Download isc2 certified in cybersecurity Exam Q&A and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
(ISC)2 Certified in Cybersecurity
Document specific requirements that a customer has about any aspect of a vendor's service performance. A) DLR B) Contract C) SLR D) NDA - C) SLR (Service-Level Requirements) _________ identifies and triages risks. - Risk Assessment _________ are external forces that jeopardize security. - Threats _________ are methods used by attackers. - Threat Vectors _________ are the combination of a threat and a vulnerability. - Risks We rank risks by _________ and _________. - Likelihood and impact _________ use subjective ratings to evaluate risk likelihood and impact. - Qualitative Risk Assessment _________ use objective numeric ratings to evaluate risk likelihood and impact. - Quantitative Risk Assessment _________ analyzes and implements possible responses to control risk. - Risk Treatment _________ changes business practices to make a risk irrelevant. -
Risk Avoidance _________ reduces the likelihood or impact of a risk. - Risk Mitigation An organization's _________ is the set of risks that it faces. - Risk Profile _________ Initial Risk of an organization. - Inherent Risk _________ Risk that remains in an organization after controls. - Residual Risk _________ is the level of risk an organization is willing to accept. - Risk Tolerance _________ reduce the likelihood or impact of a risk and help identify issues. - Security Controls _________ stop a security issue from occurring. - Preventive Control _________ identify security issues requiring investigation. - Detective Control _________ remediate security issues that have occurred. - Recovery Control Hardening == Preventative - Virus == Detective Backups == Recovery - For exam (Local and Technical Controls are the same)
What type of security control is designed to stop a security issue from occurring in the first place? - Preventive What term describes risks that originate inside the organization? - Internal What four items belong to the security policy framework? - Policies, Standards, Guidelines, Procedures _________ describe an organization's security expectations. - Policies (mandatory and approved at the highest level of an organization) _________ describe specific security controls and are often derived from policies. - Standards (mandatory) _________ describe best practices. - Guidelines (recommendations/advice and compliance is not mandatory) _________ step-by-step instructions. - Procedures (not mandatory) _________ describe authorized uses of technology. - Acceptable Use Policies (AUP) _________ describe how to protect sensitive information. - Data Handling Policies _________ cover password security practices. - Password Policies _________ cover use of personal devices with company information. - Bring Your Own Device (BYOD) Policies _________ cover the use of personally identifiable information. -
Privacy Policies _________ cover the documentation, approval, and rollback of technology changes. - Change Management Policies Which element of the security policy framework includes suggestions that are not mandatory? - Guidelines What law applies to the use of personal information belonging to European Union residents? - GDPR What type of security policy normally describes how users may access business information with their own devices? - BYOD Policy _________ the set of controls designed to keep a business running in the face of adversity, whether natural or man-made. - Business Continuity Planning (BCP) BCP is also known as _________. - Continuity of Operations Planning (COOP) Defining the BCP Scope: - What business activities will the plan cover? What systems will it cover? What controls will it consider? _________ identifies and prioritizes risks. - Business Impact Assessment BCP in the cloud requires _________ between providers and customers. - Collaboration _________ protects against the failure of a single component. -
_________ provide structure during cybersecurity incidents. - Incident Response Plan _________ describe the policies and procedures governing cybersecurity incidents. - Incident Response Plans _________ leads to strong incident response. - Prior Planning Incident Response Plans should include: - Statement of Purpose, Strategies and goals for incident response, Approach to incident response, Communication with other groups, Senior leadership approval _________ should be consulted when developing a plan. - NIST SP 800- Incident response teams must have personnel available _________. - 24/ _________ is crucial to effective incident identification. - Monitoring _________ security solution that collects information from diverse sources, analyzes it for signs for security incidents and retains it for later use. - Security Incident and Event Management (SIEM) The highest priority of a first responder must be containing damage through _________.
