(ISC)2 Certified in Cybersecurity – Exam
2024
Document specific requirements that a customer has about any aspect of a vendor's service
performance.
A) DLR
B) Contract
C) SLR
D) NDA - Answer ✔✔C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - Answer ✔✔Risk Assessment
_________ are external forces that jeopardize security. - Answer ✔✔Threats
_________ are methods used by attackers. - Answer ✔✔Threat Vectors
_________ are the combination of a threat and a vulnerability. - Answer ✔✔Risks
We rank risks by _________ and _________. - Answer ✔✔Likelihood and impact
_________ use subjective ratings to evaluate risk likelihood and impact. - Answer ✔✔Qualitative Risk
Assessment
_________ use objective numeric ratings to evaluate risk likelihood and impact. - Answer
✔✔Quantitative Risk Assessment
_________ analyzes and implements possible responses to control risk. - Answer ✔✔Risk Treatment
,_________ changes business practices to make a risk irrelevant. - Answer ✔✔Risk Avoidance
_________ reduces the likelihood or impact of a risk. - Answer ✔✔Risk Mitigation
An organization's _________ is the set of risks that it faces. - Answer ✔✔Risk Profile
_________ Initial Risk of an organization. - Answer ✔✔Inherent Risk
_________ Risk that remains in an organization after controls. - Answer ✔✔Residual Risk
_________ is the level of risk an organization is willing to accept. - Answer ✔✔Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify issues. - Answer ✔✔Security
Controls
_________ stop a security issue from occurring. - Answer ✔✔Preventive Control
_________ identify security issues requiring investigation. - Answer ✔✔Detective Control
_________ remediate security issues that have occurred. - Answer ✔✔Recovery Control
Hardening == Preventative - Answer ✔✔Virus == Detective
Backups == Recovery - Answer ✔✔For exam (Local and Technical Controls are the same)
_________ use technology to achieve control objectives. - Answer ✔✔Technical Controls
_________ use processes to achieve control objectives. - Answer ✔✔Administrative Controls
,_________ impact the physical world. - Answer ✔✔Physical Controls
_________ tracks specific device settings. - Answer ✔✔Configuration Management
_________ provide a configuration snapshot. - Answer ✔✔Baselines (track changes)
_________ assigns numbers to each version. - Answer ✔✔Versioning
_________ serve as important configuration artifacts. - Answer ✔✔Diagrams
_________ and _________ help ensure a stable operating environment. - Answer ✔✔Change and
Configuration Management
Purchasing an insurance policy is an example of which risk management strategy? - Answer ✔✔Risk
Transference
What two factors are used to evaluate a risk? - Answer ✔✔Likelihood and Impact
What term best describes making a snapshot of a system or application at a point in time for later
comparison? - Answer ✔✔Baselining
What type of security control is designed to stop a security issue from occurring in the first place? -
Answer ✔✔Preventive
What term describes risks that originate inside the organization? - Answer ✔✔Internal
What four items belong to the security policy framework? - Answer ✔✔Policies, Standards, Guidelines,
Procedures
, _________ describe an organization's security expectations. - Answer ✔✔Policies (mandatory and
approved at the highest level of an organization)
_________ describe specific security controls and are often derived from policies. - Answer
✔✔Standards (mandatory)
_________ describe best practices. - Answer ✔✔Guidelines (recommendations/advice and compliance
is not mandatory)
_________ step-by-step instructions. - Answer ✔✔Procedures (not mandatory)
_________ describe authorized uses of technology. - Answer ✔✔Acceptable Use Policies (AUP)
_________ describe how to protect sensitive information. - Answer ✔✔Data Handling Policies
_________ cover password security practices. - Answer ✔✔Password Policies
_________ cover use of personal devices with company information. - Answer ✔✔Bring Your Own
Device (BYOD) Policies
_________ cover the use of personally identifiable information. - Answer ✔✔Privacy Policies
_________ cover the documentation, approval, and rollback of technology changes. - Answer
✔✔Change Management Policies
Which element of the security policy framework includes suggestions that are not mandatory? - Answer
✔✔Guidelines
What law applies to the use of personal information belonging to European Union residents? - Answer
✔✔GDPR
2024
Document specific requirements that a customer has about any aspect of a vendor's service
performance.
