Official (ISC)² CISSP - Domain 1
Security and Risk Management Exam
Questions and Answers
Data Disclosure - ANSWER-A breach for which it was confirmed that data was
actually disclosed (not just exposed) to an unauthorized party.
Detective Controls - ANSWER-Controls designed to signal a warning when a
security control has been breached.
Deterrent Controls - ANSWER-Controls designed to discourage people from
violating security directives.
Directive Controls - ANSWER-Controls designed to specify acceptable rules of
behavior within an organization.
Due Care - ANSWER-The care a "reasonable person" would exercise under given
circumstances.
Due Diligence - ANSWER-Is similar to due care with the exception that it is a pre-
emptive measure made to avoid harm to other persons or their property.
Enterprise Risk Management - ANSWER-A process designed to identify potential
events that may affect the entity, manage risk so it is within its risk appetite, and
provide reasonable assurance regarding the achievement of entity objectives.
Export Administration Act of 1979 - ANSWER-Authorized the President to regulate
exports of civilian goods and technologies that have military applications.
Governance - ANSWER-Ensures the business focuses on core activities, clarifies
who in the organization has the authority to make decisions, determines
accountability for actions and responsibility for outcomes, and addresses how
expected performance will be evaluated.
Incident - ANSWER-A security event that compromises the confidentiality, integrity,
or availability of an information asset.
Integrity - ANSWER-Comes in two forms; making sure that information is processed
correctly and not modified by unauthorized persons, and protecting information as it
transits a network.
Security and Risk Management Exam
Questions and Answers
Data Disclosure - ANSWER-A breach for which it was confirmed that data was
actually disclosed (not just exposed) to an unauthorized party.
Detective Controls - ANSWER-Controls designed to signal a warning when a
security control has been breached.
Deterrent Controls - ANSWER-Controls designed to discourage people from
violating security directives.
Directive Controls - ANSWER-Controls designed to specify acceptable rules of
behavior within an organization.
Due Care - ANSWER-The care a "reasonable person" would exercise under given
circumstances.
Due Diligence - ANSWER-Is similar to due care with the exception that it is a pre-
emptive measure made to avoid harm to other persons or their property.
Enterprise Risk Management - ANSWER-A process designed to identify potential
events that may affect the entity, manage risk so it is within its risk appetite, and
provide reasonable assurance regarding the achievement of entity objectives.
Export Administration Act of 1979 - ANSWER-Authorized the President to regulate
exports of civilian goods and technologies that have military applications.
Governance - ANSWER-Ensures the business focuses on core activities, clarifies
who in the organization has the authority to make decisions, determines
accountability for actions and responsibility for outcomes, and addresses how
expected performance will be evaluated.
Incident - ANSWER-A security event that compromises the confidentiality, integrity,
or availability of an information asset.
Integrity - ANSWER-Comes in two forms; making sure that information is processed
correctly and not modified by unauthorized persons, and protecting information as it
transits a network.