jj
iSACA Cybersecurity Fundamentals
Certification Exam questions with
complete solutions 2024
Confidentiality j- jANS✓✓-Protection jfrom junauthorized jaccess
integrity j- jANS✓✓-Protection jfrom junauthorized jmodification
Availability j- jANS✓✓-protection jfrom jdisruptions jin jaccess
Cybersecurity j- jANS✓✓-the jprotection jof jinformation jassets j(digital jassets) jby
jaddressing jthreats jto jinformation jprocessed, jstored, jand jtransported jby
jinternetworked jinformation jsystems
NIST jFunctions jto jProtect jDigital jAssets j- jANS✓✓-IPDRR
1) jIdentify
2) jProtect
3) jDetect
4) jRespond
5) jRecover
Nonrepudiation j- jANS✓✓-Def: jensuring jthat ja jmessage jor jother jpiece jof
jinformation jis jgenuine
Examples: jdigital jsignatures jand jtransaction jlogs
Risk j- jANS✓✓-combination jof jthe jprobability jof jan jevent jand jits
jconsequences, jmitigated jthrough jcontrols
Threat j- jANS✓✓-Anything jthat jis jcapable jof jacting jagainst jan jasset jin ja
jharmful jmanner
Asset j- jANS✓✓-something jof jeither jtangible jor jintangible jvalue jthat jis jworth
jprotecting
,jj
Vulnerability j- jANS✓✓-A jweakness jin jthe jdesign, jimplementation, joperation jor
jinternal jcontrol jof ja jprocess jthat jcould jexpose jthe jsystem jto jadverse jthreats
jfrom jthreat jevents
Inherent jrisk j- jANS✓✓-The jrisk jlevel jor jexposure jwithout jtaking jinto jaccount
jthe jactions jthat jmanagement jhas jtaken jor jmight jtake j(e.g., jimplementing
jcontrols)
Residual jrisk j- jANS✓✓-the jrisk jthat jremains jafter jmanagement jimplements
jinternal jcontrols jor jsome jother jresponse jto jrisk
Likelihood j- jANS✓✓-A.K.A jprobability
measure jof jfrequency jof jwhich jan jevent jmay joccur, jwhich jdepends jon jthe
jthreat jand jvulnerability
Approaches jto jCybersecurity jRisk j- jANS✓✓-Dependent jon:
1) jRisk jtolerance
2) jSize j& jscope jof jthe jenvironment
3) jAmount jof jdata javailable
Approaches:
1) jAd jhoc
2) jCompliance-based
3) jRisk-based
Threat jAgents j- jANS✓✓-The jactors jcausing jthe jthreats jthat jmight jexploit ja
jvulnerability
Types:
1) jCorporations j- jcompetitive jadvantage
2) jCybercriminals j- jprofit
3) jCyberterrorists j- jcritical jinfrastructures/government
4) jCyberwarriors j- jpolitically jmotivated
5) jEmployees j- jrevenge j
6) jHacktivists j- jpolitically jmotivated
7) jNation jstates j- jgovernment/private jentities
8) jOnline jsocial jhackers j- jidentity jtheft, jprofit
9) jScript jkiddies j- jlearning jto jhack
Attack jvector j- jANS✓✓-The jpath jor jroute jused jto jgain jaccess jto jthe jtarget
j(asset)
Types:
1) jIngress j- jintrusion
2) jEgress j- jData jremoval
, jj
Attack jAttributes j- jANS✓✓-1) jAttack jVector
2) jPayload
3) jExploit
4) jVulnerability
5) jTarget j(Asset)
Threat jProcess j- jANS✓✓-1) jPerform jreconnaissance j(gathering jinformation)
2) jCreate jattack jtools
3) jDeliver jmalicious jcapabilities
4) jExploit jand jcompromise
5) jConduct jan jattack
6) jAchieve jresults
7) jMaintain ja jpresence jor jset jof jcapabilities
8) jCoordinate ja jcampaign
Malware j- jANS✓✓-Def: jsoftware jdesigned jto jinfiltrate jor jdamage ja jcomputer
jsystem jwithout jthe juser's jinformed jconsent
Examples: jViruses, jnetwork jworms, jTrojan jhorses
Policies j- jANS✓✓-communicate jrequired jand jprohibited jactivities jand
jbehaviors
Standards j- jANS✓✓-Interpret jpolicies jin jspecific jsituations
Procedures j- jANS✓✓-Provide jdetails jon jhow jto jcomply jwith jpolicies jand
jstandards
Guidelines j- jANS✓✓-Provide jgeneral jguidance jon jissues; jnot jrequirements jbut
jstrongly jrecommended
Defense jin jDepth j- jANS✓✓-Layering jdefenses jto jprovide jadded jprotection
Types:
1) jConcentric jrings
2) jOverlapping jRedundancy
3) jSegregation
Security jperimeter j- jANS✓✓-A jwell-defined jboundary jbetween jthe jorganization
jand jthe joutside jworld. jCybersecurity jemphasizes jthe jsystem-centric jmodel
j(placing jcontrols jat jthe jnetwork jlevel)
Internet jPerimeter j- jANS✓✓-Secure jaccess jto jthe jInternet jfor jenterprise
jemployees jand jguest jusers, jregardless jof jlocation. j