A) DLR
B) Contract
C) SLR
D) NDA - Answer ✔✔C) SLR (Service-Level Requirements)
_________ identifies and triages risks. - Answer ✔✔Risk Assessment
_________ are external forces that jeopardize security. - Answer ✔✔Threats
_________ are methods used by attackers. - Answer ✔✔Threat Vectors
_________ are the combination of a threat and a vulnerability. - Answer ✔✔Risks
We rank risks by _________ and _________. - Answer ✔✔Likelihood and impact
_________ use subjective ratings to evaluate risk likelihood and impact. - Answer ✔✔Qualitative Risk
Assessment
_________ use objective numeric ratings to evaluate risk likelihood and impact. - Answer
✔✔Quantitative Risk Assessment
_________ analyzes and implements possible responses to control risk. - Answer ✔✔Risk Treatment
,_________ changes business practices to make a risk irrelevant. - Answer ✔✔Risk Avoidance
_________ reduces the likelihood or impact of a risk. - Answer ✔✔Risk Mitigation
An organization's _________ is the set of risks that it faces. - Answer ✔✔Risk Profile
_________ Initial Risk of an organization. - Answer ✔✔Inherent Risk
_________ Risk that remains in an organization after controls. - Answer ✔✔Residual Risk
_________ is the level of risk an organization is willing to accept. - Answer ✔✔Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify issues. - Answer ✔✔Security
Controls
_________ stop a security issue from occurring. - Answer ✔✔Preventive Control
_________ identify security issues requiring investigation. - Answer ✔✔Detective Control
_________ remediate security issues that have occurred. - Answer ✔✔Recovery Control
Hardening == Preventative - Answer ✔✔Virus == Detective
Backups == Recovery - Answer ✔✔For exam (Local and Technical Controls are the same)
_________ use technology to achieve control objectives. - Answer ✔✔Technical Controls
_________ use processes to achieve control objectives. - Answer ✔✔Administrative Controls
,_________ impact the physical world. - Answer ✔✔Physical Controls
_________ tracks specific device settings. - Answer ✔✔Configuration Management
_________ provide a configuration snapshot. - Answer ✔✔Baselines (track changes)
_________ assigns numbers to each version. - Answer ✔✔Versioning
_________ serve as important configuration artifacts. - Answer ✔✔Diagrams
_________ and _________ help ensure a stable operating environment. - Answer ✔✔Change and
Configuration Management
Purchasing an insurance policy is an example of which risk management strategy? - Answer ✔✔Risk
Transference
What two factors are used to evaluate a risk? - Answer ✔✔Likelihood and Impact
What term best describes making a snapshot of a system or application at a point in time for later
comparison? - Answer ✔✔Baselining
What type of security control is designed to stop a security issue from occurring in the first place? -
Answer ✔✔Preventive
What term describes risks that originate inside the organization? - Answer ✔✔Internal
What four items belong to the security policy framework? - Answer ✔✔Policies, Standards, Guidelines,
Procedures
, _________ describe an organization's security expectations. - Answer ✔✔Policies (mandatory and
approved at the highest level of an organization)
_________ describe specific security controls and are often derived from policies. - Answer
✔✔Standards (mandatory)
_________ describe best practices. - Answer ✔✔Guidelines (recommendations/advice and compliance
is not mandatory)
_________ step-by-step instructions. - Answer ✔✔Procedures (not mandatory)
_________ describe authorized uses of technology. - Answer ✔✔Acceptable Use Policies (AUP)
_________ describe how to protect sensitive information. - Answer ✔✔Data Handling Policies
_________ cover password security practices. - Answer ✔✔Password Policies
_________ cover use of personal devices with company information. - Answer ✔✔Bring Your Own
Device (BYOD) Policies
_________ cover the use of personally identifiable information. - Answer ✔✔Privacy Policies
_________ cover the documentation, approval, and rollback of technology changes. - Answer
✔✔Change Management Policies
Which element of the security policy framework includes suggestions that are not mandatory? - Answer
✔✔Guidelines
What law applies to the use of personal information belonging to European Union residents? - Answer
✔✔GDPR
