vendido
-
Páginas
51
Grado
A+
Subido en
14-07-2025
Escrito en
2024/2025

Your Ultimate Guide to Mastering the (ISC)² Certified in Cybersecurity Exam: Strategies for Success. Top Rated Exam Study Guide Latest Updated Exam Study Guide 2025/2026.

Institución
CCISO - Certified Chief Information Security Officer
Grado
CCISO - Certified Chief Information Security Officer

Vista previa del contenido

Your Ultimate Guide to Mastering the (ISC)² Certified
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
Document specific requirements that a customer has about any aspect of a vendor's service
performance.

A) DLR
B) Contract
C) SLR
D) NDA - ANSC) SLR (Service-Level Requirements)
_________ identifies and triages risks. - ANSRisk Assessment
_________ are external forces that jeopardize security. - ANSThreats
_________ are methods used by attackers. - ANSThreat Vectors
_________ are the combination of a threat and a vulnerability. - ANSRisks
We rank risks by _________ and _________. - ANSLikelihood and impact
_________ use subjective ratings to evaluate risk likelihood and impact. - ANSQualitative
Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood and impact. -
ANSQuantitative Risk Assessment
_________ analyzes and implements possible responses to control risk. - ANSRisk Treatment
_________ changes business practices to make a risk irrelevant. - ANSRisk Avoidance
_________ reduces the likelihood or impact of a risk. - ANSRisk Mitigation
An organization's _________ is the set of risks that it faces. - ANSRisk Profile
_________ Initial Risk of an organization. - ANSInherent Risk
_________ Risk that remains in an organization after controls. - ANSResidual Risk
_________ is the level of risk an organization is willing to accept. - ANSRisk Tolerance
_________ reduce the likelihood or impact of a risk and help identify issues. - ANSSecurity
Controls
_________ stop a security issue from occurring. - ANSPreventive Control
_________ identify security issues requiring investigation. - ANSDetective Control
_________ remediate security issues that have occurred. - ANSRecovery Control
Hardening == Preventative - ANSVirus == Detective
Backups == Recovery - ANSFor exam (Local and Technical Controls are the same)
_________ use technology to achieve control objectives. - ANSTechnical Controls
_________ use processes to achieve control objectives. - ANSAdministrative Controls
_________ impact the physical world. - ANSPhysical Controls
_________ tracks specific device settings. - ANSConfiguration Management
_________ provide a configuration snapshot. - ANSBaselines (track changes)
_________ assigns numbers to each version. - ANSVersioning
_________ serve as important configuration artifacts. - ANSDiagrams
_________ and _________ help ensure a stable operating environment. - ANSChange and
Configuration Management
Purchasing an insurance policy is an example of which risk management strategy? -
ANSRisk Transference
What two factors are used to evaluate a risk? - ANSLikelihood and Impact
What term best describes making a snapshot of a system or application at a point in time for
later comparison? - ANSBaselining
What type of security control is designed to stop a security issue from occurring in the first
place? - ANSPreventive
What term describes risks that originate inside the organization? - ANSInternal

,Your Ultimate Guide to Mastering the (ISC)² Certified
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
What four items belong to the security policy framework? - ANSPolicies, Standards,
Guidelines, Procedures
_________ describe an organization's security expectations. - ANSPolicies (mandatory and
approved at the highest level of an organization)
_________ describe specific security controls and are often derived from policies. -
ANSStandards (mandatory)
_________ describe best practices. - ANSGuidelines (recommendations/advice and
compliance is not mandatory)
_________ step-by-step instructions. - ANSProcedures (not mandatory)
_________ describe authorized uses of technology. - ANSAcceptable Use Policies (AUP)
_________ describe how to protect sensitive information. - ANSData Handling Policies
_________ cover password security practices. - ANSPassword Policies
_________ cover use of personal devices with company information. - ANSBring Your Own
Device (BYOD) Policies
_________ cover the use of personally identifiable information. - ANSPrivacy Policies
_________ cover the documentation, approval, and rollback of technology changes. -
ANSChange Management Policies
Which element of the security policy framework includes suggestions that are not
mandatory? - ANSGuidelines
What law applies to the use of personal information belonging to European Union residents?
- ANSGDPR
What type of security policy normally describes how users may access business information
with their own devices? - ANSBYOD Policy
_________ the set of controls designed to keep a business running in the face of adversity,
whether natural or man-made. - ANSBusiness Continuity Planning (BCP)
BCP is also known as _________. - ANSContinuity of Operations Planning (COOP)
Defining the BCP Scope: - ANSWhat business activities will the plan cover? What systems
will it cover? What controls will it consider?
_________ identifies and prioritizes risks. - ANSBusiness Impact Assessment
BCP in the cloud requires _________ between providers and customers. - ANSCollaboration
_________ protects against the failure of a single component. - ANSRedundancy
_________ identifies and removes SPOFs. - ANSSingle Point of Failure Analysis
_________ continues until the cost of addressing risks outweighs the benefit. - ANSSPOF
Analysis
_________ uses multiple systems to protect against service failure. - ANSHigh Availability
_________ makes a single system resilient against technical failures. - ANSFault Tolerance
_________ spreads demand across systems. - ANSLoad Balancing
3 Common Points of Failure in a system. - ANSPower Supply, Storage Media, Networking
Disk Mirroring is which RAID level? - ANS1
Disk striping with parity is which RAID level? - ANS5 (uses 3 or more disks to store data)
What goal of security is enhanced by a strong business continuity program? -
ANSAvailability
What is the minimum number of disk required to perform RAID level 5? - ANS3
What type of control are we using if we supplement a single firewall with a second standby
firewall ready to assume responsibility if the primary firewall fails? - ANSHigh Availability
_________ provide structure during cybersecurity incidents. - ANSIncident Response Plan

