(ISC)2 Certified in Cybersecurity -
Exam Prep Questions With 100% Pass
/. Document specific requirements that a customer has about any aspect of a vendor's
service performance.
A) DLR
B) Contract
C) SLR
D) NDA - Answer-C) SLR (Service-Level Requirements)
/._________ identifies and triages risks. - Answer-Risk Assessment
/._________ are external forces that jeopardize security. - Answer-Threats
/._________ are methods used by attackers. - Answer-Threat Vectors
/._________ are the combination of a threat and a vulnerability. - Answer-Risks
/.We rank risks by _________ and _________. - Answer-Likelihood and impact
/._________ use subjective ratings to evaluate risk likelihood and impact. - Answer-
Qualitative Risk Assessment
/._________ use objective numeric ratings to evaluate risk likelihood and impact. -
Answer-Quantitative Risk Assessment
/._________ analyzes and implements possible responses to control risk. - Answer-Risk
Treatment
/._________ changes business practices to make a risk irrelevant. - Answer-Risk
Avoidance
/._________ reduces the likelihood or impact of a risk. - Answer-Risk Mitigation
/.An organization's _________ is the set of risks that it faces. - Answer-Risk Profile
/._________ Initial Risk of an organization. - Answer-Inherent Risk
/._________ Risk that remains in an organization after controls. - Answer-Residual Risk
/._________ is the level of risk an organization is willing to accept. - Answer-Risk
Tolerance
,/._________ reduce the likelihood or impact of a risk and help identify issues. - Answer-
Security Controls
/._________ stop a security issue from occurring. - Answer-Preventive Control
/._________ identify security issues requiring investigation. - Answer-Detective Control
/._________ remediate security issues that have occurred. - Answer-Recovery Control
/.Hardening == Preventative - Answer-Virus == Detective
/.Backups == Recovery - Answer-For exam (Local and Technical Controls are the
same)
/._________ use technology to achieve control objectives. - Answer-Technical Controls
/._________ use processes to achieve control objectives. - Answer-Administrative
Controls
/._________ impact the physical world. - Answer-Physical Controls
/._________ tracks specific device settings. - Answer-Configuration Management
/._________ provide a configuration snapshot. - Answer-Baselines (track changes)
/._________ assigns numbers to each version. - Answer-Versioning
/._________ serve as important configuration artifacts. - Answer-Diagrams
/._________ and _________ help ensure a stable operating environment. - Answer-
Change and Configuration Management
/.Purchasing an insurance policy is an example of which risk management strategy? -
Answer-Risk Transference
/.What two factors are used to evaluate a risk? - Answer-Likelihood and Impact
/.What term best describes making a snapshot of a system or application at a point in
time for later comparison? - Answer-Baselining
/.What type of security control is designed to stop a security issue from occurring in the
first place? - Answer-Preventive
/.What term describes risks that originate inside the organization? - Answer-Internal
,/.What four items belong to the security policy framework? - Answer-Policies,
Standards, Guidelines, Procedures
/._________ describe an organization's security expectations. - Answer-Policies
(mandatory and approved at the highest level of an organization)
/._________ describe specific security controls and are often derived from policies. -
Answer-Standards (mandatory)
/._________ describe best practices. - Answer-Guidelines (recommendations/advice
and compliance is not mandatory)
/._________ step-by-step instructions. - Answer-Procedures (not mandatory)
/._________ describe authorized uses of technology. - Answer-Acceptable Use Policies
(AUP)
/._________ describe how to protect sensitive information. - Answer-Data Handling
Policies
/._________ cover password security practices. - Answer-Password Policies
/._________ cover use of personal devices with company information. - Answer-Bring
Your Own Device (BYOD) Policies
/._________ cover the use of personally identifiable information. - Answer-Privacy
Policies
/._________ cover the documentation, approval, and rollback of technology changes. -
Answer-Change Management Policies
/.Which element of the security policy framework includes suggestions that are not
mandatory? - Answer-Guidelines
/.What law applies to the use of personal information belonging to European Union
residents? - Answer-GDPR
/.What type of security policy normally describes how users may access business
information with their own devices? - Answer-BYOD Policy
/._________ the set of controls designed to keep a business running in the face of
adversity, whether natural or man-made. - Answer-Business Continuity Planning (BCP)
/.BCP is also known as _________. - Answer-Continuity of Operations Planning
(COOP)
, /.Defining the BCP Scope: - Answer-What business activities will the plan cover? What
systems will it cover? What controls will it consider?
