ISC Certified in Cybersecurity

ISC2 (ISC)2 Certified in Cybersecurity - Exam Prep
Document specific requirements that a customer has about any aspect of a vendor's service performance.
A) DLR
B) Contract
C) SLR
D) NDA
C) SLR (Service-Level Requirements)
_________ identifies and triages risks.
Risk Assessment
_________ are external forces that jeopardize security.
Threats
_________ are methods used by attackers.
Threat Vectors
_________ are the combination of a threat and a vulnerability.
Risks
We rank risks by _________ and _________.
Likelihood and impact
_________ use subjective ratings to evaluate risk likelihood and impact.
Qualitative Risk Assessment
_________ use objective numeric ratings to evaluate risk likelihood and impact.
Quantitative Risk Assessment
_________ analyzes and implements possible responses to control risk.
Risk Treatment
_________ changes business practices to make a risk irrelevant.
Risk Avoidance
_________ reduces the likelihood or impact of a risk.
Risk Mitigation
An organization's _________ is the set of risks that it faces.
Risk Profile
_________ Initial Risk of an organization.
Inherent Risk
_________ Risk that remains in an organization after controls.
Residual Risk
_________ is the level of risk an organization is willing to accept.
Risk Tolerance
_________ reduce the likelihood or impact of a risk and help identify issues.
Security Controls
_________ stop a security issue from occurring.
Preventive Control
_________ identify security issues requiring investigation.
Detective Control
_________ remediate security issues that have occurred.
Recovery Control
Hardening == Preventative
Virus == Detective
Backups == Recovery
For exam (Local and Technical Controls are the same)
_________ use technology to achieve control objectives.
Technical Controls
_________ use processes to achieve control objectives.
Administrative Controls
_________ impact the physical world.
Physical Controls
_________ tracks specific device settings.
Configuration Management
_________ provide a configuration snapshot.
Baselines (track changes)
_________ assigns numbers to each version.
Versioning
_________ serve as important configuration artifacts.
Diagrams
_________ and _________ help ensure a stable operating environment.
Change and Configuration Management
Purchasing an insurance policy is an example of which risk management strategy?
Risk Transference
What two factors are used to evaluate a risk?
Likelihood and Impact
What term best describes making a snapshot of a system or application at a point in time for later
comparison?
Baselining
What type of security control is designed to stop a security issue from occurring in the first place?
Preventive
What term describes risks that originate inside the organization?
Internal
What four items belong to the security policy framework?
Policies, Standards, Guidelines, Procedures
_________ describe an organization's security expectations.
Policies (mandatory and approved at the highest level of an organization)
_________ describe specific security controls and are often derived from policies.
Standards (mandatory)
_________ describe best practices.
Guidelines (recommendations/advice and compliance is not mandatory)
_________ step-by-step instructions.
Procedures (not mandatory)
_________ describe authorized uses of technology.
Acceptable Use Policies (AUP)
_________ describe how to protect sensitive information.
Data Handling Policies
_________ cover password security practices.
Password Policies
_________ cover use of personal devices with company information.
Bring Your Own Device (BYOD) Policies
_________ cover the use of personally identifiable information.
Privacy Policies
_________ cover the documentation, approval, and rollback of technology changes.
Change Management Policies
Which element of the security policy framework includes suggestions that are not mandatory?
Guidelines
What law applies to the use of personal information belonging to European Union residents?
GDPR
What type of security policy normally describes how users may access business information with their
own devices?
BYOD Policy
_________ the set of controls designed to keep a business running in the face of adversity, whether
natural or man-made.
Business Continuity Planning (BCP)
BCP is also known as _________.
Continuity of Operations Planning (COOP)
Defining the BCP Scope:
What business activities will the plan cover? What systems will it cover? What controls will it consider?
_________ identifies and prioritizes risks.
Business Impact Assessment
BCP in the cloud requires _________ between providers and customers.
Collaboration
_________ protects against the failure of a single component.
Redundancy
_________ identifies and removes SPOFs.
Single Point of Failure Analysis
_________ continues until the cost of addressing risks outweighs the benefit.
SPOF Analysis
_________ uses multiple systems to protect against service failure.
High Availability
_________ makes a single system resilient against technical failures.
Fault Tolerance
_________ spreads demand across systems.
Load Balancing
3 Common Points of Failure in a system.
Power Supply, Storage Media, Networking
Disk Mirroring is which RAID level?
1
Disk striping with parity is which RAID level?
5 (uses 3 or more disks to store data)
What goal of security is enhanced by a strong business continuity program?
Availability
What is the minimum number of disk required to perform RAID level 5?
3
What type of control are we using if we supplement a single firewall with a second standby firewall ready
to assume responsibility if the primary firewall fails?
High Availability
_________ provide structure during cybersecurity incidents.
Incident Response Plan
_________ describe the policies and procedures governing cybersecurity incidents.
Incident Response Plans
_________ leads to strong incident response.
Prior Planning
Incident Response Plans should include:
Statement of Purpose, Strategies and goals for incident response, Approach to incident response,
Communication with other groups, Senior leadership approval
_________ should be consulted when developing a plan.
NIST SP 800-61
Incident response teams must have personnel available _________.
24/7
_________ is crucial to effective incident identification.
Monitoring
_________ security solution that collects information from diverse sources, analyzes it for signs for
security incidents and retains it for later use.
Security Incident and Event Management (SIEM)
The highest priority of a first responder must be containing damage through _________.
Isolation
During an incident response, what is the highest priority of first responders?
Containing the damage
You are normally required to report security incidents to law enforcement if you believe a law may have
been violated. True or False
False
_________ restores normal operations as quickly as possible.
Disaster Recovery
What are the initial response goals regarding Disaster Recovery?
Contain the Damage, Recover normal operations
_________ is the amount of time to restore service.
Recovery Time Objective (RTO)
_________ is the amount of data to recover.
Recovery Point Objective (RPO)
_________ is the percentage of service to restore.
Recovery Service Level (RSL)
_________ provide a data "safety net"
Backups
Types of Backup Media:
Tape backups, Disk-to-disk backups, Cloud backups
_________ include a complete copy of all data.
Full Backups
_________ are types of full backups.
Snapshots and Images
_________ include all data modified since the last full backup.
Differential Backups
_________ include all data modified since the last full or incremental backup.
Incremental Backups
Joe performs full backups every Sunday evening and differential backups every weekday evening. His
system fails on Friday morning. What backups does he restore?
Sunday's FULL backup (To establish a base), Thursday's differential backup (To grab the latest data
change)
Joe performs full backups every Sunday evening and incremental backups every weekday evening. His
system fails on Friday morning. What backups does he restore?
Sunday's FULL backup (To establish a base), Monday, Tuesday, Wednesday, and Thursday incremental
backups
_________ provide alternate data processing.
Disaster Recovery Sites
Disaster Recovery Facility Sites:
Hot Site, Cold Site, Warm Site
_________ fully operational data centers stock with equipment an data and are available at a moment's
notice. Very expensive.
Hot Site
_________ empty data centers stock with core equipment, network, and environmental controls but do
not have servers. Relatively Inexpensive but can take weeks or even months to become operational.
Colt Site
_________ stock with all necessary equipment and data but are not maintained in a parallel fashion.
Similar in expense to hot sites and can become operational in hours or days.
Warm Site
_________ these are geographically distant, offer site resiliency, require manual transfer or site
replication through SAN or VM and provide online or offline backups.
