ISACA - Cybersecurity Fundamentals (CSX)
UPDATED ACTUAL Exam Questions and
CORRECT Answers
Community Cloud model - CORRECT ANSWER Infrastructure allocated for exclusive use of
a particular community of consumers, which may consist of enterprises or interest groups that
share common concerns.
Authenticity - CORRECT ANSWER Creating & ensuring undisputed authorship.
Risk Transfer - CORRECT ANSWER Most appropriate action when an enterprise cannot
assume risk or absorb losses, but wants to continue the activity causing the risk.
Containment - CORRECT ANSWER Phase of an incident response plan (IRP) involving
acquisition and preservation of evidence.
Criticality - CORRECT ANSWER Value of each application to the nature of the business.
Data Owners - CORRECT ANSWER Responsibility integrity, accurate reporting, and use of
computerized data.
Top-down approach - CORRECT ANSWER General, easy method to achieve management
buy-in. They allow examination of the relationship between risk events and business goals.
Software as a Service (SaaS) - CORRECT ANSWER A software distribution model made
available by third parties offering: office productivity
customer relationship management (CRM)
collaborative solutions.
, Red teaming - CORRECT ANSWER Simulated attacks that assess security system's ability to
prevent, detect, & respond to cyber attacks.
Performed by external resources using: adversarial tactics, techniques, & procedures (TTPs).
ICT (Information & communication technology) security - CORRECT ANSWER Any
technology or transmission line that carries or captures data.
Zero-day exploits - CORRECT ANSWER Exploit vulnerabilities before the software
creator/vendor is aware of them, or known flaws without an available patch.
Man-in-the-middle attacks - CORRECT ANSWER Intercept communication between two
components of a victim system, replacing the traffic with the intruder's own data to eventually
assume control of the communication.
Cybersecurity - CORRECT ANSWER How do we manage risk? Protecting information assets
by addressing threats to information that is processed, stored or transported by internetworked
information systems.
You have to have:
problem solving skills
design and manage process and technical controls
analyze policy trends and intelligence.
Fundamental principles of security controls - CORRECT ANSWER Need to know. Principles
of least privilege.
Ongoing monitoring - CORRECT ANSWER Detect unauthorized equipment or software in
the risk management life cycle.
Board of directors - CORRECT ANSWER Responsible for governance in most enterprises,
and for exercising due care in overside and protection of organization's key assets (such as
information). Critical to ongoing business operations
UPDATED ACTUAL Exam Questions and
CORRECT Answers
Community Cloud model - CORRECT ANSWER Infrastructure allocated for exclusive use of
a particular community of consumers, which may consist of enterprises or interest groups that
share common concerns.
Authenticity - CORRECT ANSWER Creating & ensuring undisputed authorship.
Risk Transfer - CORRECT ANSWER Most appropriate action when an enterprise cannot
assume risk or absorb losses, but wants to continue the activity causing the risk.
Containment - CORRECT ANSWER Phase of an incident response plan (IRP) involving
acquisition and preservation of evidence.
Criticality - CORRECT ANSWER Value of each application to the nature of the business.
Data Owners - CORRECT ANSWER Responsibility integrity, accurate reporting, and use of
computerized data.
Top-down approach - CORRECT ANSWER General, easy method to achieve management
buy-in. They allow examination of the relationship between risk events and business goals.
Software as a Service (SaaS) - CORRECT ANSWER A software distribution model made
available by third parties offering: office productivity
customer relationship management (CRM)
collaborative solutions.
, Red teaming - CORRECT ANSWER Simulated attacks that assess security system's ability to
prevent, detect, & respond to cyber attacks.
Performed by external resources using: adversarial tactics, techniques, & procedures (TTPs).
ICT (Information & communication technology) security - CORRECT ANSWER Any
technology or transmission line that carries or captures data.
Zero-day exploits - CORRECT ANSWER Exploit vulnerabilities before the software
creator/vendor is aware of them, or known flaws without an available patch.
Man-in-the-middle attacks - CORRECT ANSWER Intercept communication between two
components of a victim system, replacing the traffic with the intruder's own data to eventually
assume control of the communication.
Cybersecurity - CORRECT ANSWER How do we manage risk? Protecting information assets
by addressing threats to information that is processed, stored or transported by internetworked
information systems.
You have to have:
problem solving skills
design and manage process and technical controls
analyze policy trends and intelligence.
Fundamental principles of security controls - CORRECT ANSWER Need to know. Principles
of least privilege.
Ongoing monitoring - CORRECT ANSWER Detect unauthorized equipment or software in
the risk management life cycle.
Board of directors - CORRECT ANSWER Responsible for governance in most enterprises,
and for exercising due care in overside and protection of organization's key assets (such as
information). Critical to ongoing business operations
