ISACA CSX Glossary UPDATED ACTUAL
Exam Questions and CORRECT Answers
Acceptable Interruption Window - CORRECT ANSWER The maximum period of time that a
system can be unavailable before compromising the achievement of the enterprise's business
objectives.
Acceptable Use Policy - CORRECT ANSWER A policy that establishes an agreement
between users and the enterprise and defines for all parties' the ranges of use that are approved
before gaining access to a network or the Internet.
Access Control List (ACL) - CORRECT ANSWER An internal computerized table of access
rules regarding the levels of computer access permitted to logon IDs and computer terminals.
Also referred to as access control tables.
Access Path - CORRECT ANSWER The logical route that an end user takes to access
computerized information. Typically includes a route through the operating system,
telecommunications software, selected application software and the access control system.
Access Rights - CORRECT ANSWER The permission or privileges granted to users,
programs or workstations to create, change, delete, or view data and files within a system, as
defined by rules established by data owners and the information security policy.
Accountability - CORRECT ANSWER The ability to map a given activity or event back to
the responsible party.
Advanced Encryption Standard (AES) - CORRECT ANSWER A public algorithm that
supports keys from 128 bits to 256 bits in size.
Advanced Persistent Threat (APT) - CORRECT ANSWER An adversary that possesses
sophisticated levels of expertise and significant resources that allow it to create opportunities to
achieve its objectives using multiple attack vectors (NIST SP800-61).
,The APT:
1. Pursues its objectives repeatedly over an extended period of time
2. Adapts to defenders' efforts to resist it
3. Is determined to maintain the level of interaction needed to execute its objectives
Adversary - CORRECT ANSWER A threat agent.
Adware - CORRECT ANSWER A software package that automatically plays, displays, or
downloads advertising material to a computer after the software is installed on it or while the
application is being used. In most cases, this is done without any notification to the user or
without the user's consent. The term adware may also refer to software that displays
advertisements, whether or not it does so with the user's consent; such programs display
advertisements as an alternative to shareware registration fees. These are classified as adware in
the sense of advertising supported software, but not as spyware. Adware in this form does not
operate surreptitiously or mislead the user, and it provides the user with a specific service.
Alert Situation - CORRECT ANSWER The point in an emergency procedure when the
elapsed time passes a threshold and the interruption is not resolved. The enterprise entering into
an alert situation initiates a series of escalation steps.
Alternate Facilities - CORRECT ANSWER Locations and infrastructures from which
emergency or backup processes are executed, when the main premises are unavailable or
destroyed; includes other buildings, offices, or data processing centers. Alternate process-
Automatic or manual process designed and established to continue critical business processes
from point-of-failure to return-to- normal.
Analog - CORRECT ANSWER A transmission signal that varies continuously in amplitude
and time and is generated in wave formation. Analog signals are used in telecommunications.
Anti-Malware - CORRECT ANSWER A technology widely used to prevent, detect, and
remove many categories of malware, including computer viruses, worms, Trojans, key loggers,
malicious browser plug-ins, adware, and spyware.
,Antivirus Software - CORRECT ANSWER An application software deployed at multiple
points in an IT architecture. It is designed to detect and potentially eliminate virus code before
damage is done and repair or quarantine files that have already been infected.
Application Layer - CORRECT ANSWER In the Open Systems Interconnection (OSI)
communications model, the application layer provides services for an application program to
ensure that effective communication with another application program in a network is possible.
The application layer is not the application that is doing the communication; a service layer that
provides these services.
Architecture - CORRECT ANSWER Description of the fundamental underlying design of the
components of the business system, or of one clement of the business system (e.g., technology),
the relationships among them, and the manner in which they support enterprise objectives.
Asset - CORRECT ANSWER Something of either tangible or intangible value that is worth
protecting, including people, information, infrastructure, finances, and reputation.
Asymmetric Key (Public Key) - CORRECT ANSWER A cipher technique in which different
cryptographic keys are used to encrypt and decrypt a message. Sec public key encryption.
Attack - CORRECT ANSWER An actual occurrence of an adverse event.
Attack Mechanism - CORRECT ANSWER A method used to deliver the exploit. Unless the
attacker is personally performing the attack, an attack mechanism may involve a payload, or
container, that delivers the exploit to the target.
Attack Vector - CORRECT ANSWER A path or route used by the adversary to gain access to
the target (asset). There are two types of attack vectors: ingress and egress (also known as data
exfiltration).
Attenuation - CORRECT ANSWER Reduction of signal strength during transmission.
, Audit Trail - CORRECT ANSWER A visible trail of evidence enabling one to trace
information contained in statements or reports back to the original input source.
Authentication - CORRECT ANSWER The act of verifying the identity of a user and the
user's eligibility to access computerized information. Authentication is designed to protect
against fraudulent logon activity. It can also refer to the verification of the correctness of a piece
of data.
Authenticity - CORRECT ANSWER Undisputed authorship.
Availability - CORRECT ANSWER Ensuring timely and reliable access to and use of
information.
Back Door - CORRECT ANSWER A means of regaining access to a compromised system by
installing software or configuring existing software to enable remote access under attacker-
defined conditions.
Bandwidth - CORRECT ANSWER The range between the highest and lowest transmittable
frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes
per second or Hertz (cycles per second).
Bastion - CORRECT ANSWER System heavily fortified against attacks.
Biometrics - CORRECT ANSWER A security technique that verifies an individual's identity
by analyzing a unique physical attribute, such as a handprint.
Block Cipher - CORRECT ANSWER A public algorithm that operates on plaintext in blocks
(strings or groups) of bits.
Botnet - CORRECT ANSWER A term derived from "robot network" is a large automated and
distributed network of previously compromised computers that can be simultaneously controlled
to launch large-scale attacks such as a denial-of-service attack on selected victims.