iSACA Cybersecurity Fundamentals
Certification Exam questions with
complete solutions 2024
Confidentiality j- jANS✓✓-Protection jfrom junauthorized jaccess
integrity j- jANS✓✓-Protection jfrom junauthorized jmodification
Availability j- jANS✓✓-protection jfrom jdisruptions jin jaccess
Cybersecurity j- jANS✓✓-the jprotection jof jinformation jassets j(digital jassets) jby
jaddressing jthreats jto jinformation jprocessed, jstored, jand jtransported jby
jinternetworked jinformation jsystems
NIST jFunctions jto jProtect jDigital jAssets j- jANS✓✓-IPDRR
1) jIdentify
2) jProtect
3) jDetect
4) jRespond
5) jRecover
Nonrepudiation j- jANS✓✓-Def: jensuring jthat ja jmessage jor jother jpiece jof
jinformation jis jgenuine
Examples: jdigital jsignatures jand jtransaction jlogs
Risk j- jANS✓✓-combination jof jthe jprobability jof jan jevent jand jits
jconsequences, jmitigated jthrough jcontrols
Threat j- jANS✓✓-Anything jthat jis jcapable jof jacting jagainst jan jasset jin ja
jharmful jmanner
Asset j- jANS✓✓-something jof jeither jtangible jor jintangible jvalue jthat jis jworth
jprotecting
,jj
Vulnerability j- jANS✓✓-A jweakness jin jthe jdesign, jimplementation, joperation jor
jinternal jcontrol jof ja jprocess jthat jcould jexpose jthe jsystem jto jadverse jthreats
jfrom jthreat jevents
Inherent jrisk j- jANS✓✓-The jrisk jlevel jor jexposure jwithout jtaking jinto jaccount
jthe jactions jthat jmanagement jhas jtaken jor jmight jtake j(e.g., jimplementing
jcontrols)
Residual jrisk j- jANS✓✓-the jrisk jthat jremains jafter jmanagement jimplements
jinternal jcontrols jor jsome jother jresponse jto jrisk
Likelihood j- jANS✓✓-A.K.A jprobability
measure jof jfrequency jof jwhich jan jevent jmay joccur, jwhich jdepends jon jthe
jthreat jand jvulnerability
Approaches jto jCybersecurity jRisk j- jANS✓✓-Dependent jon:
1) jRisk jtolerance
2) jSize j& jscope jof jthe jenvironment
3) jAmount jof jdata javailable
Approaches:
1) jAd jhoc
2) jCompliance-based
3) jRisk-based
Threat jAgents j- jANS✓✓-The jactors jcausing jthe jthreats jthat jmight jexploit ja
jvulnerability
Types:
1) jCorporations j- jcompetitive jadvantage
2) jCybercriminals j- jprofit
3) jCyberterrorists j- jcritical jinfrastructures/government
4) jCyberwarriors j- jpolitically jmotivated
5) jEmployees j- jrevenge j
6) jHacktivists j- jpolitically jmotivated
7) jNation jstates j- jgovernment/private jentities
8) jOnline jsocial jhackers j- jidentity jtheft, jprofit
9) jScript jkiddies j- jlearning jto jhack
Attack jvector j- jANS✓✓-The jpath jor jroute jused jto jgain jaccess jto jthe jtarget
j(asset)
Types:
1) jIngress j- jintrusion
2) jEgress j- jData jremoval
, jj
Attack jAttributes j- jANS✓✓-1) jAttack jVector
2) jPayload
3) jExploit
4) jVulnerability
5) jTarget j(Asset)
Threat jProcess j- jANS✓✓-1) jPerform jreconnaissance j(gathering jinformation)
2) jCreate jattack jtools
3) jDeliver jmalicious jcapabilities
4) jExploit jand jcompromise
5) jConduct jan jattack
6) jAchieve jresults
7) jMaintain ja jpresence jor jset jof jcapabilities
8) jCoordinate ja jcampaign
Malware j- jANS✓✓-Def: jsoftware jdesigned jto jinfiltrate jor jdamage ja jcomputer
jsystem jwithout jthe juser's jinformed jconsent
Examples: jViruses, jnetwork jworms, jTrojan jhorses
Policies j- jANS✓✓-communicate jrequired jand jprohibited jactivities jand
jbehaviors
Standards j- jANS✓✓-Interpret jpolicies jin jspecific jsituations
Procedures j- jANS✓✓-Provide jdetails jon jhow jto jcomply jwith jpolicies jand
jstandards
Guidelines j- jANS✓✓-Provide jgeneral jguidance jon jissues; jnot jrequirements jbut
jstrongly jrecommended
Defense jin jDepth j- jANS✓✓-Layering jdefenses jto jprovide jadded jprotection
Types:
1) jConcentric jrings
2) jOverlapping jRedundancy
3) jSegregation
Security jperimeter j- jANS✓✓-A jwell-defined jboundary jbetween jthe jorganization
jand jthe joutside jworld. jCybersecurity jemphasizes jthe jsystem-centric jmodel
j(placing jcontrols jat jthe jnetwork jlevel)
Internet jPerimeter j- jANS✓✓-Secure jaccess jto jthe jInternet jfor jenterprise
jemployees jand jguest jusers, jregardless jof jlocation. j
