ISC Certified in Cybersecurity Complete
Questions with 100% Correct Answers
Adequate Security
Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse or
unauthorized access to or modification of information.
Administrative Controls
Controls implemented through policy and procedures. Often enforced in conjunction with physical
and/or technical controls, such as an access-granting policy for new users that requires login and
approval by the hiring manager.
Adverse Events
Events with a negative consequence. (Ex. System crashes, network packet floods, unauthorized use of
system privileges, defacement of a web page or execution of malicious code that destroys data.)
Application Programming Interface (API)
A set of routines, standards, protocols, and tools for building software applications to access a web-
based software application or web tool.
Application Server
A computer responsible for hosting applications to user workstations.
Artificial Intelligence (Ai)
The ability of computers and robots to simulate human intelligence and behavior.
Asset
Anything of value that is owned by an organization. Assets include both tangible items such as
information systems and physical property and intangible assets such as intellectual property.
Asymmetric Encryption
An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext.
Audit
Independent review and examination of records and activities to assess the adequacy of system
controls, to ensure compliance with established policies and operational procedures.
Authentication
The act of identifying or verifying the eligibility of a station, originator, or individual to access specific
categories of information. Typically, a measure designed to protect against fraudulent transmissions
by establishing the validity of a transmission, message, station or originator.
Authorization
The right or permission that is granted to a system entity to access a system resource.
,Availability
Ensuring timely and reliable access to and use of information by authorized users. Also means that
systems and data are accessible at the time users need them.
Baseline
A documented, lowest level of security configuration allowed by a standard or organization.
Biometric
Biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns.
Bit
The most essential representation of data (zero or one) at Layer 1 of the Open Systems
Interconnection (OSI) model.
Bot
Malicious code that acts like a remotely controlled "robot" for an attacker, with other Trojan and
worm capabilities.
Breach
The loss of control, compromise, unauthorized disclosure, unauthorized acquisition or any similar
occurrence where: a person other than an authorized user accesses or potentially accesses personally
identifiable information; or an authorized user accesses personally identifiable information for other
than an authorized purpose.
Broadcast
Broadcast transmission is a one-to-many (one-to-everyone) form of sending internet traffic.
Business Continuity (BC)
Actions, processes and tools for ensuring an organization can continue critical operations during a
contingency.
Business Continuity Plan (BCP)
The documentation of a predetermined set of instructions or procedures that describe how an
organization's mission/business processes will be sustained during and after a significant disruption.
Business Impact Analysis (BIA)
An analysis of an information system's requirements, functions, and interdependencies used to
characterize system contingency requirements and priorities in the event of a significant disruption.
Byte
The byte is a unit of digital information that most commonly consists of eight bits.
Checksum
A digit representing the sum of the correct digits in a piece of stored or transmitted digital data,
against which later comparisons can be made to detect errors in the data.
, Ciphertext
The altered form of a plaintext message so it is unreadable for anyone except the intended recipients.
In other words, it has been turned into a secret.
Classification
Classification identifies the degree of harm to the organization, its stakeholders or others that might
result if an information asset is divulged to an unauthorized person, process or organization. In short,
classification is focused first and foremost on maintaining the confidentiality of the data, based on the
data sensitivity.
Classified or Sensitive Information
Information that has been determined to require protection against unauthorized disclosure and is
marked to indicate its classified status and classification level when in documentary form.
Cloud Computing
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage, applications, and services) that
can be rapidly provisioned and released with minimal management effort or service provider
interaction.
Community Cloud
A system in which the cloud infrastructure is provisioned for exclusive use by a specific community of
consumers from organizations that have shared concerns (e.g., mission, security requirements, policy
and compliance considerations). It may be owned, managed and operated by one or more of the
organizations in the community, a third party or some combination of them, and it may exist on or off
premises.
Confidentiality
The characteristic of data or information when it is not made available or disclosed to unauthorized
persons or processes. Relates to permitting authorized access to information, while at the same time
protecting information from improper disclosure.
Configuration Management
A process and discipline used to ensure that the only changes made to a system are those that have
been authorized and validated.
Crime Prevention through Environment Design (CPTED)
An architectural approach to the design of buildings and spaces that emphasizes passive features to
reduce the likelihood of criminal activity.
Criticality
A measure of the degree to which an organization depends on the information or information system
for the success of a mission or of a business function.
