iSACA Cybersecurity Fundamentals Certification Exam Question
With Cor
rect Answers Already
Passed!!
1. Confidentiality Protection from unauthorized access
2. integrity Protection from unauthorized modification
3. Availability protection from disruptions in access
4. Cybersecurity the protection of information assets (digital assets) by addressing threats t
information processed, stored, and transported by internetworked informati
systems
5. NIST IPDRR
Functions to
Protect Digital 1) Identify
Assets 2) Protect
3) Detect
4) Respond
5) Recover
6. Nonrepudiation Def: ensuring that a message or other piece of information is genuine
Examples: digital signatures and transaction logs
7. Risk combination of the probability of an event and its consequences, mitigated
through controls
8. Threat Anything that is capable of acting against an asset in a harmful manner
9. Asset something of either tangible or intangible value that is worth protecting
10. Vulnerability A weakness in the design, implementation, operation or internal control of
process that could expose the system to adverse threats from threat events
11. Inherent risk
1/
37
, iSACA Cybersecurity Fundamentals Certification Exam Question
With Cor
rect Answers Already
Passed!!
The risk level or exposure without taking into account the actions that
manage- ment has taken or might take (e.g., implementing controls)
12. Residual risk the risk that remains after management implements internal controls or
some
other response to risk
13. Likelihood A.K.A probability
measure of frequency of which an event may occur, which depends on the
threat and vulnerability
14. Approaches Dependent on:
to 1) Risk tolerance
Cybersecuri
2) Size & scope of the environment
ty Risk
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
15. Threat Agents The actors causing the threats that might exploit a vulnerability
Types:
1) Corporations - competitive advantage
2) Cybercriminals - profit
3) Cyberterrorists - critical infrastructures/government
4) Cyberwarriors - politically motivated
5) Employees - revenge
6) Hacktivists - politically motivated
7) Nation states - government/private entities
2/
37
, iSACA Cybersecurity Fundamentals Certification Exam Question
With Cor
rect Answers Already
Passed!!
8) Online social hackers - identity theft, profit
9) Script kiddies - learning to hack
16. Attack vector The path or route used to gain access to the target (asset)
Types:
1) Ingress - intrusion
2) Egress - Data removal
17. Attack Attributes 1) Attack Vector
2) Payload
3) Exploit
4) Vulnerability
5) Target (Asset)
18. Threat Process 1) Perform reconnaissance (gathering information)
2) Create attack tools
3) Deliver malicious capabilities
4) Exploit and compromise
5) Conduct an attack
6) Achieve results
7) Maintain a presence or set of capabilities
8) Coordinate a campaign
19. Malware Def: software designed to infiltrate or damage a computer system without
the
user's informed consent
Examples: Viruses, network worms, Trojan horses
20. Policies communicate required and prohibited activities and behaviors
21. Standards Interpret policies in specific situations
3/
37
, iSACA Cybersecurity Fundamentals Certification Exam Question
With Cor
rect Answers Already
Passed!!
22. Procedures Provide details on how to comply with policies and standards
23. Guidelines Provide general guidance on issues; not requirements but strongly
recommended
24. Defense in Depth Layering defenses to provide added protection
Types:
1) Concentric rings
2) Overlapping Redundancy
3) Segregation
25. Security A well-defined boundary between the organization and the outside
perime- ter world. Cyber- security emphasizes the system-centric model (placing
controls at the network level)
26. Internet
Secure access to the Internet for enterprise employees and guest users,
Perime- ter
regard- less of location.
It should...
1) Route traflc between enterprise & internet
2) Prevent executable files from being transferred through email
attach- ments/browsing
3) Monitor internal/external network ports
4) Detect & block traflc from infected internal end point
5) Control user traflc bound for the internet
6) Identify and block malicious packets
7) Eliminate threats such as email spam, viruses
8) Enforce filtering policies to block access to websites containing malwa
9) Provide protection for VPNs, WANs, and WLANs
27. Open Sys-
tems Intercon- a seven-layer architecture for defining how data is transmitted from
computer to computer in a network, from the physical connection to
4/
37
With Cor
rect Answers Already
Passed!!
