(ISC)2 Certified in Cybersecurity - Exam Prep with complete solutions

(ISC)2 Certified in Cybersecurity - Exam Prep with complete solutions Document specific requirements that a customer has about any aspect of a vendor's service performance. A) DLR B) Contract C) SLR D) NDA - Answer️️ -C) SLR (Service-Level Requirements) _________ identifies and triages risks. - Answer️️ -Risk Assessment _________ are external forces that jeopardize security. - Answer️️ -Threats _________ are methods used by attackers. - Answer️️ -Threat Vectors _________ are the combination of a threat and a vulnerability. - Answer️️ -Risks We rank risks by _________ and _________. - Answer️️ -Likelihood and impact _________ use subjective ratings to evaluate risk likelihood and impact. - Answer️️ - Qualitative Risk Assessment _________ use objective numeric ratings to evaluate risk likelihood and impact. - Answer️️ - Quantitative Risk Assessment _________ analyzes and implements possible responses to control risk. - Answer️️ -Risk Treatment _________ changes business practices to make a risk irrelevant. - Answer️️ -Risk Avoidance _________ reduces the likelihood or impact of a risk. - Answer️️ -Risk Mitigation An organization's _________ is the set of risks that it faces. - Answer️️ -Risk Profile _________ Initial Risk of an organization. - Answer️️ -Inherent Risk _________ Risk that remains in an organization after controls. - Answer️️ -Residual Risk _________ is the level of risk an organization is willing to accept. - Answer️️ -Risk Tolerance _________ reduce the likelihood or impact of a risk and help identify issues. - Answer️️ - Security Controls _________ stop a security issue from occurring. - Answer️️ -Preventive Control _________ identify security issues requiring investigation. - Answer️️ -Detective Control _________ remediate security issues that have occurred. - Answer️️ -Recovery Control Hardening == Preventative - Answer️️ -Virus == Detective Backups == Recovery - Answer️️ -For exam (Local and Technical Controls are the same) _________ use technology to achieve control objectives. - Answer️️ -Technical Controls _________ use processes to achieve control objectives. - Answer️️ -Administrative Controls _________ impact the physical world. - Answer️️ -Physical Controls _________ tracks specific device settings. - Answer️️ -Configuration Management _________ provide a configuration snapshot. - Answer️️ -Baselines (track changes) _________ assigns numbers to each version. - Answer️️ -Versioning _________ serve as important configuration artifacts. - Answer️️ -Diagrams _________ and _________ help ensure a stable operating environment. - Answer️️ -Change and Configuration Management Purchasing an insurance policy is an example of which risk management strategy? - Answer️️ -Risk Transference What two factors are used to evaluate a risk? - Answer️️ -Likelihood and Impact What term best describes making a snapshot of a system or application at a point in time for later comparison? - Answer️️ -Baselining What type of security control is designed to stop a security issue from occurring in the first place? - Answer️️ -Preventive What term describes risks that originate inside the organization? - Answer️️ -Internal What four items belong to the security policy framework? - Answer️️ -Policies, Standards, Guidelines, Procedures _________ describe an organization's security expectations. - Answer️️ -Policies (mandatory and approved at the highest level of an organization) _________ describe specific security controls and are often derived from policies. - Answer️️ - Standards (mandatory) _________ describe best practices. - Answer️️ -Guidelines (recommendations/advice and compliance is not mandatory) _________ step-by-step instructions. - Answer️️ -Procedures (not mandatory) _________ describe authorized uses of technology. - Answer️️ -Acceptable Use Policies (AUP) _________ describe how to protect sensitive information. - Answer️️ -Data Handling Policies _________ cover password security practices. - Answer️️ -Password Policies _________ cover use of personal devices with company information. - Answer️️ -Bring Your Own Device (BYOD) Policies _________ cover the use of personally identifiable information. - Answer️️ -Privacy Policies _________ cover the documentation, approval, and rollback of technology changes. - Answer️️ -Change Management Policies Which element of the security policy framework includes suggestions that are not mandatory? - Answer️️ -Guidelines What law applies to the use of personal information belonging to European Union residents? - Answer️️ -GDPR What type of security policy normally describes how users may access business information with their own devices? - Answer️️ -BYOD Policy _________ the set of controls designed to keep a business running in the face of adversity, whether natural or man-made. - Answer️️ -Business Continuity Planning (BCP) BCP is also known as _________. - Answer️️ -Continuity of Operations Planning (COOP) Defining the BCP Scope: - Answer️️ -What business activities will the plan cover? What systems will it cover? What controls will it consider? _________ identifies and prioritizes risks. - Answer️️ -Business Impact Assessment BCP in the cloud requires _________ between providers and customers. - Answer️️ - Collaboration _________ protects against the failure of a single component. - Answer️️ -Redundancy _________ identifies and removes SPOFs. - Answer️️ -Single Point of Failure Analysis _________ continues until the cost of addressing risks outweighs the benefit. - Answer️️ - SPOF Analysis _________ uses multiple systems to prote