Cryptanalyst
Questions with 100% Correct Answers
Adequate Security
Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse or
unauthorized access to or modification of information.
Administrative Controls
Controls implemented through policy and procedures. Often enforced in conjunction with physical
and/or technical controls, such as an access-granting policy for new users that requires login and
approval by the hiring manager.
Adverse Events
Events with a negative consequence. (Ex. System crashes, network packet floods, unauthorized use of
system privileges, defacement of a web page or execution of malicious code that destroys data.)
Application Programming Interface (API)
A set of routines, standards, protocols, and tools for building software applications to access a web-
based software application or web tool.
Application Server
A computer responsible for hosting applications to user workstations.
Artificial Intelligence (Ai)
The ability of computers and robots to simulate human intelligence and behavior.
Asset
Anything of value that is owned by an organization. Assets include both tangible items such as
information systems and physical property and intangible assets such as intellectual property.
Asymmetric Encryption
An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext.
Audit
Independent review and examination of records and activities to assess the adequacy of system
controls, to ensure compliance with established policies and operational procedures.
Authentication
The act of identifying or verifying the eligibility of a station, originator, or individual to access specific
categories of information. Typically, a measure designed to protect against fraudulent transmissions
by establishing the validity of a transmission, message, station or originator.
Authorization
The right or permission that is granted to a system entity to access a system resource.
,Availability
Ensuring timely and reliable access to and use of information by authorized users. Also means that
systems and data are accessible at the time users need them.
Baseline
A documented, lowest level of security configuration allowed by a standard or organization.
Biometric
Biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns.
Bit
The most essential representation of data (zero or one) at Layer 1 of the Open Systems
Interconnection (OSI) model.
Bot
Malicious code that acts like a remotely controlled "robot" for an attacker, with other Trojan and
worm capabilities.
Breach
The loss of control, compromise, unauthorized disclosure, unauthorized acquisition or any similar
occurrence where: a person other than an authorized user accesses or potentially accesses personally
identifiable information; or an authorized user accesses personally identifiable information for other
than an authorized purpose.
Broadcast
Broadcast transmission is a one-to-many (one-to-everyone) form of sending internet traffic.
Business Continuity (BC)
Actions, processes and tools for ensuring an organization can continue critical operations during a
contingency.
Business Continuity Plan (BCP)
The documentation of a predetermined set of instructions or procedures that describe how an
organization's mission/business processes will be sustained during and after a significant disruption.
Business Impact Analysis (BIA)
An analysis of an information system's requirements, functions, and interdependencies used to
characterize system contingency requirements and priorities in the event of a significant disruption.
Byte
The byte is a unit of digital information that most commonly consists of eight bits.
Checksum
A digit representing the sum of the correct digits in a piece of stored or transmitted digital data,
against which later comparisons can be made to detect errors in the data.
, Ciphertext
The altered form of a plaintext message so it is unreadable for anyone except the intended recipients.
In other words, it has been turned into a secret.
Classification
Classification identifies the degree of harm to the organization, its stakeholders or others that might
result if an information asset is divulged to an unauthorized person, process or organization. In short,
classification is focused first and foremost on maintaining the confidentiality of the data, based on the
data sensitivity.
Classified or Sensitive Information
Information that has been determined to require protection against unauthorized disclosure and is
marked to indicate its classified status and classification level when in documentary form.
Cloud Computing
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage, applications, and services) that
can be rapidly provisioned and released with minimal management effort or service provider
interaction.
Community Cloud
A system in which the cloud infrastructure is provisioned for exclusive use by a specific community of
consumers from organizations that have shared concerns (e.g., mission, security requirements, policy
and compliance considerations). It may be owned, managed and operated by one or more of the
organizations in the community, a third party or some combination of them, and it may exist on or off
premises.
Confidentiality
The characteristic of data or information when it is not made available or disclosed to unauthorized
persons or processes. Relates to permitting authorized access to information, while at the same time
protecting information from improper disclosure.
Configuration Management
A process and discipline used to ensure that the only changes made to a system are those that have
been authorized and validated.
Crime Prevention through Environment Design (CPTED)
An architectural approach to the design of buildings and spaces that emphasizes passive features to
reduce the likelihood of criminal activity.
Criticality
A measure of the degree to which an organization depends on the information or information system
for the success of a mission or of a business function.
Cryptanalyst