Exam Questions and CORRECT Answers
Acceptable Interruption Window - CORRECT ANSWER The maximum period of time that a
system can be unavailable before compromising the achievement of the enterprise's business
objectives.
Acceptable Use Policy - CORRECT ANSWER A policy that establishes an agreement
between users and the enterprise and defines for all parties' the ranges of use that are approved
before gaining access to a network or the Internet.
Access Control List (ACL) - CORRECT ANSWER An internal computerized table of access
rules regarding the levels of computer access permitted to logon IDs and computer terminals.
Also referred to as access control tables.
Access Path - CORRECT ANSWER The logical route that an end user takes to access
computerized information. Typically includes a route through the operating system,
telecommunications software, selected application software and the access control system.
Access Rights - CORRECT ANSWER The permission or privileges granted to users,
programs or workstations to create, change, delete, or view data and files within a system, as
defined by rules established by data owners and the information security policy.
Accountability - CORRECT ANSWER The ability to map a given activity or event back to
the responsible party.
Advanced Encryption Standard (AES) - CORRECT ANSWER A public algorithm that
supports keys from 128 bits to 256 bits in size.
Advanced Persistent Threat (APT) - CORRECT ANSWER An adversary that possesses
sophisticated levels of expertise and significant resources that allow it to create opportunities to
achieve its objectives using multiple attack vectors (NIST SP800-61).
,The APT:
1. Pursues its objectives repeatedly over an extended period of time
2. Adapts to defenders' efforts to resist it
3. Is determined to maintain the level of interaction needed to execute its objectives
Adversary - CORRECT ANSWER A threat agent.
Adware - CORRECT ANSWER A software package that automatically plays, displays, or
downloads advertising material to a computer after the software is installed on it or while the
application is being used. In most cases, this is done without any notification to the user or
without the user's consent. The term adware may also refer to software that displays
advertisements, whether or not it does so with the user's consent; such programs display
advertisements as an alternative to shareware registration fees. These are classified as adware in
the sense of advertising supported software, but not as spyware. Adware in this form does not
operate surreptitiously or mislead the user, and it provides the user with a specific service.
Alert Situation - CORRECT ANSWER The point in an emergency procedure when the
elapsed time passes a threshold and the interruption is not resolved. The enterprise entering into
an alert situation initiates a series of escalation steps.
Alternate Facilities - CORRECT ANSWER Locations and infrastructures from which
emergency or backup processes are executed, when the main premises are unavailable or
destroyed; includes other buildings, offices, or data processing centers. Alternate process-
Automatic or manual process designed and established to continue critical business processes
from point-of-failure to return-to- normal.
Analog - CORRECT ANSWER A transmission signal that varies continuously in amplitude
and time and is generated in wave formation. Analog signals are used in telecommunications.
Anti-Malware - CORRECT ANSWER A technology widely used to prevent, detect, and
remove many categories of malware, including computer viruses, worms, Trojans, key loggers,
malicious browser plug-ins, adware, and spyware.
,Antivirus Software - CORRECT ANSWER An application software deployed at multiple
points in an IT architecture. It is designed to detect and potentially eliminate virus code before
damage is done and repair or quarantine files that have already been infected.
Application Layer - CORRECT ANSWER In the Open Systems Interconnection (OSI)
communications model, the application layer provides services for an application program to
ensure that effective communication with another application program in a network is possible.
The application layer is not the application that is doing the communication; a service layer that
provides these services.
Architecture - CORRECT ANSWER Description of the fundamental underlying design of the
components of the business system, or of one clement of the business system (e.g., technology),
the relationships among them, and the manner in which they support enterprise objectives.
Asset - CORRECT ANSWER Something of either tangible or intangible value that is worth
protecting, including people, information, infrastructure, finances, and reputation.
Asymmetric Key (Public Key) - CORRECT ANSWER A cipher technique in which different
cryptographic keys are used to encrypt and decrypt a message. Sec public key encryption.
Attack - CORRECT ANSWER An actual occurrence of an adverse event.
Attack Mechanism - CORRECT ANSWER A method used to deliver the exploit. Unless the
attacker is personally performing the attack, an attack mechanism may involve a payload, or
container, that delivers the exploit to the target.
Attack Vector - CORRECT ANSWER A path or route used by the adversary to gain access to
the target (asset). There are two types of attack vectors: ingress and egress (also known as data
exfiltration).
Attenuation - CORRECT ANSWER Reduction of signal strength during transmission.
, Audit Trail - CORRECT ANSWER A visible trail of evidence enabling one to trace
information contained in statements or reports back to the original input source.
Authentication - CORRECT ANSWER The act of verifying the identity of a user and the
user's eligibility to access computerized information. Authentication is designed to protect
against fraudulent logon activity. It can also refer to the verification of the correctness of a piece
of data.
Authenticity - CORRECT ANSWER Undisputed authorship.
Availability - CORRECT ANSWER Ensuring timely and reliable access to and use of
information.
Back Door - CORRECT ANSWER A means of regaining access to a compromised system by
installing software or configuring existing software to enable remote access under attacker-
defined conditions.
Bandwidth - CORRECT ANSWER The range between the highest and lowest transmittable
frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes
per second or Hertz (cycles per second).
Bastion - CORRECT ANSWER System heavily fortified against attacks.
Biometrics - CORRECT ANSWER A security technique that verifies an individual's identity
by analyzing a unique physical attribute, such as a handprint.
Block Cipher - CORRECT ANSWER A public algorithm that operates on plaintext in blocks
(strings or groups) of bits.
Botnet - CORRECT ANSWER A term derived from "robot network" is a large automated and
distributed network of previously compromised computers that can be simultaneously controlled
to launch large-scale attacks such as a denial-of-service attack on selected victims.