- Isolation During an incident response, what is the highest priority of first responders? - Containing the damage You are normally required to report security incidents to law enforcement if you believe a law may have been violated. True or False -
False _________ restores normal operations as quickly as possible. - Disaster Recovery What are the initial response goals regarding Disaster Recovery? - Contain the Damage, Recover normal operations _________ is the amount of time to restore service. - Recovery Time Objective (RTO) _________ is the amount of data to recover. - Recovery Point Objective (RPO) _________ is the percentage of service to restore. - Recovery Service Level (RSL) _________ provide a data "safety net" - Backups Types of Backup Media: - Tape backups, Disk-to-disk backups, Cloud backups _________ include a complete copy of all data. - Full Backups _________ are types of full backups. - Snapshots and Images _________ include all data modified since the last full backup. - Differential Backups _________ include all data modified since the last full or incremental backup. - Incremental Backups
Disaster Recovery Test types: - Read-through, Walk-through, Simulation, Parallel Test, Full interruption test _________ ask each team member to review their role in the disaster recovery process and provide feedback. - Read-throughs _________ gather the team together for a formal review of the disaster recovery plan. - Walk-throughs (aka Tabletop exercise) _________ use a practice scenario to test the disaster recovery plan. - Simulations _________ activate the disaster recovery environment but do not switch operations there. - Parallel tests _________ this switches primary operations to the alternate environment and can be very disruptive to business. - Full Interruption tests Which type of backup includes only those files that have changes since the most recent full or incremental backup? - Incremental (Revisit) What disaster recovery metric provides the targeted amount of time to restore a service after a failure? - RTO (Revisit) Which disaster recovery tests involve the actual activation of the DR site? - Parallel What type of disaster recovery site is able to be activated most quickly in the event of a disruption? - Hot site
Within the organization, who can identify risk? (D1, L1.2.2) A) The security manager B) Any security team member C) Senior management D) Anyone - D) Anyone Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)² certification exam. What should Glen do? (D1, L1.5.1) A) Nothing B) Inform (ISC)² C) Inform law enforcement D) Inform Glen's employer - B) Inform (ISC)² A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________. (D1, L1.1.1) A) Non-repudiation B) Multifactor authentication C) Biometrics D) Privacy - A) Non-repudiation In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset. (D1, L1.2.1) A) Fear B) Threat C) Control D) Asset - B) Threat A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. (D1, L1.3.1) A) Physical
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do? (D1, L1.5.1) A) Inform (ISC)² B) Inform law enforcement C) Inform Triffid management D) Nothing - C) Inform Triffid management Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the documents into a safe at the end of the workday, where they are locked up until the following workday. What kind of control is the process of putting the documents into the safe? (D1, L1.3.1) A) Administrative B) Tangential C) Physical D) Technical - A) Administrative Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess a particular threat, and he suggests that the best way to counter this threat would be to purchase and implement a particular security solution. This is an example of _______. (D1, L1.2.2) A) Acceptance B) Avoidance C) Mitigation D) Transference - C) Mitigation The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a _________. (D1, L1.4.1) A) Policy B) Procedure C) Standard D) Law -
B) Procedure The senior leadership of Triffid Corporation decides that the best way to minimize liability for the company is to demonstrate the company's commitment to adopting best practices recognized throughout the industry. Triffid management issues a document that explains that Triffid will follow the best practices published by SANS, an industry body that addresses computer and information security. The Triffid document is a ______, and the SANS documents are ________. (D1, L1.4.2) A) Law, policy B) Policy, standard C) Policy, law D) Procedure, procedure - B) Policy, standard Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do? (D1, L1.5.1) A) Inform (ISC)² B) Explain the style and format of the questions, but no detail C) Inform the colleague's supervisor D) Nothing - B) Explain the style and format of the questions, but no detail Of the following, which would probably not be considered a threat? (D1, L1.2.1) A) Natural disaster B) Unintentional damage to the system caused by a user C) A laptop with sensitive data on it D) An external attacker trying to gain unauthorized access to the environment - C) A laptop with sensitive data on it Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do? (D1, L1.5.1) A) Inform (ISC)² B) Pay the parking ticket C) Inform supervisors at Triffid D) Resign employment from Triffid -
