ISC CPA Exam 2025 With 100% Correct
Answers
CIS control 2: inventory and control of software assets - CORRECT ANSWER✔✔Actively manage
all software on the network so that only authorized software is installed and can execute, and
that unauthorized and unmanaged software is found and prevented from installation or
execution.
NIST CSF Framework Core - Components - CORRECT ANSWER✔✔Identify
Protect
Detect
Respond
Recover
NIST - Identify CORE - CORRECT ANSWER✔✔Focuses on creating canonical records of the assets
an organization uses to support information processing operations
NIST - Protect CORE - CORRECT ANSWER✔✔Focuses on safeguards and access controls to
networks, applications and other devices deployed as well as regular updates to security
software, including encryption for sensitive information, data backups, plans for disposing of
files or unused devices
NIST - Detect CORE - CORRECT ANSWER✔✔Identifies the tools and resources needed to detect
active cybersecurity attacks, which includes monitoring network access points, user
NIST - Respond CORE - CORRECT ANSWER✔✔Outlines how a company should contain a
cybersecurity event, react using planned responses that mitigate losses, and notify all affected
parties
, NIST - Recover CORE - CORRECT ANSWER✔✔Focuses on supporting the restoration of a
company's network to normal operations through repairing equipment, restoring backed up
files or environments, and positioning employees to rebound with the right response
NIST CSF - Implementation Tiers THINK INTEGRATION - CORRECT ANSWER✔✔Tier 1 - Partial
(lowest level)
Tier 2 - Risk Informed
Tier 3 - Repeatable
Tier 4 - Adaptive (highest level)
NIST CSF - Tier 1 (Partial) - CORRECT ANSWER✔✔Risk management process - Risk management
is ad hoc (on the fly) and reactive where prioritization of info security efforts is not strategic or
directed by organizational priority.
Risk Management Program Integration - Incident management is ad hoc and not integrated into
organizational processes.
External Participation - Corporate cybersecurity is isolated, and the organization does not
evaluate external risks
NIST CSF - Tier 2 (Risk-informed) - CORRECT ANSWER✔✔Risk management process-
cybersecurity prioritization is based on organizational risk, and management approves
cybersecurity efforts; however, cybersecurity may be isolated from organizational processes
Risk management program integration - The rest of the organization is aware of cybersecurity,
but not managing securely. There is awareness, but no integration
External participation - There is awareness of how the security risks impact the organization, but
inconsistent actions are taken to respond to those tasks
Answers
CIS control 2: inventory and control of software assets - CORRECT ANSWER✔✔Actively manage
all software on the network so that only authorized software is installed and can execute, and
that unauthorized and unmanaged software is found and prevented from installation or
execution.
NIST CSF Framework Core - Components - CORRECT ANSWER✔✔Identify
Protect
Detect
Respond
Recover
NIST - Identify CORE - CORRECT ANSWER✔✔Focuses on creating canonical records of the assets
an organization uses to support information processing operations
NIST - Protect CORE - CORRECT ANSWER✔✔Focuses on safeguards and access controls to
networks, applications and other devices deployed as well as regular updates to security
software, including encryption for sensitive information, data backups, plans for disposing of
files or unused devices
NIST - Detect CORE - CORRECT ANSWER✔✔Identifies the tools and resources needed to detect
active cybersecurity attacks, which includes monitoring network access points, user
NIST - Respond CORE - CORRECT ANSWER✔✔Outlines how a company should contain a
cybersecurity event, react using planned responses that mitigate losses, and notify all affected
parties
, NIST - Recover CORE - CORRECT ANSWER✔✔Focuses on supporting the restoration of a
company's network to normal operations through repairing equipment, restoring backed up
files or environments, and positioning employees to rebound with the right response
NIST CSF - Implementation Tiers THINK INTEGRATION - CORRECT ANSWER✔✔Tier 1 - Partial
(lowest level)
Tier 2 - Risk Informed
Tier 3 - Repeatable
Tier 4 - Adaptive (highest level)
NIST CSF - Tier 1 (Partial) - CORRECT ANSWER✔✔Risk management process - Risk management
is ad hoc (on the fly) and reactive where prioritization of info security efforts is not strategic or
directed by organizational priority.
Risk Management Program Integration - Incident management is ad hoc and not integrated into
organizational processes.
External Participation - Corporate cybersecurity is isolated, and the organization does not
evaluate external risks
NIST CSF - Tier 2 (Risk-informed) - CORRECT ANSWER✔✔Risk management process-
cybersecurity prioritization is based on organizational risk, and management approves
cybersecurity efforts; however, cybersecurity may be isolated from organizational processes
Risk management program integration - The rest of the organization is aware of cybersecurity,
but not managing securely. There is awareness, but no integration
External participation - There is awareness of how the security risks impact the organization, but
inconsistent actions are taken to respond to those tasks
