(ISC)2 Certified in Cybersecurity - Exam Prep

Document specific requirements that a customer has about any aspect of a vendor's service performance.

A) DLR

B) Contract

C) SLR

D) NDA

C) SLR (Service-Level Requirements)

_________ identifies and triages risks.

Risk Assessment

_________ are external forces that jeopardize security.

Threats

_________ are methods used by attackers.

Threat Vectors

_________ are the combination of a threat and a vulnerability.

Risks

We rank risks by _________ and _________.

Likelihood and impact

_________ use subjective ratings to evaluate risk likelihood and impact.

Qualitative Risk Assessment

_________ use objective numeric ratings to evaluate risk likelihood and impact.

Quantitative Risk Assessment

_________ analyzes and implements possible responses to control risk.

Risk Treatment

_________ changes business practices to make a risk irrelevant.

Risk Avoidance

_________ reduces the likelihood or impact of a risk.

Risk Mitigation

An organization's _________ is the set of risks that it faces.

Risk Profile

_________ Initial Risk of an organization.

Inherent Risk

_________ Risk that remains in an organization after controls.

Residual Risk

_________ is the level of risk an organization is willing to accept.

Risk Tolerance

_________ reduce the likelihood or impact of a risk and help identify issues.

Security Controls

_________ stop a security issue from occurring.

Preventive Control

_________ identify security issues requiring investigation.

Detective Control

_________ remediate security issues that have occurred.

Recovery Control

Hardening == Preventative

Virus == Detective

Backups == Recovery

For exam (Local and Technical Controls are the same)

_________ use technology to achieve control objectives.

Technical Controls

_________ use processes to achieve control objectives.

Administrative Controls

_________ impact the physical world.

Physical Controls

_________ tracks specific device settings.

Configuration Management

_________ provide a configuration snapshot.

Baselines (track changes)

_________ assigns numbers to each version.

Versioning

_________ serve as important configuration artifacts.

Diagrams

_________ and _________ help ensure a stable operating environment.

Change and Configuration Management

Purchasing an insurance policy is an example of which risk management strategy?

Risk Transference

What two factors are used to evaluate a risk?

Likelihood and Impact

What term best describes making a snapshot of a system or application at a point in time for later comparison?

Baselining

What type of security control is designed to stop a security issue from occurring in the first place?

Preventive

What term describes risks that originate inside the organization?

Internal

What four items belong to the security policy framework?

Policies, Standards, Guidelines, Procedures

_________ describe an organization's security expectations.

Policies (mandatory and approved at the highest level of an organization)

_________ describe specific security controls and are often derived from policies.

Standards (mandatory)

_________ describe best practices.

Guidelines (recommendations/advice and compliance is not mandatory)

_________ step-by-step instructions.

Procedures (not mandatory)

_________ describe authorized uses of technology.

Acceptable Use Policies (AUP)

_________ describe how to protect sensitive information.

Data Handling Policies

_________ cover password security practices.

Password Policies

_________ cover use of personal devices with company information.

Bring Your Own Device (BYOD) Policies

_________ cover the use of personally identifiable information.

Privacy Policies

_________ cover the documentation, approval, and rollback of technology changes.

Change Management Policies

Which element of the security policy framework includes suggestions that are not mandatory?

Guidelines

What law applies to the use of personal information belonging to European Union residents?

GDPR

What type of security policy normally describes how users may access business information with their own devices?

BYOD Policy

_________ the set of controls designed to keep a business running in the face of adversity, whether natural or man-made.

Business Continuity Planning (BCP)

BCP is also known as _________.

Continuity of Operations Planning (COOP)

Defining the BCP Scope:

What business activities will the plan cover? What systems will it cover? What controls will it consider?

_________ identifies and prioritizes risks.

Business Impact Assessment

BCP in the cloud requires _________ between providers and customers.