/._________ identifies and prioritizes risks. - Answer-Business Impact Assessment
/.BCP in the cloud requires _________ between providers and customers. - Answer-
Collaboration
/._________ protects against the failure of a single component. - Answer-Redundancy
/._________ identifies and removes SPOFs. - Answer-Single Point of Failure Analysis
/._________ continues until the cost of addressing risks outweighs the benefit. -
Answer-SPOF Analysis
/._________ uses multiple systems to protect against service failure. - Answer-High
Availability
/._________ makes a single system resilient against technical failures. - Answer-Fault
Tolerance
/._________ spreads demand across systems. - Answer-Load Balancing
/.3 Common Points of Failure in a system. - Answer-Power Supply, Storage Media,
Networking
/.Disk Mirroring is which RAID level? - Answer-1
/.Disk striping with parity is which RAID level? - Answer-5 (uses 3 or more disks to store
data)
/.What goal of security is enhanced by a strong business continuity program? - Answer-
Availability
/.What is the minimum number of disk required to perform RAID level 5? - Answer-3
/.What type of control are we using if we supplement a single firewall with a second
standby firewall ready to assume responsibility if the primary firewall fails? - Answer-
High Availability
/._________ provide structure during cybersecurity incidents. - Answer-Incident
Response Plan
/._________ describe the policies and procedures governing cybersecurity incidents. -
Answer-Incident Response Plans
Exam Prep Questions With 100% Pass
/. Document specific requirements that a customer has about any aspect of a vendor's
service performance.
A) DLR
B) Contract
C) SLR
D) NDA - Answer-C) SLR (Service-Level Requirements)
/._________ identifies and triages risks. - Answer-Risk Assessment
/._________ are external forces that jeopardize security. - Answer-Threats
/._________ are methods used by attackers. - Answer-Threat Vectors
/._________ are the combination of a threat and a vulnerability. - Answer-Risks
/.We rank risks by _________ and _________. - Answer-Likelihood and impact
/._________ use subjective ratings to evaluate risk likelihood and impact. - Answer-
Qualitative Risk Assessment
/._________ use objective numeric ratings to evaluate risk likelihood and impact. -
Answer-Quantitative Risk Assessment
/._________ analyzes and implements possible responses to control risk. - Answer-Risk
Treatment
/._________ changes business practices to make a risk irrelevant. - Answer-Risk
Avoidance
/._________ reduces the likelihood or impact of a risk. - Answer-Risk Mitigation
/.An organization's _________ is the set of risks that it faces. - Answer-Risk Profile
/._________ Initial Risk of an organization. - Answer-Inherent Risk
/._________ Risk that remains in an organization after controls. - Answer-Residual Risk
/._________ is the level of risk an organization is willing to accept. - Answer-Risk
Tolerance
,/._________ reduce the likelihood or impact of a risk and help identify issues. - Answer-
Security Controls
/._________ stop a security issue from occurring. - Answer-Preventive Control
/._________ identify security issues requiring investigation. - Answer-Detective Control
/._________ remediate security issues that have occurred. - Answer-Recovery Control
/.Hardening == Preventative - Answer-Virus == Detective
/.Backups == Recovery - Answer-For exam (Local and Technical Controls are the
same)
/._________ use technology to achieve control objectives. - Answer-Technical Controls
/._________ use processes to achieve control objectives. - Answer-Administrative
Controls
/._________ impact the physical world. - Answer-Physical Controls
/._________ tracks specific device settings. - Answer-Configuration Management
/._________ provide a configuration snapshot. - Answer-Baselines (track changes)
/._________ assigns numbers to each version. - Answer-Versioning
/._________ serve as important configuration artifacts. - Answer-Diagrams
/._________ and _________ help ensure a stable operating environment. - Answer-