What is the overall objective of a disaster recovery (DR) effort? (D2, L2.3.1) A) Save money B) Return to normal, full operations C) Preserve critical business functions during a disaster D) Enhance public perception of the organization - B) Return to normal, full operations True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs. A) True B) False - B) False An attacker outside the organization attempts to gain access to the organization's internal files. This is an example of a(n) ______. (D2, L2.1.1) A) Intrusion B) Exploit C) Disclosure D) Publication - A) Intrusion What is the most important goal of a business continuity effort? (D2, L2.2.1) A) Ensure all IT systems function during a potential interruption B) Ensure all business activities are preserved during a potential disaster C) Ensure the organization survives a disaster D) Preserve health and human safety - D) Preserve health and human safety What is the risk associated with resuming full normal operations too soon after a DR effort? (D2, L2.3.1) A) The danger posed by the disaster might still be present B) Investors might be upset C) Regulators might disapprove D) The organization could save money - A) The danger posed by the disaster might still be present
What is the goal of an incident response effort? (D2, L2.1.1) A) No incidents ever happen B) Reduce the impact of incidents on operations C) Punish wrongdoers D) Save money - B) Reduce the impact of incidents on operations When should a business continuity plan (BCP) be activated? (D2, L2.2.1) A) As soon as possible B) At the very beginning of a disaster C) When senior management decides D) When instructed to do so by regulators - C) When senior management decides In order for a biometric security to function properly, an authorized person's physiological data must be ______. (D3, L3.2.1) A) Broadcast B) Stored C) Deleted D) Modified - B) Stored At Parvi's place of work, the perimeter of the property is surrounded by a fence; there is a gate with a guard at the entrance. All inner doors only admit personnel with badges, and cameras monitor the hallways. Sensitive data and media are kept in safes when not in use. (D3, L3.1.1) A) Two-person integrity B) Segregation of duties C) Defense in depth D) Penetration testing - C) Defense in depth Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a "classification." Every person in the agency is assigned a "clearance" level, which determines the classification of data each person can access. What is the access control model being implemented in Tekila's agency? (D3, L3.3.1)
Answer: A process of identifying, quantifying, and prioritizing security weaknesses in an organization's systems, applications, and networks. What is the difference between a vulnerability assessment and a penetration test? - Answer: A vulnerability assessment is a non-intrusive evaluation of an organization's security posture, while a penetration test is an intrusive evaluation that attempts to exploit identified vulnerabilities. What is the CIA triad? - Answer: Confidentiality, Integrity, and Availability. What is the difference between confidentiality and privacy? - Answer: Confidentiality refers to the protection of sensitive information from unauthorized access, while privacy refers to an individual's right to control their personal information. What is the principle of least privilege? - Answer: The principle that users and processes should only be given the minimum level of access necessary to perform their duties. What is a firewall? - Answer: A network security device that monitors and controls incoming and outgoing traffic based on a set of rules. What is a DMZ? - Answer: A demilitarized zone, a network segment that is isolated from the internal network and is used to host servers that are accessible from the internet. What is encryption? - Answer: The process of converting plain text into an unreadable format to protect the confidentiality of the data. What is a digital signature? - Answer: An electronic method of verifying the authenticity and integrity of a message or document. What is a certificate authority? -
Answer: An organization that issues digital certificates that can be used to verify the identity of individuals, systems, or organizations. What is a secure socket layer (SSL)? - Answer: A protocol that provides secure communication over the internet by encrypting data between web servers and web browsers. What is a virtual private network (VPN)? - Answer: A technology that creates a secure and encrypted connection between two networks over the internet. What is multi-factor authentication? - Answer: A security mechanism that requires users to provide more than one form of authentication, such as a password and a fingerprint, to gain access to a system. What is a denial of service (DoS) attack? - Answer: An attack that attempts to make a server, network, or website unavailable by overwhelming it with traffic or requests. What is social engineering? - Answer: The use of deception to manipulate individuals into divulging confidential information or performing actions that may not be in their best interest. What is a malware? - Answer: A software that is designed to cause harm or damage to a computer system, network, or data. What is a phishing attack? - Answer: An attack that attempts to trick individuals into revealing sensitive information, such as passwords or credit card numbers, by posing as a trustworthy entity. What is a man-in-the-middle (MitM) attack? - Answer: An attack that intercepts communication between two parties to eavesdrop or modify the data being exchanged. What is a rootkit? -