Collaboration

_________ protects against the failure of a single component.

Redundancy

_________ identifies and removes SPOFs.

Single Point of Failure Analysis

_________ continues until the cost of addressing risks outweighs the benefit.

SPOF Analysis

_________ uses multiple systems to protect against service failure.

High Availability

_________ makes a single system resilient against technical failures.

Fault Tolerance

_________ spreads demand across systems.

Load Balancing

3 Common Points of Failure in a system.

Power Supply, Storage Media, Networking

Disk Mirroring is which RAID level?

1

Disk striping with parity is which RAID level?

5 (uses 3 or more disks to store data)

What goal of security is enhanced by a strong business continuity program?

Availability

What is the minimum number of disk required to perform RAID level 5?

3

What type of control are we using if we supplement a single firewall with a second standby firewall ready to assume responsibility if the primary firewall fails?

High Availability

_________ provide structure during cybersecurity incidents.

Incident Response Plan

_________ describe the policies and procedures governing cybersecurity incidents.

Incident Response Plans

_________ leads to strong incident response.

Prior Planning

Incident Response Plans should include:

Statement of Purpose, Strategies and goals for incident response, Approach to incident response, Communication with other groups, Senior leadership approval

_________ should be consulted when developing a plan.

NIST SP 800-61

Incident response teams must have personnel available _________.

24/7

_________ is crucial to effective incident identification.

Monitoring

_________ security solution that collects information from diverse sources, analyzes it for signs for security incidents and retains it for later use.

Security Incident and Event Management (SIEM)

The highest priority of a first responder must be containing damage through _________.

Isolation

During an incident response, what is the highest priority of first responders?

Containing the damage

You are normally required to report security incidents to law enforcement if you believe a law may have been violated. True or False

False

_________ restores normal operations as quickly as possible.

Disaster Recovery

What are the initial response goals regarding Disaster Recovery?

Contain the Damage, Recover normal operations

_________ is the amount of time to restore service.

Recovery Time Objective (RTO)

_________ is the amount of data to recover.

Recovery Point Objective (RPO)

_________ is the percentage of service to restore.

Recovery Service Level (RSL)

_________ provide a data "safety net"

Backups

Types of Backup Media:

Tape backups, Disk-to-disk backups, Cloud backups

_________ include a complete copy of all data.

Full Backups

_________ are types of full backups.

Snapshots and Images

_________ include all data modified since the last full backup.

Differential Backups

_________ include all data modified since the last full or incremental backup.

Incremental Backups

Joe performs full backups every Sunday evening and differential backups every weekday evening. His system fails on Friday morning. What backups does he restore?

Sunday's FULL backup (To establish a base), Thursday's differential backup (To grab the latest data change)

Joe performs full backups every Sunday evening and incremental backups every weekday evening. His system fails on Friday morning. What backups does he restore?

Sunday's FULL backup (To establish a base), Monday, Tuesday, Wednesday, and Thursday incremental backups

_________ provide alternate data processing.

Disaster Recovery Sites

Disaster Recovery Facility Sites:

Hot Site, Cold Site, Warm Site

_________ fully operational data centers stock with equipment an data and are available at a moment's notice. Very expensive.

Hot Site

_________ empty data centers stock with core equipment, network, and environmental controls but do not have servers. Relatively Inexpensive but can take weeks or even months to become operational.

Colt Site

_________ stock with all necessary equipment and data but are not maintained in a parallel fashion. Similar in expense to hot sites and can become operational in hours or days.

Warm Site

_________ these are geographically distant, offer site resiliency, require manual transfer or site replication through SAN or VM and provide online or offline backups.

Offsite Storage

Disaster Recovery Testing Goals:

Validate that the plan functions correctly, Identify necessary plan updates

Disaster Recovery Test types:

Read-through, Walk-through, Simulation, Parallel Test, Full interruption test

_________ ask each team member to review their role in the disaster recovery process and provide feedback.

Read-throughs

_________ gather the team together for a formal review of the disaster recovery plan.

Walk-throughs (aka Tabletop exercise)

_________ use a practice scenario to test the disaster recovery plan.

Simulations