Offsite Storage
Disaster Recovery Testing Goals:
Validate that the plan functions correctly, Identify necessary plan updates
Disaster Recovery Test types:
Read-through, Walk-through, Simulation, Parallel Test, Full interruption test
_________ ask each team member to review their role in the disaster recovery process and provide
feedback.
Read-throughs
_________ gather the team together for a formal review of the disaster recovery plan.
Walk-throughs (aka Tabletop exercise)
_________ use a practice scenario to test the disaster recovery plan.
Simulations
_________ activate the disaster recovery environment but do not switch operations there.
Parallel tests
_________ this switches primary operations to the alternate environment and can be very disruptive to
business.
Full Interruption tests
Which type of backup includes only those files that have changes since the most recent full or incremental
backup?
Incremental
(Revisit) What disaster recovery metric provides the targeted amount of time to restore a service after a
failure?
RTO
(Revisit) Which disaster recovery tests involve the actual activation of the DR site?
Parallel
What type of disaster recovery site is able to be activated most quickly in the event of a disruption?
Hot site
Within the organization, who can identify risk? (D1, L1.2.2)
A) The security manager

B) Any security team member
C) Senior management
D) Anyone
D) Anyone
Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)²
certification exam. What should Glen do? (D1, L1.5.1)
A) Nothing
B) Inform (ISC)²
C) Inform law enforcement
D) Inform Glen's employer
B) Inform (ISC)²
A system that collects transactional information and stores it in a record in order to show which users
performed which actions is an example of providing ________. (D1, L1.1.1)
A) Non-repudiation
B) Multifactor authentication
C) Biometrics
D) Privacy
A) Non-repudiation
In risk management concepts, a(n) ___________ is something or someone that poses risk to an
organization or asset. (D1, L1.2.1)
A) Fear
B) Threat
C) Control
D) Asset
B) Threat
A software firewall is an application that runs on a device and prevents specific types of traffic from
entering that device. This is a type of ________ control. (D1, L1.3.1)
A) Physical
B) Administrative
C) Passive
D) Technical
D) Technical
Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending
a few online sessions, Tina learns that some participants in the group are sharing malware with each other,
in order to use it against other organizations online. What should Tina do? (D1, L1.5.1)
A) Nothing
B) Stop participating in the group
C) Report the group to law enforcement
D) Report the group to (ISC)²
B) Stop participating in the group
The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city
council creates a rule that anyone caught creating and launching malware within the city limits will
receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1)
A) Policy
B) Procedure
C) Standard
D) Law
D) Law
The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit
card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules
that merchants must follow if the merchants choose to accept payment via credit card. These rules
describe best practices for securing credit card processing technology, activities for securing credit card
information, and how to protect customers' personal data. This set of rules is a _____. (D1, L1.4.2)
A) Law
B) Policy
C) Standard
D) Procedure
C) Standard
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing
user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and
watching streaming videos during work hours. What should Aphrodite do? (D1, L1.5.1)
A) Inform (ISC)²
B) Inform law enforcement
C) Inform Triffid management
D) Nothing
C) Inform Triffid management
Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the
documents into a safe at the end of the workday, where they are locked up until the following workday.
What kind of control is the process of putting the documents into the safe? (D1, L1.3.1)
A) Administrative
B) Tangential
C) Physical
D) Technical
A) Administrative
Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess
a particular threat, and he suggests that the best way to counter this threat would be to purchase and
implement a particular security solution. This is an example of _______. (D1, L1.2.2)
A) Acceptance
B) Avoidance
C) Mitigation
D) Transference
C) Mitigation
The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects
health and human safety. The security office is tasked with writing a detailed set of processes on how
employees should wear protective gear such as hardhats and gloves when in hazardous areas. This
detailed set of processes is a _________. (D1, L1.4.1)
A) Policy
B) Procedure
C) Standard
D) Law
B) Procedure
The senior leadership of Triffid Corporation decides that the best way to minimize liability for the
company is to demonstrate the company's commitment to adopting best practices recognized throughout
the industry. Triffid management issues a document that explains that Triffid will follow the best practices
published by SANS, an industry body that addresses computer and information security.
The Triffid document is a ______, and the SANS documents are ________. (D1, L1.4.2)
A) Law, policy
B) Policy, standard
C) Policy, law
D) Procedure, procedure
B) Policy, standard
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is
interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should
Zarma do? (D1, L1.5.1)
A) Inform (ISC)²
B) Explain the style and format of the questions, but no detail
C) Inform the colleague's supervisor
D) Nothing
B) Explain the style and format of the questions, but no detail
Of the following, which would probably not be considered a threat? (D1, L1.2.1)
A) Natural disaster
B) Unintentional damage to the system caused by a user
C) A laptop with sensitive data on it
D) An external attacker trying to gain unauthorized access to the environment
C) A laptop with sensitive data on it
Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan
got a parking ticket while shopping after work. What should Siobhan do? (D1, L1.5.1)
A) Inform (ISC)²
B) Pay the parking ticket
C) Inform supervisors at Triffid
D) Resign employment from Triffid
B) Pay the parking ticket
Which of the following is an example of a "something you are" authentication factor? (D1, L1.1.1)
A) A credit card presented to a cash machine

B) Your password and PIN
C) A user ID
D) A photograph of your face
D) A photograph of your face
For which of the following systems would the security concept of availability probably be most
important? (D1, L1.1.1)
A) Medical systems that store patient data

B) Retail records of past transactions
C) Online streaming of camera feeds that display historical works of art in museums around the world
D) Medical systems that monitor patient condition in an intensive care unit
D) Medical systems that monitor patient condition in an intensive care unit
In risk management concepts, a(n) _________ is something a security practitioner might need to protect.
(D1, L1.2.1)
A) Vulnerability
B) Asset
C) Threat
D) Likelihood
B) Asset
Triffid Corporation has a policy that all employees must receive security awareness instruction before
using email; the company wants to make employees aware of potential phishing attempts that the
employees might receive via email. What kind of control is this instruction? (D1, L1.3.1)
A) Administrative
B) Finite
C) Physical
D) Technical
A) Administrative
What is the overall objective of a disaster recovery (DR) effort? (D2, L2.3.1)
A) Save money
B) Return to normal, full operations
C) Preserve critical business functions during a disaster
D) Enhance public perception of the organization
B) Return to normal, full operations
True or False? Business continuity planning is a reactive procedure that restores business operations after
a disruption occurs.
A) True
B) False
B) False
An attacker outside the organization attempts to gain access to the organization's internal files. This is an
example of a(n) ______. (D2, L2.1.1)
A) Intrusion
B) Exploit
C) Disclosure
D) Publication
A) Intrusion
What is the most important goal of a business continuity effort? (D2, L2.2.1)
A) Ensure all IT systems function during a potential interruption

B) Ensure all business activities are preserved during a potential disaster
C) Ensure the organization survives a disaster
D) Preserve health and human safety
D) Preserve health and human safety
What is the risk associated with resuming full normal operations too soon after a DR effort? (D2, L2.3.1)
A) The danger posed by the disaster might still be present

B) Investors might be upset
C) Regulators might disapprove
D) The organization could save money
A) The danger posed by the disaster might still be present
What is the goal of an incident response effort? (D2, L2.1.1)
A) No incidents ever happen

B) Reduce the impact of incidents on operations
C) Punish wrongdoers
D) Save money
B) Reduce the impact of incidents on operations
When should a business continuity plan (BCP) be activated? (D2, L2.2.1)
A) As soon as possible
B) At the very beginning of a disaster
C) When senior management decides
D) When instructed to do so by regulators
C) When senior management decides
In order for a biometric security to function properly, an authorized person's physiological data must be
______. (D3, L3.2.1)
A) Broadcast
B) Stored
C) Deleted
D) Modified
B) Stored
At Parvi's place of work, the perimeter of the property is surrounded by a fence; there is a gate with a
guard at the entrance. All inner doors only admit personnel with badges, and cameras monitor the
hallways. Sensitive data and media are kept in safes when not in use. (D3, L3.1.1)
A) Two-person integrity
B) Segregation of duties
C) Defense in depth
D) Penetration testing
C) Defense in depth
Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level,
called a "classification." Every person in the agency is assigned a "clearance" level, which determines the
classification of data each person can access.