Change and Configuration Management
/.Purchasing an insurance policy is an example of which risk management strategy? -
Answer-Risk Transference
/.What two factors are used to evaluate a risk? - Answer-Likelihood and Impact
/.What term best describes making a snapshot of a system or application at a point in
time for later comparison? - Answer-Baselining
/.What type of security control is designed to stop a security issue from occurring in the
first place? - Answer-Preventive
/.What term describes risks that originate inside the organization? - Answer-Internal
,/.What four items belong to the security policy framework? - Answer-Policies,
Standards, Guidelines, Procedures
/._________ describe an organization's security expectations. - Answer-Policies
(mandatory and approved at the highest level of an organization)
/._________ describe specific security controls and are often derived from policies. -
Answer-Standards (mandatory)
/._________ describe best practices. - Answer-Guidelines (recommendations/advice
and compliance is not mandatory)
/._________ step-by-step instructions. - Answer-Procedures (not mandatory)
/._________ describe authorized uses of technology. - Answer-Acceptable Use Policies
(AUP)
/._________ describe how to protect sensitive information. - Answer-Data Handling
Policies
/._________ cover password security practices. - Answer-Password Policies
/._________ cover use of personal devices with company information. - Answer-Bring
Your Own Device (BYOD) Policies
/._________ cover the use of personally identifiable information. - Answer-Privacy
Policies
/._________ cover the documentation, approval, and rollback of technology changes. -
Answer-Change Management Policies
/.Which element of the security policy framework includes suggestions that are not
mandatory? - Answer-Guidelines
/.What law applies to the use of personal information belonging to European Union
residents? - Answer-GDPR
/.What type of security policy normally describes how users may access business
information with their own devices? - Answer-BYOD Policy
/._________ the set of controls designed to keep a business running in the face of
adversity, whether natural or man-made. - Answer-Business Continuity Planning (BCP)
/.BCP is also known as _________. - Answer-Continuity of Operations Planning
(COOP)
, /.Defining the BCP Scope: - Answer-What business activities will the plan cover? What
systems will it cover? What controls will it consider?
/._________ identifies and prioritizes risks. - Answer-Business Impact Assessment
/.BCP in the cloud requires _________ between providers and customers. - Answer-
Collaboration
/._________ protects against the failure of a single component. - Answer-Redundancy
/._________ identifies and removes SPOFs. - Answer-Single Point of Failure Analysis
/._________ continues until the cost of addressing risks outweighs the benefit. -
Answer-SPOF Analysis
/._________ uses multiple systems to protect against service failure. - Answer-High
Availability
/._________ makes a single system resilient against technical failures. - Answer-Fault
Tolerance
/._________ spreads demand across systems. - Answer-Load Balancing
/.3 Common Points of Failure in a system. - Answer-Power Supply, Storage Media,
Networking
/.Disk Mirroring is which RAID level? - Answer-1
/.Disk striping with parity is which RAID level? - Answer-5 (uses 3 or more disks to store
data)
/.What goal of security is enhanced by a strong business continuity program? - Answer-
Availability
/.What is the minimum number of disk required to perform RAID level 5? - Answer-3
/.What type of control are we using if we supplement a single firewall with a second
standby firewall ready to assume responsibility if the primary firewall fails? - Answer-
High Availability
/._________ provide structure during cybersecurity incidents. - Answer-Incident
Response Plan
/._________ describe the policies and procedures governing cybersecurity incidents. -
Answer-Incident Response Plans
