iSACA Cybersecurity Fundamentals
Certification Exam with complete
solution 2022
Confidentiality - ANSWER Protection from unauthorized access
integrity - ANSWER Protection from unauthorized modification
Availability - ANSWER protection from disruptions in access
Cybersecurity - ANSWER the protection of information assets (digital assets) by
addressing threats to information processed, stored, and transported by internetworked
information systems
NIST Functions to Protect Digital Assets - ANSWER IPDRR
1) Identify
2) Protect
3) Detect
4) Respond
5) Recover
Nonrepudiation - ANSWER Def: ensuring that a message or other piece of information
is genuine
Examples: digital signatures and transaction logs
Risk - ANSWER combination of the probability of an event and its consequences,
mitigated through controls
Threat - ANSWER Anything that is capable of acting against an asset in a harmful
manner
Asset - ANSWER something of either tangible or intangible value that is worth
protecting
Vulnerability - ANSWER A weakness in the design, implementation, operation or
internal control of a process that could expose the system to adverse threats from threat
events
Inherent risk - ANSWER The risk level or exposure without taking into account the
actions that management has taken or might take (e.g., implementing controls)
Residual risk - ANSWER the risk that remains after management implements internal
controls or some other response to risk
,iSACA Cybersecurity Fundamentals
Certification Exam with complete
solution 2022
Likelihood - ANSWER A.K.A probability
measure of frequency of which an event may occur, which depends on the threat and
vulnerability
Approaches to Cybersecurity Risk - ANSWER Dependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
Threat Agents - ANSWER The actors causing the threats that might exploit a
vulnerability
Types:
1) Corporations - competitive advantage
2) Cybercriminals - profit
3) Cyberterrorists - critical infrastructures/government
4) Cyberwarriors - politically motivated
5) Employees - revenge
6) Hacktivists - politically motivated
7) Nation states - government/private entities
8) Online social hackers - identity theft, profit
9) Script kiddies - learning to hack
Attack vector - ANSWER The path or route used to gain access to the target (asset)
Types:
1) Ingress - intrusion
2) Egress - Data removal
Attack Attributes - ANSWER 1) Attack Vector
2) Payload
3) Exploit
4) Vulnerability
5) Target (Asset)
Threat Process - ANSWER 1) Perform reconnaissance (gathering information)
, iSACA Cybersecurity Fundamentals
Certification Exam with complete
solution 2022
2) Create attack tools
3) Deliver malicious capabilities
4) Exploit and compromise
5) Conduct an attack
6) Achieve results
7) Maintain a presence or set of capabilities
8) Coordinate a campaign
Malware - ANSWER Def: software designed to infiltrate or damage a computer system
without the user's informed consent
Examples: Viruses, network worms, Trojan horses
Policies - ANSWER communicate required and prohibited activities and behaviors
Standards - ANSWER Interpret policies in specific situations
Procedures - ANSWER Provide details on how to comply with policies and standards
Guidelines - ANSWER Provide general guidance on issues; not requirements but
strongly recommended
Defense in Depth - ANSWER Layering defenses to provide added protection
Types:
1) Concentric rings
2) Overlapping Redundancy
3) Segregation
Security perimeter - ANSWER A well-defined boundary between the organization and
the outside world. Cybersecurity emphasizes the system-centric model (placing controls
at the network level)
Internet Perimeter - ANSWER Secure access to the Internet for enterprise employees
and guest users, regardless of location.
It should...
1) Route traffic between enterprise & internet
2) Prevent executable files from being transferred through email attachments/browsing
3) Monitor internal/external network ports
4) Detect & block traffic from infected internal end point
5) Control user traffic bound for the internet
Certification Exam with complete
solution 2022
Confidentiality - ANSWER Protection from unauthorized access
integrity - ANSWER Protection from unauthorized modification
Availability - ANSWER protection from disruptions in access
Cybersecurity - ANSWER the protection of information assets (digital assets) by
addressing threats to information processed, stored, and transported by internetworked
information systems
NIST Functions to Protect Digital Assets - ANSWER IPDRR
1) Identify
2) Protect
3) Detect
4) Respond
5) Recover
Nonrepudiation - ANSWER Def: ensuring that a message or other piece of information
is genuine
Examples: digital signatures and transaction logs
Risk - ANSWER combination of the probability of an event and its consequences,
mitigated through controls
Threat - ANSWER Anything that is capable of acting against an asset in a harmful
manner
Asset - ANSWER something of either tangible or intangible value that is worth
protecting
Vulnerability - ANSWER A weakness in the design, implementation, operation or
internal control of a process that could expose the system to adverse threats from threat
events
Inherent risk - ANSWER The risk level or exposure without taking into account the
actions that management has taken or might take (e.g., implementing controls)
Residual risk - ANSWER the risk that remains after management implements internal
controls or some other response to risk
,iSACA Cybersecurity Fundamentals
Certification Exam with complete
solution 2022
Likelihood - ANSWER A.K.A probability
measure of frequency of which an event may occur, which depends on the threat and
vulnerability
Approaches to Cybersecurity Risk - ANSWER Dependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
Threat Agents - ANSWER The actors causing the threats that might exploit a
vulnerability
Types:
1) Corporations - competitive advantage
2) Cybercriminals - profit
3) Cyberterrorists - critical infrastructures/government
4) Cyberwarriors - politically motivated
5) Employees - revenge
6) Hacktivists - politically motivated
7) Nation states - government/private entities
8) Online social hackers - identity theft, profit
9) Script kiddies - learning to hack
Attack vector - ANSWER The path or route used to gain access to the target (asset)
Types:
1) Ingress - intrusion
2) Egress - Data removal
Attack Attributes - ANSWER 1) Attack Vector
2) Payload
3) Exploit
4) Vulnerability
5) Target (Asset)
Threat Process - ANSWER 1) Perform reconnaissance (gathering information)
, iSACA Cybersecurity Fundamentals
Certification Exam with complete
solution 2022
2) Create attack tools
3) Deliver malicious capabilities
4) Exploit and compromise
5) Conduct an attack
6) Achieve results
7) Maintain a presence or set of capabilities
8) Coordinate a campaign
Malware - ANSWER Def: software designed to infiltrate or damage a computer system
without the user's informed consent
Examples: Viruses, network worms, Trojan horses
Policies - ANSWER communicate required and prohibited activities and behaviors
Standards - ANSWER Interpret policies in specific situations
Procedures - ANSWER Provide details on how to comply with policies and standards
Guidelines - ANSWER Provide general guidance on issues; not requirements but
strongly recommended
Defense in Depth - ANSWER Layering defenses to provide added protection
Types:
1) Concentric rings
2) Overlapping Redundancy
3) Segregation
Security perimeter - ANSWER A well-defined boundary between the organization and
the outside world. Cybersecurity emphasizes the system-centric model (placing controls
at the network level)
Internet Perimeter - ANSWER Secure access to the Internet for enterprise employees
and guest users, regardless of location.
It should...
1) Route traffic between enterprise & internet
2) Prevent executable files from being transferred through email attachments/browsing
3) Monitor internal/external network ports
4) Detect & block traffic from infected internal end point
5) Control user traffic bound for the internet
