(ISC)2 Practice Exam 1 Questions with 100% Correct Answers | Verified | Updated 2024, 100 Questions and Answers.

(ISC)2 Practice Exam 1 Questions with 100% Correct Answers | Verified | Updated 2024, 100 Questions and Answers. The process of verifying or proving the user's identification is known as: Authentication Which of the following properties is NOT guaranteed by Digital Signatures? Confidentiality Which of the following Cybersecurity concepts guarantees that information is accessible only to those authorized to access it? Confidentiality Sensitivity is a measure of the ...: ... importance assigned to information by its owner, or the purpose of representing its need for protection. Which of the following areas is the most distinctive property of PHI? Confidentiality Which of the following areas is connected to PII? Confidentiality An exploitable weakness or flaw in a system or component is a: Vulnerability The magnitude of the harm expected as a result of the consequences of an unauthorized disclosure, modification, destruction, or loss of information, is known as the: Impact Risk Management is: The identification, evaluation and prioritization of risk In risk management, the highest priority is given to a risk where: The frequency of occurrence is low, and the expected impact value is high An entity that acts to exploit a target organization's system vulnerabilities is a: Threat Actor Which of the following is an example of a technical security control? Access Control Lists When a company hires an insurance company to mitigate risk, which risk management technique is being applied? Risk Transfer Which of the following is NOT an example of a physical security control? Firewalls Which of the following is an example of an administrative security control? Acceptable Use Policies A Security safeguard is the same as a: Security control Which of the following are NOT types of security controls? Storage Controls A biometric reader that grants access to a computer system in a data center is a: Technical Control The implementation of Security Controls is a form of: Risk reduction According to the canon "Provide diligent and competent service to principals", ISC2 professionals are to: Avoid apparent or actual conflicts of interest. Which of the following canons is found in the ISC2 code of ethics? Provide diligent and competent service to principals Which of the following is NOT an ethical canon of the ISC2? Provide active and qualified service to principal The detailed steps to complete tasks supporting departmental or organizational policies are typically documented in: Procedures Governments can impose financial penalties as a consequence of breaking a: Regulation Which of the following documents contains elements that are NOT mandatory? Guidelines Which of these has the PRIMARY objective of identifying and prioritizing critical business processes? Business Impact Analysis The predetermined set of instructions or procedures to sustain business operations after a disaster is commonly known as: Business Continuity Plan Which of these is the most efficient and effective way to test a business continuity plan? Simulations After an earthquake disrupting business operations, which document contains the procedures required to return business to normal operation? The Disaster Recovery Plan Which of these is the PRIMARY objective of a Disaster Recovery Plan? Restore company operation to the last-known reliable operation state In the event of a disaster, which of these should be the PRIMARY objective? (★) Guarantee the safety of people Which of the following is less likely to be part of an incident response team? Human Resources Which are the components of an incident response plan? Preparation - Detection and Analysis - Containment, Eradication and Recovery - Post-Incident Activity In incident terminology, the meaning of Zero Day is: A previously unknown system vulnerability In which of the following phases of an Incident Recovery Plan are incident responses prioritized? Detection and Analysis Which of the following is NOT a possible model for an Incident Response Team (IRT)? Pre-existing Which security principle states that a user should only have the necessary permission to execute a task? Least Privilege Which concept describes an information security strategy that integrates people, technology and operations in order to establish security controls across multiple layers of the organization?