1. Confidentiality Protection from unauthorized access
2. integrity Protection from unauthorized modification
3. Availability protection from disruptions in access
4. Cybersecurity the protection of information assets (digital assets) by addressing threats t
information processed, stored, and transported by internetworked informati
systems
5. NIST IPDRR
Functions to
Protect Digital 1) Identify
Assets 2) Protect
3) Detect
4) Respond
5) Recover
6. Nonrepudiation Def: ensuring that a message or other piece of information is genuine
Examples: digital signatures and transaction logs
7. Risk combination of the probability of an event and its consequences, mitigated
through controls
8. Threat Anything that is capable of acting against an asset in a harmful manner
9. Asset something of either tangible or intangible value that is worth protecting
10. Vulnerability A weakness in the design, implementation, operation or internal control of
process that could expose the system to adverse threats from threat events
11. Inherent risk
1/
37
, iSACA Cybersecurity Fundamentals Certification Exam Question
With Cor
rect Answers Already
Passed!!
The risk level or exposure without taking into account the actions that
manage- ment has taken or might take (e.g., implementing controls)
12. Residual risk the risk that remains after management implements internal controls or
some
other response to risk
13. Likelihood A.K.A probability
measure of frequency of which an event may occur, which depends on the
threat and vulnerability
14. Approaches Dependent on:
to 1) Risk tolerance
Cybersecuri
2) Size & scope of the environment
ty Risk
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
15. Threat Agents The actors causing the threats that might exploit a vulnerability
Types:
1) Corporations - competitive advantage
2) Cybercriminals - profit
3) Cyberterrorists - critical infrastructures/government
4) Cyberwarriors - politically motivated
5) Employees - revenge
6) Hacktivists - politically motivated
7) Nation states - government/private entities
2/
37
, iSACA Cybersecurity Fundamentals Certification Exam Question
With Cor
rect Answers Already
Passed!!
8) Online social hackers - identity theft, profit
9) Script kiddies - learning to hack
16. Attack vector The path or route used to gain access to the target (asset)
Types:
1) Ingress - intrusion
2) Egress - Data removal
17. Attack Attributes 1) Attack Vector
2) Payload
3) Exploit
4) Vulnerability
5) Target (Asset)
18. Threat Process 1) Perform reconnaissance (gathering information)
2) Create attack tools
3) Deliver malicious capabilities
4) Exploit and compromise
5) Conduct an attack
6) Achieve results
7) Maintain a presence or set of capabilities
8) Coordinate a campaign
19. Malware Def: software designed to infiltrate or damage a computer system without
the
user's informed consent
Examples: Viruses, network worms, Trojan horses
20. Policies communicate required and prohibited activities and behaviors
21. Standards Interpret policies in specific situations
3/
37
, iSACA Cybersecurity Fundamentals Certification Exam Question
With Cor
rect Answers Already
Passed!!
22. Procedures Provide details on how to comply with policies and standards
23. Guidelines Provide general guidance on issues; not requirements but strongly
recommended
24. Defense in Depth Layering defenses to provide added protection
Types:
1) Concentric rings
2) Overlapping Redundancy
3) Segregation
25. Security A well-defined boundary between the organization and the outside
perime- ter world. Cyber- security emphasizes the system-centric model (placing
controls at the network level)
26. Internet
Secure access to the Internet for enterprise employees and guest users,
Perime- ter
regard- less of location.
It should...
1) Route traflc between enterprise & internet
2) Prevent executable files from being transferred through email
attach- ments/browsing
3) Monitor internal/external network ports
4) Detect & block traflc from infected internal end point
5) Control user traflc bound for the internet
6) Identify and block malicious packets
7) Eliminate threats such as email spam, viruses
8) Enforce filtering policies to block access to websites containing malwa
9) Provide protection for VPNs, WANs, and WLANs
27. Open Sys-
tems Intercon- a seven-layer architecture for defining how data is transmitted from
computer to computer in a network, from the physical connection to
4/
37