,Your Ultimate Guide to Mastering the (ISC)² Certified
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
_________ describe the policies and procedures governing cybersecurity incidents. -
ANSIncident Response Plans
_________ leads to strong incident response. - ANSPrior Planning
Incident Response Plans should include: - ANSStatement of Purpose, Strategies and goals for
incident response, Approach to incident response, Communication with other groups, Senior
leadership approval
_________ should be consulted when developing a plan. - ANSNIST SP 800-61
Incident response teams must have personnel available _________. - ANS24/7
_________ is crucial to effective incident identification. - ANSMonitoring
_________ security solution that collects information from diverse sources, analyzes it for
signs for security incidents and retains it for later use. - ANSSecurity Incident and Event
Management (SIEM)
The highest priority of a first responder must be containing damage through _________. -
ANSIsolation
During an incident response, what is the highest priority of first responders? -
ANSContaining the damage
You are normally required to report security incidents to law enforcement if you believe a
law may have been violated. True or False - ANSFalse
_________ restores normal operations as quickly as possible. - ANSDisaster Recovery
What are the initial response goals regarding Disaster Recovery? - ANSContain the Damage,
Recover normal operations
_________ is the amount of time to restore service. - ANSRecovery Time Objective (RTO)
_________ is the amount of data to recover. - ANSRecovery Point Objective (RPO)
_________ is the percentage of service to restore. - ANSRecovery Service Level (RSL)
_________ provide a data "safety net" - ANSBackups
Types of Backup Media: - ANSTape backups, Disk-to-disk backups, Cloud backups
_________ include a complete copy of all data. - ANSFull Backups
_________ are types of full backups. - ANSSnapshots and Images
_________ include all data modified since the last full backup. - ANSDifferential Backups
_________ include all data modified since the last full or incremental backup. -
ANSIncremental Backups
Joe performs full backups every Sunday evening and differential backups every weekday
evening. His system fails on Friday morning. What backups does he restore? - ANSSunday's
FULL backup (To establish a base), Thursday's differential backup (To grab the latest data
change)
Joe performs full backups every Sunday evening and incremental backups every weekday
evening. His system fails on Friday morning. What backups does he restore? - ANSSunday's
FULL backup (To establish a base), Monday, Tuesday, Wednesday, and Thursday
incremental backups
_________ provide alternate data processing. - ANSDisaster Recovery Sites
Disaster Recovery Facility Sites: - ANSHot Site, Cold Site, Warm Site
_________ fully operational data centers stock with equipment an data and are available at a
moment's notice. Very expensive. - ANSHot Site
_________ empty data centers stock with core equipment, network, and environmental
controls but do not have servers. Relatively Inexpensive but can take weeks or even months
to become operational. - ANSColt Site

, Your Ultimate Guide to Mastering the (ISC)² Certified
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
_________ stock with all necessary equipment and data but are not maintained in a parallel
fashion. Similar in expense to hot sites and can become operational in hours or days. -
ANSWarm Site
_________ these are geographically distant, offer site resiliency, require manual transfer or
site replication through SAN or VM and provide online or offline backups. - ANSOffsite
Storage
Disaster Recovery Testing Goals: - ANSValidate that the plan functions correctly, Identify
necessary plan updates
Disaster Recovery Test types: - ANSRead-through, Walk-through, Simulation, Parallel Test,
Full interruption test
_________ ask each team member to review their role in the disaster recovery process and
provide feedback. - ANSRead-throughs
_________ gather the team together for a formal review of the disaster recovery plan. -
ANSWalk-throughs (aka Tabletop exercise)
_________ use a practice scenario to test the disaster recovery plan. - ANSSimulations
_________ activate the disaster recovery environment but do not switch operations there. -
ANSParallel tests
_________ this switches primary operations to the alternate environment and can be very
disruptive to business. - ANSFull Interruption tests
Which type of backup includes only those files that have changes since the most recent full or
incremental backup? - ANSIncremental
(Revisit) What disaster recovery metric provides the targeted amount of time to restore a
service after a failure? - ANSRTO
(Revisit) Which disaster recovery tests involve the actual activation of the DR site? -
ANSParallel
What type of disaster recovery site is able to be activated most quickly in the event of a
disruption? - ANSHot site
Within the organization, who can identify risk? (D1, L1.2.2)

A) The security manager
B) Any security team member
C) Senior management
D) Anyone - ANSD) Anyone
Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers
for an (ISC)² certification exam. What should Glen do? (D1, L1.5.1)

A) Nothing
B) Inform (ISC)²
C) Inform law enforcement
D) Inform Glen's employer - ANSB) Inform (ISC)²
A system that collects transactional information and stores it in a record in order to show
which users performed which actions is an example of providing ________. (D1, L1.1.1)


A) Non-repudiation
B) Multifactor authentication
C) Biometrics

Escuela, estudio y materia

Institución
CCISO - Certified Chief Information Security Officer
Grado
CCISO - Certified Chief Information Security Officer

Información del documento

Subido en
14 de julio de 2025
Número de páginas
51
Escrito en
2024/2025
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$15.99
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor

Seller avatar
Los indicadores de reputación están sujetos a la cantidad de artículos vendidos por una tarifa y las reseñas que ha recibido por esos documentos. Hay tres niveles: Bronce, Plata y Oro. Cuanto mayor reputación, más podrás confiar en la calidad del trabajo del vendedor.
charleswest Oxford University
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
77
Miembro desde
5 año
Número de seguidores
63
Documentos
3839
Última venta
1 semana hace

3.8

13 reseñas

5
6
4
2
3
3
2
0
1
2

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes