(ISC)2 Certified In Cybersecurity - Exam Prep Questions With 100% Correct Answers 2024, 598 Questions and Correct Answers, With Complete Solution.

(ISC)2 Certified In Cybersecurity - Exam Prep Questions With 100% Correct Answers 2024, 598 Questions and Correct Answers, With Complete Solution. Document specific requirements that a customer has about any aspect of a vendor's service performance. A) DLR B) Contract C) SLR D) NDA C) SLR (Service-Level Requirements) _________ identifies and triages risks. Risk Assessment _________ are external forces that jeopardize security. Threats _________ are methods used by attackers. Threat Vectors _________ are the combination of a threat and a vulnerability. Risks We rank risks by _________ and _________. Likelihood and impact _________ use subjective ratings to evaluate risk likelihood and impact. Qualitative Risk Assessment _________ use objective numeric ratings to evaluate risk likelihood and impact. Quantitative Risk Assessment _________ analyzes and implements possible responses to control risk. Risk Treatment _________ changes business practices to make a risk irrelevant. Risk Avoidance _________ reduces the likelihood or impact of a risk. Risk Mitigation An organization's _________ is the set of risks that it faces. Risk Profile _________ Initial Risk of an organization. Inherent Risk _________ Risk that remains in an organization after controls. Residual Risk _________ is the level of risk an organization is willing to accept. Risk Tolerance _________ reduce the likelihood or impact of a risk and help identify issues. Security Controls _________ stop a security issue from occurring. Preventive Control _________ identify security issues requiring investigation. Detective Control _________ remediate security issues that have occurred. Recovery Control Hardening == Preventative Virus == Detective Backups == Recovery For exam (Local and Technical Controls are the same) _________ use technology to achieve control objectives. Technical Controls _________ use processes to achieve control objectives. Administrative Controls _________ impact the physical world. Physical Controls _________ tracks specific device settings. Configuration Management _________ provide a configuration snapshot. Baselines (track changes) _________ assigns numbers to each version. Versioning _________ serve as important configuration artifacts. Diagrams _________ and _________ help ensure a stable operating environment. Change and Configuration Management Purchasing an insurance policy is an example of which risk management strategy? Risk Transference What two factors are used to evaluate a risk? Likelihood and Impact What term best describes making a snapshot of a system or application at a point in time for later comparison? Baselining What type of security control is designed to stop a security issue from occurring in the first place? Preventive What term describes risks that originate inside the organization? Internal What four items belong to the security policy framework? Policies, Standards, Guidelines, Procedures _________ describe an organization's security expectations. Policies (mandatory and approved at the highest level of an organization) _________ describe specific security controls and are often derived from policies. Standards (mandatory) _________ describe best practices. Guidelines (recommendations/advice and compliance is not mandatory) _________ step-by-step instructions. Procedures (not mandatory) _________ describe authorized uses of technology. Acceptable Use Policies (AUP) _________ describe how to protect sensitive information. Data Handling Policies _________ cover password security practices. Password Policies _________ cover use of personal devices with company information. Bring Your Own Device (BYOD) Policies _________ cover the use of personally identifiable information. Privacy Policies _________ cover the documentation, approval, and rollback of technology changes. Change Management Policies Which element of the security policy framework includes suggestions that are not mandatory? Guidelines What law applies to the use of personal information belonging to European Union residents? GDPR What type of security policy normally describes how users may access business information with their own devices? BYOD Policy _________ the set of controls designed to keep a business running in the face of adversity, whether natural or man-made. Business Continuity Planning (BCP) BCP is also known as _________. Continuity of Operations Planning (COOP) Defining the BCP Scope: What business activities will the plan cover? What systems will it cover? What controls will it consider? _________ identifies and prioritizes risks. Business Impact Assessment BCP in the cloud requires _________ between providers and customers. Collaboration _________ protects against the failure of a single component. Redundancy _________ identifies and removes SPOFs. Single Point of Failure Analysis _________ continues until the cost of addressing risks outweighs the benefit. SPOF Analysis _________ uses multiple systems to protect against service failure. High Availability _________ makes a single system resilient against technical failures. Fault Tolerance _________ spreads demand across systems. Load Balancing 3 Common Points of Failure in a system. Power Supply, Storage Media, Networking Disk Mirroring is which RAID level? 1 Disk striping with parity is which RAID level? 5 (uses 3 or more disks to store data) What goal of security is enhanced by a strong business continuity program? Availability What is the minimum number of disk required to perform RAID level 5? 3 What type of control are we using if we supplement a single firewall with a second standby firewall ready to assume responsibility if the primary firewall fails? High Availability _________ provide structure during cybersecurity incidents. Incident Response Plan _________ describe the policies and procedures governing cybersecurity incidents. Incident Response Plans _________ leads to strong incident response. Prior Planning Incident Response Plans should include: Statement of Purpose, Strategies and goals for incident response, Approach to incident response, Communication with other groups, Senior leadership approval _________ should be consulted when developing a plan. NIST SP 800-61 Incident response teams must have personnel available _________. 24/7 _________ is crucial to effective incident identification. Monitoring _________ security solution that collects information from diverse sources, analyzes it for signs for security incidents and retains it for later use. Security Incident and Event Management (SIEM) The highest priority of a first responder must be containing damage through _________. Isolation During an incident response, what is the highest priority of first responders? Containing the damage You are normally required to report security incidents to law enforcement if you believe a law may have been violated. True or False False _________ restores normal operations as quickly as possible. Disaster Recovery What are the initial response goals regarding Disaster Recovery? Contain the Damage, Recover normal operations _________ is the amount of time to restore service. Recovery Time Objective (RTO) _________ is the amount of data to recover. Recovery Point Objective (RPO) _________ is the percentage of service to restore. Recovery Service Level (RSL) _________ provide a data "safety net" Backups Types of Backup Media: Tape backups, Disk-to-disk backups, Cloud backups _________ include a complete copy of all data. Full Backups _________ are types of full backups. Snapshots and Images _________ include all data modified since the last full backup. Differential Backups _________ include all data modified since the last full or incremental backup. Incremental Backups Joe performs full backups every Sunday evening and differential backups every weekday evening. His system fails on Friday morning. What backups does he restore? Sunday's FULL backup (To establish a base), Thursday's differential backup (To grab the latest data change) Joe performs full backups every Sunday evening and incremental backups every weekday evening. His system fails on Friday morning. What backups does he restore? Sunday's FULL backup (To establish a base), Monday, Tuesday, Wednesday, and Thursday incremental backups _________ provide alternate data processing. Disaster Recovery Sites Disaster Recovery Facility Sites: Hot Site, Cold Site, Warm Site _________ fully operational data centers stock with equipment an data and are available at a moment's notice. Very expensive. Hot Site _________ empty data centers stock with core equipment, network, and environmental controls but do not have servers. Relatively Inexpensive but can take weeks or even months to become operational. Colt Site _________ stock with all necessary equipment and data but are not maintained in a parallel fashion. Similar in expense to hot sites and can become operational in hours or days. Warm Site _________ these are geographically distant, offer site resiliency, require manual transfer or site replication through SAN or VM and provide online or offline backups. Offsite Storage Disaster Recovery Testing Goals: Validate that the plan functions correctly, Identify necessary plan updates Disaster Recovery Test types: Read-through, Walk-through, Simulation, Parallel Test, Full interruption test _________ ask each team member to review their role in the disaster recovery process and provide feedback. Read-throughs _________ gather the team together for a formal review of the disaster recovery plan. Walk-throughs (aka Tabletop exercise) _________ use a practice scenario to test the disaster recovery plan. Simulations _________ activate the disaster recovery environment but do not switch operations there. Parallel tests _________ this switches primary operations to the alternate environment and can be very disruptive to business. Full Interruption tests Which type of backup includes only those files that have changes since the most recent full or incremental backup? Incremental (Revisit) What disaster recovery metric provides the targeted amount of time to restore a service after a failure? RTO (Revisit) Which disaster recovery tests involve the actual activation of the DR site? Parallel What type of disaster recovery site is able to be activated most quickly in the event of a disruption? Hot site Within the organization, who can identify risk? (D1, L1.2.2) A) The security manager B) Any security team member C) Senior management D) Anyone D) Anyone Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)² certification exam. What should Glen do? (D1, L1.5.1) A) Nothing B) Inform (ISC)² C) Inform law enforcement D) Inform Glen's employer B) Inform (ISC)² A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________. (D1, L1.1.1) A) Non-repudiation B) Multifactor authentication C) Biometrics D) Privacy A) Non-repudiation In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset. (D1, L1.2.1) A) Fear B) Threat C) Control D) Asset B) Threat A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. (D1, L1.3.1) A) Physical B) Administrative C) Passive D) Technical D) Technical Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do? (D1, L1.5.1) A) Nothing B) Stop participating in the group C) Report the group to law enforcement D) Report the group to (ISC)² B) Stop participating in the group The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1)