What is the access control model being implemented in Tekila's agency? (D3, L3.3.1)
A) MAC (mandatory access control)

B) DAC (discretionary access control)
C) RBAC (role-based access control)
D) FAC (formal access control)
A) MAC (mandatory access control)
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is
not allowed to read or modify the data in the database itself. When Prachis logs onto the system, an access
control list (ACL) checks to determine which permissions Prachi has.
Which security concept is being applied in this situation? (D3, L3.1.1)
A) Defense in depth
B) Layered defense
C) Two-person integrity
D) Least privilege
D) Least privilege
Network traffic originating from outside the organization might be admitted to the internal IT
environment or blocked at the perimeter by a ________. (D3, L3.2.1)
A) Turnstile
B) Fence
C) Vacuum
D) Firewall
D) Firewall
What is the most critical element of an organization's security program?
Answer: People
What is the primary purpose of a security policy?
Answer: To provide guidance and direction for the organization's security program.
What is the role of a security manager?
Answer: To plan, implement, and manage an organization's security program.
What is a vulnerability assessment?
Answer: A process of identifying, quantifying, and prioritizing security weaknesses in an organization's
systems, applications, and networks.
What is the difference between a vulnerability assessment and a penetration test?
Answer: A vulnerability assessment is a non-intrusive evaluation of an organization's security posture,
while a penetration test is an intrusive evaluation that attempts to exploit identified vulnerabilities.
What is the CIA triad?
Answer: Confidentiality, Integrity, and Availability.
What is the difference between confidentiality and privacy?
Answer: Confidentiality refers to the protection of sensitive information from unauthorized access, while
privacy refers to an individual's right to control their personal information.
What is the principle of least privilege?
Answer: The principle that users and processes should only be given the minimum level of access
necessary to perform their duties.
What is a firewall?
Answer: A network security device that monitors and controls incoming and outgoing traffic based on a
set of rules.
What is a DMZ?
Answer: A demilitarized zone, a network segment that is isolated from the internal network and is used to
host servers that are accessible from the internet.
What is encryption?
Answer: The process of converting plain text into an unreadable format to protect the confidentiality of
the data.
What is a digital signature?
Answer: An electronic method of verifying the authenticity and integrity of a message or document.
What is a certificate authority?
Answer: An organization that issues digital certificates that can be used to verify the identity of
individuals, systems, or organizations.
What is a secure socket layer (SSL)?
Answer: A protocol that provides secure communication over the internet by encrypting data between
web servers and web browsers.
What is a virtual private network (VPN)?
Answer: A technology that creates a secure and encrypted connection between two networks over the
internet.
What is multi-factor authentication?
Answer: A security mechanism that requires users to provide more than one form of authentication, such
as a password and a fingerprint, to gain access to a system.
What is a denial of service (DoS) attack?
Answer: An attack that attempts to make a server, network, or website unavailable by overwhelming it
with traffic or requests.
What is social engineering?
Answer: The use of deception to manipulate individuals into divulging confidential information or
performing actions that may not be in their best interest.
What is a malware?
Answer: A software that is designed to cause harm or damage to a computer system, network, or data.
What is a phishing attack?
Answer: An attack that attempts to trick individuals into revealing sensitive information, such as
passwords or credit card numbers, by posing as a trustworthy entity.
What is a man-in-the-middle (MitM) attack?
Answer: An attack that intercepts communication between two parties to eavesdrop or modify the data
being exchanged.
What is a rootkit?
Answer: A software that is designed to hide its presence on a system, allowing an attacker to gain
unauthorized access and control.
What is a honeypot?
Answer: A decoy system that is designed to attract and detect unauthorized access attempts.
What is a security incident?
Answer: An event that could potentially threaten the confidentiality, integrity, or availability of an
organization's information or systems.
What is the difference between a vulnerability and a risk?
Answer: A vulnerability is a weakness in a system that can be exploited by an attacker, while a risk is the
likelihood and potential impact of a vulnerability being exploited.
What is a security control?
Answer: A measure or mechanism that is implemented to reduce or mitigate a security risk.
What is the difference between a security control and a security countermeasure?
Answer: A security control is a general term that refers to any measure or mechanism used to reduce risk,
while a security countermeasure specifically refers to a measure that is implemented in response to a
known threat.
What is the concept of defense in depth?
Answer: The principle of implementing multiple layers of security controls to protect an organization's
systems and data.
What is a security incident response plan?
Answer: A documented plan that outlines the steps to be taken in the event of a security incident.
What is a security audit?
Answer: A systematic evaluation of an organization's security controls and practices to ensure they are in
compliance with industry standards and regulations.
What is a risk assessment?
Answer: A process of identifying, analyzing, and evaluating risks to an organization's systems and data.
What is the difference between a vulnerability scan and a penetration test?
Answer: A vulnerability scan is a non-intrusive evaluation of an organization's systems and networks,
while a penetration test is an intrusive evaluation that attempts to exploit identified vulnerabilities.
What is a security baseline?
Answer: A set of minimum security requirements that must be met by an organization's systems and
networks.
What is the difference between symmetric and asymmetric encryption?
Answer: Symmetric encryption uses the same key for both encryption and decryption, while asymmetric
encryption uses a public key for encryption and a private key for decryption.
What is an access control list (ACL)?
Answer: A set of rules that determines which users or systems are allowed to access or interact with a
particular resource.
What is a security information and event management (SIEM) system?
Answer: A system that collects and analyzes security events and alerts to detect and respond to security
threats.
What is a data loss prevention (DLP) system?
Answer: A system that monitors and prevents the unauthorized transmission of sensitive data outside of
an organization's network.
What is a bring your own device (BYOD) policy?
Answer: A policy that allows employees to use their personal devices for work purposes, with certain
security requirements and restrictions.
What is a security awareness training program?
Answer: A program that educates employees on security best practices and potential threats to reduce the
likelihood of security incidents.
What is a secure coding practice?
Answer: A set of coding techniques and best practices that are designed to reduce the likelihood of
security vulnerabilities in software.
What is the difference between a vulnerability disclosure program and a bug bounty program?
Answer: A vulnerability disclosure program is a formal process for reporting and addressing security
vulnerabilities, while a bug bounty program is a program that rewards individuals for reporting
vulnerabilities.
What is a security clearance?
Answer: A level of authorization granted to an individual that allows them access to sensitive or classified
information.
What is a secure development lifecycle (SDLC)?
Answer: A process for developing software that integrates security into every stage of the development
process.
What is a threat actor?
Answer: An individual or group that initiates a security threat, such as an attacker or hacker.
What is a zero-day vulnerability?
Answer: A vulnerability that is unknown to the software vendor and for which no patch or fix has been
released.
What is a security incident response team (SIRT)?
Answer: A team responsible for responding to security incidents and managing the organization's incident
response plan.
What is the difference between a security incident and a security event?
Answer: A security event is any observable occurrence that has the potential to affect the security of an
organization's systems or data, while a security incident is an event that has been confirmed as a security
breach or compromise.
What is a security token?
Answer: A physical or digital device that is used to authenticate a user's identity for access to a system or
application.
What is a security information exchange (SIE)?
Answer: A network that allows organizations to share security information and threat intelligence.
What is a security posture?
Answer: The overall level of security of an organization's systems, data, and operations.
What is a security control objective?
Answer: A specific goal or requirement that a security control is designed to achieve.
What is a risk management framework?
Answer: A structured approach to identifying, analyzing, and mitigating risks to an organization's systems
and data.
What is a business continuity plan?
Answer: A documented plan that outlines the steps to be taken to maintain critical business operations in
the event of a disruption or disaster.
What is a disaster recovery plan?
Answer: A documented plan that outlines the steps to be taken to restore systems and data after a
disruption or disaster.
What is a security incident report?
Answer: A document that summarizes the details of a security incident, including the cause, impact, and
response.
What is a security risk assessment report?
Answer: A document that summarizes the findings of a security risk assessment, including identified
vulnerabilities and recommended security controls.
What is a security operations center (SOC)?
Answer: A centralized team responsible for monitoring and responding to security incidents and events.
What is a security clearance investigation?
Answer: An investigation into an individual's background, character, and loyalty to determine their
eligibility for a security clearance.
What is a security baseline configuration?
Answer: A standardized configuration for an organization's systems and applications that meets minimum
security requirements.
What is a security incident response playbook?
Answer: A documented plan that outlines the specific steps to be taken in response to different types of
security incidents.
What is a security key management system?
Answer: A system used to generate, distribute, and manage encryption keys.
What is a security governance framework?
Answer: A framework that outlines the policies, procedures, and processes for managing an organization's
security program.
What is a security key exchange protocol?
Answer: A protocol used to exchange encryption keys securely between two parties.
What is a security information exchange format (STIX)?
Answer: A standard format for exchanging security information and threat intelligence.
What is a security content automation protocol (SCAP)?
Answer: A standardized approach to assessing and managing security vulnerabilities and configurations.
What is a security information management (SIM) system?
Answer: A system that collects, analyzes, and reports on security events and incidents.
What is a security event correlation system?
Answer: A system that analyzes security events from multiple sources to identify potential security
threats.
What is a security access management (SAM) system?
Answer: A system that manages user access to an organization's systems and data.
What is a security audit trail?
Answer: A log of security events and actions that can be used to track and investigate security incidents.
What is a security exception management process?
Answer: A process for reviewing and approving exceptions to an organization's security policies and
procedures.
What is a security incident response communication plan?
Answer: A plan that outlines how communication will be handled during a security incident, including
who will be notified, what information will be shared, and how communication will be managed.
What is a security vulnerability management program?
Answer: A program that identifies, prioritizes, and addresses security vulnerabilities in an organization's
systems and applications.
What is a security breach notification law?
Answer: A law that requires organizations to notify individuals of a security breach that may have
compromised their personal information.
What is a security token service (STS)?
Answer: A service that issues and manages security tokens used for authentication and authorization.
What is a security content repository?
Answer: A database or storage system that contains security-related information and documentation.
What is a security incident management process?
Answer: A process for managing security incidents from identification through resolution and reporting.
What is a security posture assessment?
Answer: An assessment of an organization's overall security posture, including strengths, weaknesses, and
areas for improvement.
What is a security information and event management (SIEM) correlation rule?
Answer: A rule that specifies criteria for correlating security events and alerts to detect and respond to
security threats.
What is a security information and event management (SIEM) dashboard?
Answer: A graphical display that provides a real-time view of an organization's security events and alerts.
What is a security vulnerability scanner?
Answer: A tool that scans an organization's systems and networks for vulnerabilities.
What is a security threat intelligence feed?
Answer: A feed of information about security threats, vulnerabilities, and attacks that can be used to
inform an organization's security program.
What is a security assessment framework?
Answer: A framework that provides guidelines and standards for conducting security assessments.
What is a security classification system?
Answer: A system for categorizing information based on its sensitivity and confidentiality requirements.
What is a security architecture framework?
Answer: A framework that provides guidelines and standards for designing and implementing a secure
architecture for an organization's systems and applications.
What is a security control assessment?
Answer: An assessment of an organization's security controls to determine their effectiveness and
compliance with industry standards and regulations.
What is a security patch management program?
Answer: A program that manages the process of identifying, testing, and deploying security patches to
address vulnerabilities in an organization's systems and applications.
What is a security incident severity level?
Answer: A classification system used to categorize security incidents based on their potential impact and
severity.
What is a security exception request process?
Answer: A process for requesting exceptions to an organization's security policies and procedures.
What is a security log analysis tool?
Answer: A tool used to analyze logs of security events and actions to identify potential security threats.
What is a security vulnerability exploit?
Answer: An attack that uses a vulnerability in an organization's systems or applications to gain
unauthorized access or control.
What is a security incident response plan testing?
Answer: The process of testing an organization's security incident response plan to ensure it is effective
and efficient.
What is a security information and event management (SIEM) retention policy?
Answer: A policy that specifies how long security event logs and data should be retained.
What is a security information and event management (SIEM) correlation engine?
Answer: An engine that analyzes security events and alerts to detect and respond to security threats.
What is a security control validation?
Answer: The process of testing and verifying the effectiveness of an organization's security controls.
What is a security incident response playbook testing?
Answer: The process of testing an organization's security incident response playbook to ensure it is
effective and efficient.
What is a security maturity model?
Answer: A model that provides a framework for assessing an organization's security maturity and
identifying areas for improvement.
What is a security culture?
Answer: The collective beliefs, attitudes, and behaviors of an organization's employees towards security.
What is a security governance committee?
Answer: A committee responsible for overseeing an organization's security program and ensuring it aligns
with business objectives.
What is a security risk management plan?
Answer: A plan that outlines the steps to be taken to identify, assess, and mitigate security risks to an
organization's systems and data.
What is a security policy lifecycle?
Answer: The process of developing, implementing, reviewing, and updating an organization's security
policies and procedures.
A computer responsible for hosting applications to user workstations. NIST SP 800-82 Rev.2
Application Server
An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext.
Asymmetric Encryption
A digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against
which later comparisons can be made to detect errors in the data.
Checksum
The altered form of a plaintext message so it is unreadable for anyone except the intended recipients. In
other words, it has been turned into a secret.
Ciphertext
Classification identifies the degree of harm to the organization, its stakeholders or others that might result
if an information asset is divulged to an unauthorized person, process or organization. In short,
classification is focused first and foremost on maintaining the confidentiality of the data, based on the
data sensitivity.
Classification
A process and discipline used to ensure that the only changes made to a system are those that have been
authorized and validated.
Configuration management
One who performs cryptanalysis which is the study of mathematical techniques for attempting to defeat
cryptographic techniques and/or information systems security. This includes the process of looking for
errors or weaknesses in the implementation of an algorithm or of the algorithm itself.
Cryptanalyst
The study or applications of methods to secure or protect the meaning and content of messages, files, or
other information, usually by disguise, obscuration, or other transformations of that content and meaning.
Cryptography
System capabilities designed to detect and prevent the unauthorized use and transmission of information.
Data Loss Prevention (DLP)
The reverse process from encryption. It is the process of converting a ciphertext message back into
plaintext through the use of the cryptographic algorithm and the appropriate key for decryption (which is
the same for symmetric encryption, but different for asymmetric encryption). This term is also used
interchangeably with the "deciphering."
Decryption
A technique of erasing data on disk or tape (including video tapes) that, when performed properly, ensures
that there is insufficient magnetic remanence to reconstruct data.
Degaussing
The result of a cryptographic transformation of data which, when properly implemented, provides the
services of origin authentication, data integrity, and signer non-repudiation. NIST SP 800-12 Rev. 1
Digital Signature
Monitoring of outgoing network traffic.
Egress Monitoring
The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also
referred to as enciphering. The two terms are sometimes used interchangeably in literature and have
similar meanings.
Encryption
The total set of algorithms, processes, hardware, software, and procedures that taken together provide an
encryption and decryption capability.
Encryption System
A reference to the process of applying secure configurations (to reduce the attack surface) and locking
down various hardware, communications systems, and software, including operating system, web server,
application server, application, etc. Hardening is normally performed based on industry guidelines and
benchmarks, such as those provided by the Center for Internet Security (CIS).
Hardening
An algorithm that computes a numerical value (called the hash value) on a data file or electronic message
that is used to represent that file or message and depends on the entire contents of the file or message. A
hash function can be considered to be a fingerprint of the file or message. NIST SP 800-152
Hash Function
The process of using a mathematical algorithm against data to produce a numeric value that is
representative of that data. Source CNSSI 4009-2015
Hashing
The requirements for information sharing by an IT system with one or more other IT systems or
applications, for information sharing to support multiple internal or external organizations, missions, or
public programs. NIST SP 800-16
Information Sharing
Monitoring of incoming network traffic.
Ingress Monitoring
A digital signature that uniquely identifies data and has the property such that changing a single bit in the
data will cause a completely different message digest to be generated. NISTIR-8011 Vol.3
Message Digest
The software "master control application" that runs the computer. It is the first program loaded when the
computer is turned on, and its main component, the kernel, resides in memory at all times. The operating
system sets the standards for all application programs (such as the Web server) that run in the computer.
The applications communicate with the operating system for most user interface and file management
operations. NIST SP 800-44 Version 2
Operating System
A software component that, when installed, directly modifies files or device settings related to a different
software component without changing the version number or release details for the related software
component. Source: ISO/IEC 19770-2
Patch
The systematic notification, identification, deployment, installation and verification of operating system
and application software code revisions. These revisions are known as patches, hot fixes, and service
packs. Source: CNSSI 4009
Patch Management
A message or data in its natural format and in readable form; extremely vulnerable from a confidentiality
perspective.
Plaintext
The recordings (automated and/or manual) of evidence of activities performed or results achieved (e.g.,
forms, reports, test results), which serve as a basis for verifying that the organization and the information
system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data
fields that can be accessed by a program and that contain the complete set of information on particular
items). NIST SP 800-53 Rev. 4
Records
A practice based on the records life cycle, according to which records are retained as long as necessary,
and then are destroyed after the appropriate time interval has elapsed.
Records Retention
Residual information remaining on storage media after clearing. NIST SP 800-88 Rev. 1
Remanence
The first stage of change management, wherein a change in procedure or product is sought by a
stakeholder.
Request for change (RFC)
The entirety of the policies, roles, and processes the organization uses to make security decisions in an
organization.
Security Governance
Tactics to infiltrate systems via email, phone, text, or social media, often impersonating a person or
agency in authority or offering a gift. A low-tech method would be simply following someone into a
secure building.
Social engineering
An algorithm that uses the same key in both the encryption and the decryption processes.
Symmetric encryption
A computer that provides World Wide Web (WWW) services on the Internet. It includes the hardware,
operating system, Web server software, and Web site content (Web pages). If the Web server is used
internally and not by the public, it may be known as an "intranet server." NIST SP 800-44 Version 2
Web Server
Phishing attacks that attempt to trick highly placed officials or private individuals with sizable assets into
authorizing large fund wire transfers to previously unknown entities.
Whaling Attack
A set of routines, standards, protocols, and tools for building software applications to access a web-based
software application or web tool.
Application programming interface (API)
The most essential representation of data (zero or one) at Layer 1 of the Open Systems Interconnection
(OSI) model.
Bit
Broadcast transmission is a one-to-many (one-to-everyone) form of sending internet traffic.
Broadcast
The byte is a unit of digital information that most commonly consists of eight bits.
Byte
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or service provider interaction. NIST 800-145
Cloud computing
A system in which the cloud infrastructure is provisioned for exclusive use by a specific community of
consumers from organizations that have shared concerns (e.g., mission, security requirements, policy and
compliance considerations). It may be owned, managed and operated by one or more of the organizations
in the community, a third party or some combination of them, and it may exist on or off premises. NIST
800-145
Community cloud
The opposite process of encapsulation, in which bundles of data are unpacked or revealed.
De-encapsulation
The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical
may be milliseconds or it may be hours, depending upon the service provided.) Source: NIST SP 800-27
Rev A
Denial-of-Service (DoS)
This acronym can be applied to three interrelated elements: a service, a physical server and a network
protocol.
Domain Name Service (DNS)
Enforcement of data hiding and code hiding during all phases of software development and operational
use. Bundling together data and methods is the process of encapsulation; its opposite process may be
called unpacking, revealing, or using other terms. Also used to refer to taking any set of data and
packaging it or hiding it in another data structure, as is common in network protocols and encryption.
Encapsulation
similar meanings.
Encryption
The internet protocol (and program) used to transfer files between hosts.
File Transfer Protocol (FTP)
In a fragment attack, an attacker fragments traffic in such a way that a system is unable to put data
packets back together.
Fragment attack
The physical parts of a computer and related devices.
Hardware
A combination of public cloud storage and private cloud storage where some critical data resides in the
enterprise's private cloud while other data is stored and accessible from a public cloud storage provider.
Hybrid cloud
The provider of the core computing, storage and network hardware and software that is the foundation
upon which organizations can build and then deploy applications. IaaS is popular in the data center where
software and servers are purchased as a fully outsourced service and usually billed on usage and how
much of the resource is used.
Infrastructure as a Service (IaaS)
An IP network protocol standardized by the Internet Engineering Task Force (IETF) through RFC 792 to
determine if a particular service or host is available.
Internet Control Message Protocol (ICMP)
Standard protocol for transmission of data from source to destinations in packet-switched
communications networks and interconnected systems of such networks. CNSSI 4009-2015
Internet Protocol (IPv4)
An attack where the adversary positions himself in between the user and the system so that he can
intercept and alter data traveling between them. Source: NISTIR 7711
Man-in-the-Middle
Part of a zero-trust strategy that breaks LANs into very small, highly localized zones using firewalls or
similar technologies. At the limit, this places firewall at every connection point.
Microsegmentation
Purposely sending a network packet that is larger than expected or larger than can be handled by the
receiving system, causing the receiving system to fail unexpectedly.
Oversized Packet Attack
Representation of data at Layer 3 of the Open Systems Interconnection (OSI) model.
Packet
The primary action of a malicious code attack.
Payload
An information security standard administered by the Payment Card Industry Security Standards Council
that applies to merchants and service providers who process credit or debit card transactions.
Payment Card Industry Data Security Standard (PCI DSS)
The web-authoring or application development middleware environment that allows applications to be
built in the cloud before they're deployed as SaaS assets.
Platform as a Service (PaaS)
The phrase used to describe a cloud computing platform that is implemented within the corporate
firewall, under the control of the IT department. A private cloud is designed to offer the same features and
benefits of cloud systems, but removes a number of objections to the cloud computing model, including
control over enterprise and customer data, worries about security, and issues connected to regulatory
compliance.
Private cloud
A set of rules (formats and procedures) to implement and control some type of association (that is,
communication) between systems. NIST SP 800-82 Rev. 2
Protocols
The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed,
and operated by a business, academic, or government organization, or some combination of them. It exists
on the premises of the cloud provider. NIST SP 800-145
Public cloud
The standard communication protocol for sending and receiving emails between senders and receivers.
Simple Mail Transport Protocol (SMTP)
Computer programs and associated data that may be dynamically written or modified during execution.
NIST SP 80--37 Rev. 2
Software
The cloud customer uses the cloud provider's applications running within a cloud infrastructure. The
applications are accessible from various client devices through either a thin client interface, such as a web
browser or a program interface. The consumer does not manage or control the underlying cloud
infrastructure including network, servers, operating systems, storage, or even individual application
capabilities, with the possible exception of limited user-specific application configuration settings.
Derived from NIST 800-145
Software as a Service (SaaS)
Faking the sending address of a transmission to gain illegal entry into a secure system. CNSSI 4009-2015
Spoofing
Internetworking protocol model created by the IETF, which specifies four layers of functionality: Link
layer (physical communications), Internet Layer (network-to-network communication), Transport Layer
(basic channels for connections and connectionless exchange of data between hosts), and Application
Layer, where other protocols and user applications programs make use of network services.
Transport Control Protocol/Internet Protocol (TCP/IP) Model
A virtual local area network (VLAN) is a logical group of workstations, servers, and network devices that
appear to be on the same LAN despite their geographical distribution.
VLAN
A virtual private network (VPN), built on top of existing networks, that can provide a secure
communications mechanism for transmission between networks.
VPN
A wireless area network (WLAN) is a group of computers and devices that are located in the same
vicinity, forming a network based on radio transmissions rather than wired connections. A Wi-Fi network
is a type of WLAN.
WLAN
The graphical user interface (GUI) for the Nmap Security Scanner, an open-source application that scans
networks to determine everything that is connected as well as other information.
Zenmap
Removing the design belief that the network has any trusted space. Security is managed at each possible
level, representing the most granular asset. Microsegmentation of workloads is a tool of the model.
Zero Trust
Independent review and examination of records and activities to assess the adequacy of system controls,
to ensure compliance with established policies and operational procedures. NIST SP 1800-15B
Audit
An architectural approach to the design of buildings and spaces which emphasizes passive features to
reduce the likelihood of criminal activity.
Crime Prevention through Environmental Design (CPTED)
Information security strategy integrating people, technology, and operations capabilities to establish
variable barriers across multiple layers and missions of the organization. Source: NIST SP 800-53 Rev 4
Defense in Depth
A certain amount of access control is left to the discretion of the object's owner, or anyone else who is
authorized to control the object's access. The owner can determine who should have access rights to an
object and what those rights should be. NIST SP 800-192
Discretionary Access Control (DAC)
To protect private information by putting it into a form that can only be read by people who have
permission to do so.
Encrypt
Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules.
Firewalls
An entity with authorized access that has the potential to harm an information system through destruction,
disclosure, modification of data, and/or denial of service. NIST SP 800-32
Insider Threat
An operating system manufactured by Apple Inc. Used for mobile devices.
iOS
The use of multiple controls arranged in series to provide several consecutive controls to protect an asset;
also called defense in depth.
Layered Defense
An operating system that is open source, making its source code legally available to end users.
Linux
A system irregularity that is identified when studying log entries which could represent events of interest
for further surveillance.
Log Anomaly
Collecting and storing user activities in a log, which is a record of the events occurring within an
organization's systems and networks. NIST SP 1800-25B.
Logging
An automated system that controls an individual's ability to access one or more computer system
resources, such as a workstation, network, application or database. A logical access control system
requires the validation of an individual's identity through some mechanism, such as a PIN, card, biometric
or other token. It has the capability to assign different access privileges to different individuals depending
on their roles and responsibilities in an organization. NIST SP 800-53 Rev.5.
Logical Access Control Systems
Access control that requires the system itself to manage access controls in accordance with the
organization's security policies.
Mandatory Access Control
An entrance to a building or an area that requires people to pass through two doors with only one door
opened at a time.
Mantrap
Passive information system-related entity (e.g., devices, files, records, tables, processes, programs,
domains) containing or receiving information. Access to an object (by a subject) implies access to the
information it contains. See subject. Source: NIST SP 800-53 Rev 4
Object
Controls implemented through a tangible mechanism. Examples include walls, fences, guards, locks, etc.
In modern organizations, many physical control systems are linked to technical/logical systems, such as
badge readers connected to door locks.
Physical Access Controls
The principle that users and programs should have only the minimum privileges necessary to complete
their tasks. NIST SP 800-179
Principle of Least Privilege
An information system account with approved authorizations of a privileged user. NIST SP 800-53 Rev. 4
Privileged Account
A type of malicious software that locks the computer screen or files, thus preventing or limiting a user
from accessing their system and data until money is paid.
Ransomware
An access control system that sets up user permissions based on roles.
Role-based access control (RBAC)
An instruction developed to allow or deny access to a system by comparing the validated identity of the
subject to an access control list.
Rule
The practice of ensuring that an organizational process cannot be completed by a single person; forces
collusion as a means to reduce insider threats. Also commonly known as Separation of Duties.
Segregation of Duties
Generally an individual, process or device causing information to flow among objects or change to the
system state. Source: NIST SP800-53 R4
Subject
The security controls (i.e., safeguards or countermeasures) for an information system that are primarily
implemented and executed by the information system through mechanisms contained in the hardware,
software or firmware components of the system.
Technical Controls
A one-way spinning door or barrier that allows only one person at a time to enter a building or pass
through an area.
Turnstile
An operating system used in software development.
Unix
The process of creating, maintaining and deactivating user identities on a system.
User Provisioning
Events with a negative consequence, such as system crashes, network packet floods, unauthorized use of
system privileges, defacement of a web page or execution of malicious code that destroys data.
Adverse Events
The loss of control, compromise, unauthorized disclosure, unauthorized acquisition or any similar
occurrence where: a person other than an authorized user accesses or potentially accesses personally
identifiable information; or an authorized user accesses personally identifiable information for other than
an authorized purpose. Source: NIST SP 800-53 Rev. 5
Breach
Actions, processes and tools for ensuring an organization can continue critical operations during a
contingency.
Business Continuity (BC)
The documentation of a predetermined set of instructions or procedures that describe how an
organization's mission/business processes will be sustained during and after a significant disruption.
Business Continuity Plan (BCP)
An analysis of an information system's requirements, functions, and interdependencies used to
characterize system contingency requirements and priorities in the event of a significant disruption.
Reference: https://csrc.nist.gov/glossary/term/business-impact-analysis
Business Impact Analysis (BIA)
In information systems terms, the activities necessary to restore IT and communications services to an
organization during and after an outage, disruption or disturbance of any kind or scale.
Disaster Recovery (DR)
The processes, policies and procedures related to preparing for recovery or continuation of an
organization's critical business functions, technology infrastructure, systems and applications after the
organization experiences a disaster. A disaster is when an organization's critical business function(s)
cannot be performed at an acceptable level within a predetermined period following a disruption.
Disaster Recovery Plan (DRP)
Any observable occurrence in a network or system. Source: NIST SP 800-61 Rev 2
Event
A particular attack. It is named this way because these attacks exploit system vulnerabilities.
Exploit
An event that actually or potentially jeopardizes the confidentiality, integrity or availability of an
information system or the information the system processes, stores or transmits.
Incident
The mitigation of violations of security policies and recommended practices. Source: NIST SP 800-61
Rev 2
Incident Handling
The mitigation of violations of security policies and recommended practices. Source: NIST SP 800-61
Rev 2
Incident Response (IR)
The documentation of a predetermined set of instructions or procedures to detect, respond to and limit
consequences of a malicious cyberattack against an organization's information systems(s). Source: NIST
SP 800-34 Rev 1
Incident Response Plan (IRP)
A security event, or combination of security events, that constitutes a security incident in which an
intruder gains, or attempts to gain, access to a system or system resource without authorization. Source:
IETF RFC 4949 Ver 2
Intrusion
A centralized organizational function fulfilled by an information security team that monitors, detects and
analyzes events on the network or system to prevent and resolve issues before they result in business
disruptions.
Security Operations Center
Weakness in an information system, system security procedures, internal controls or implementation that
could be exploited or triggered by a threat source. Source: NIST SP 800-128.
Vulnerability
A previously unknown system vulnerability with the potential of exploitation without risk of detection or
prevention because it does not, in general, fit recognized patterns, signatures or methods.
Zero Day
Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse or
unauthorized access to or modification of information. Source: OMB Circular A-130
Adequate Security
Controls implemented through policy and procedures. Examples include access control processes and
requiring multiple personnel to conduct a specific operation. Administrative controls in modern
environments are often enforced in conjunction with physical and/or technical controls, such as an access-
granting policy for new users that requires login and approval by the hiring manager.
Administrative Controls
The ability of computers and robots to simulate human intelligence and behavior.
Artificial Intelligence
Anything of value that is owned by an organization. Assets include both tangible items such as
information systems and physical property and intangible assets such as intellectual property.
Asset
Access control process validating that the identity being claimed by a user or entity is known to the
system, by comparing one (single factor or SFA) or more (multi-factor authentication or MFA) factors of
identification.
Authentication
The right or a permission that is granted to a system entity to access a system resource. NIST 800-82
Rev.2
Authorization
Ensuring timely and reliable access to and use of information by authorized users.
Availability
A documented, lowest level of security configuration allowed by a standard or organization.
Baseline
Biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns.
Biometric
Malicious code that acts like a remotely controlled "robot" for an attacker, with other Trojan and worm
capabilities.
Bot
Information that has been determined to require protection against unauthorized disclosure and is marked
to indicate its classified status and classification level when in documentary form.
Classified or Sensitive Information
The characteristic of data or information when it is not made available or disclosed to unauthorized
persons or processes. NIST 800-66
Confidentiality
A measure of the degree to which an organization depends on the information or information system for
the success of a mission or of a business function. NIST SP 800-60 Vol. 1, Rev. 1
Criticality
The property that data has not been altered in an unauthorized manner. Data integrity covers data in
storage, during processing and while in transit. Source: NIST SP 800-27 Rev A
Data Integrity
similar meanings.
Encryption
In 2016, the European Union passed comprehensive legislation that addresses personal privacy, deeming
it an individual human right.
General Data Protection Regulation (GDPR)
The process of how an organization is managed; usually includes all aspects of how decisions are made
for that organization, such as policies, roles, and procedures the organization uses to make those
decisions.
Governance
This U.S. federal law is the most important healthcare information regulation in the United States. It
directs the adoption of national standards for electronic healthcare transactions while protecting the
privacy of individual's health information. Other provisions address fraud reduction, protections for
individuals with health insurance and a wide range of other healthcare-related activities. Est. 1996.
Health Insurance Portability and Accountability Act (HIPAA)
The magnitude of harm that could be caused by a threat's exercise of a vulnerability.
Impact
The potential adverse impacts to an organization's operations (including its mission, functions and image
and reputation), assets, individuals, other organizations, and even the nation, which results from the
possibility of unauthorized access, use, disclosure, disruption, modification or destruction of information
and/or information systems.
Information Security Risk
The property of information whereby it is recorded, used and maintained in a way that ensures its
completeness, accuracy, internal consistency and usefulness for a stated purpose.
Integrity
The ISO develops voluntary international standards in collaboration with its partners in international
standardization, the International Electro-technical Commission (IEC) and the International
Telecommunication Union (ITU), particularly in the field of information and communication
technologies.
International Organization of Standards (ISO)
The internet standards organization, made up of network designers, operators, vendors and researchers,
that defines protocol standards (e.g., IP, TCP, DNS) through a process of collaboration and consensus.
Source: NIST SP 1800-16B
Internet Engineering Task Force (IETF)
The probability that a potential vulnerability may be exercised within the construct of the associated
threat environment.
Likelihood
A weighted factor based on a subjective analysis of the probability that a given threat is capable of
exploiting a given vulnerability or set of vulnerabilities.
Likelihood of Occurrence
Using two or more distinct instances of the three factors of authentication (something you know,
something you have, something you are) for identity verification.
Multi-Factor Authentication
The NIST is part of the U.S. Department of Commerce and addresses the measurement infrastructure
within science and technology efforts within the U.S. federal government. NIST sets standards in a
number of areas, including information security within the Computer Security Resource Center of the
Computer Security Divisions.
National Institutes of Standards and Technology (NIST)
The inability to deny taking an action such as creating information, approving information and sending or
receiving a message.
Non-repudiation
The National Institute of Standards and Technology, known as NIST, in its Special Publication 800-122
defines PII as "any information about an individual maintained by an agency, including (1) any
information that can be used to distinguish or trace an individual's identity, such as name, Social Security
number, date and place of birth, mother's maiden name, or biometric records; and (2) any other
information that is linked or linkable to an individual, such as medical, educational, financial and
employment information."
Personally Identifiable Information (PII)
Controls implemented through a tangible mechanism. Examples include walls, fences, guards, locks, etc.
In modern organizations, many physical control systems are linked to technical/logical systems, such as
badge readers connected to door locks.
Physical Controls
The right of an individual to control the distribution of information about themselves.
Privacy
The chances, or likelihood, that a given threat is capable of exploiting a given vulnerability or a set of
vulnerabilities. Source: NIST SP 800-30 Rev. 1
Probability
Information regarding health status, the provision of healthcare or payment for healthcare as defined in
HIPAA (Health Insurance Portability and Accountability Act).
Protected Health Information (PHI)
A method for risk analysis that is based on the assignment of a descriptor such as low, medium or high.
Source: NISTIR 8286
Qualitative Risk Analysis
A method for risk analysis where numerical values are assigned to both impact and likelihood based on
statistical probabilities and monetarized valuation of loss or gain. Source: NISTIR 8286
Quantitative Risk Analysis
A possible event which can have a negative impact upon the organization.
Risk
Determining that the potential benefits of a business function outweigh the possible risk impact/likelihood
and performing that business function with no other action.
Risk Acceptance
The process of identifying and analyzing risks to organizational operations (including mission, functions,
image, or reputation), organizational assets, individuals and other organizations. The analysis performed
as part of risk management which incorporates threat and vulnerability analyses and considers mitigations
provided by security controls planned or in place.
Risk Assessment
Determining that the impact and/or likelihood of a specific risk is too great to be offset by the potential
benefits and not performing a certain business function because of that determination.
Risk Avoidance
The process of identifying, evaluating and controlling threats, including all the phases of risk context (or
frame), risk assessment, risk treatment and risk monitoring.
Risk Management
A structured approach used to oversee and manage risk for an enterprise. Source: CNSSI 4009
Risk Management Framework
Putting security controls in place to reduce the possible impact and/or likelihood of a specific risk.
Risk Mitigation
The level of risk an entity is willing to assume in order to achieve a potential desired result. Source: NIST
SP 800-32. Risk threshold, risk appetite and acceptable risk are also terms used synonymously with risk
tolerance.
Risk Tolerance
Paying an external party to accept the financial impact of a given risk.
Risk Transference
The determination of the best way to address an identified risk.
Risk Treatment
The management, operational and technical controls (i.e., safeguards or countermeasures) prescribed for
an information system to protect the confidentiality, integrity and availability of the system and its
information. Source: FIPS PUB 199
Security Controls
A measure of the importance assigned to information by its owner, for the purpose of denoting its need for
protection. Source: NIST SP 800-60 Vol 1 Rev 1
Sensitivity
Use of just one of the three available factors (something you know, something you have, something you
are) to carry out the authentication process being requested.
Single-Factor Authentication
The condition an entity is in at a point in time.
State
The quality that a system has when it performs its intended function in an unimpaired manner, free from
unauthorized manipulation of the system, whether intentional or accidental. Source: NIST SP 800-27 Rev.
A
System Integrity
Security controls (i.e., safeguards or countermeasures) for an information system that are primarily
implemented and executed by the information system through mechanisms contained in the hardware,
software or firmware components of the system.
Technical Controls
Any circumstance or event with the potential to adversely impact organizational operations (including
mission, functions, image or reputation), organizational assets, individuals, other organizations or the
nation through an information system via unauthorized access, destruction, disclosure, modification of
information and/or denial of service. Source: NIST SP 800-30 Rev 1
Threat
An individual or a group that attempts to exploit vulnerabilities to cause or force a threat to occur.
Threat Actor
The means by which a threat actor carries out their objectives.
Threat Vector
A physical object a user possesses and controls that is used to authenticate the user's identity. Source:
NISTIR 7711
Token
Weakness in an information system, system security procedures, internal controls or implementation that
could be exploited by a threat source. Source: NIST SP 800-30 Rev 1
Vulnerability
IEEE is a professional organization that sets standards for telecommunications, computer engineering and
similar disciplines.
Institute of Electrical and Electronics Engineers
Which of the following is a biometric access control mechanism? (D3, L3.2.1)
A) A badge reader
B) A copper key
C) A fence with razor tape on it
D) A door locked by a voiceprint identifier
D) A door locked by a voiceprint identifier
All of the following are typically perceived as drawbacks to biometric systems, except: (D3, L3.2.1)
A) Lack of accuracy
B) Potential privacy concerns
C) Retention of physiological data past the point of employment
D) Legality
A) Lack of accuracy
Which of the following is probably most useful at the perimeter of a property? (D3, L3.2.1)
A) A safe
B) A fence
C) A data center
D) A centralized log storage facility
B) A fence
Gary is unable to log in to the production environment. Gary tries three times and is then locked out of
trying again for one hour. Why? (D3, L3.3.1)
A) Gary is being punished
B) The network is tired
C) Users remember their credentials if they are given time to think about it
D) Gary's actions look like an attack
D) Gary's actions look like an attack
Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they
must both present their own keys (which are different) to the key reader, before the door to the data center
opens.
Which security concept is being applied in this situation? (D3, L3.1.1)
A) Defense in depth
C) Least privilege
D) Dual control
D) Dual control
A human guard monitoring a hidden camera could be considered a ______ control. (D3, L3.2.1)
A) Detective
B) Preventive
C) Deterrent
D) Logical
A) Detective
Which of the following statements is true? (D3, L3.3.1)
A) Logical access controls can protect the IT environment perfectly; there is no reason to deploy any
other controls
B) Physical access controls can protect the IT environment perfectly; there is no reason to deploy any
other controls
C) Administrative access controls can protect the IT environment perfectly; there is no reason to deploy
any other controls
D) It is best to use a blend of controls in order to provide optimum security
D) It is best to use a blend of controls in order to provide optimum security
Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of the
following except: (D3, L3.2.1)
A) Sign-in sheet/tracking log

B) Fence
C) Badges that differ from employee badges
D) Receptionist
B) Fence
Trina and Doug both work at Triffid, Inc. Doug is having trouble logging into the network. Trina offers to
log in for Doug, using Trina's credentials, so that Doug can get some work done.
What is the problem with this? (D3, L3.3.1)
A) Doug is a bad person

B) If Trina logs in for Doug, then Doug will never be encouraged to remember credentials without
assistance
C) Anything either of them do will be attributed to Trina
D) It is against the law
C) Anything either of them do will be attributed to Trina
Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve
as a security control in the environment. After doing some research, Trina selects a particular product.
Before that product can be purchased, a manager must review Trina's selection and determine whether to
approve the purchase. This is a description of: (D3, L3.1.1)
A) Two-person integrity
C) Software
D) Defense in depth
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme
for the company. Handel wants to ensure that employees who are assigned to new positions in the
company do not retain whatever access they had in their old positions. Which method should Handel
select? (D3, L3.3.1)
A) Role-based access controls (RBAC)

B) Mandatory access controls (MAC)
C) Discretionary access controls (DAC)
D) Logging
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme
for the company. Handel wants to ensure that employees transferring from one department to another,
getting promoted, or cross-training to new positions can get access to the different assets they'll need for
their new positions, in the most efficient manner. Which method should Handel select? (D3, L3.3.1)

B) Mandatory access controls (MAC)
C) Discretionary access controls (DAC)
D) Barbed wire
Which of the following activities is usually part of the configuration management process, but is also
extremely helpful in countering potential attacks? (D4.2 L4.2.3)
A) Annual budgeting
B) Conferences with senior leadership
C) Updating and patching systems
D) The annual shareholders' meeting
C) Updating and patching systems
Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an attack
designed to affect the availability of the environment. Which of the following might be the attack Ludwig
sees? (D4.2 L4.2.1)
A) DDOS (distributed denial of service)

B) Spoofing
C) Exfiltrating stolen data
D) An insider sabotaging the power supply
A) DDOS (distributed denial of service)
A VLAN is a _____ method of segmenting networks. (D4.3 L4.3.3)
A) Secret
B) Physical
C) Regulated
D) Logical
D) Logical
A device that filters network traffic in order to enhance overall security/performance. (D4.1 L4.1.1)
A) Endpoint
B) Laptop
C) MAC (media access control)
D) Firewall
D) Firewall
A tool that filters inbound traffic to reduce potential threats. (D4.2 L4.2.3)
A) NIDS (network-based intrusion-detection systems)

B) Anti-malware
C) DLP (data loss prevention)
D) Firewall
D) Firewall
The section of the IT environment that is closest to the external world; where we locate IT systems that
communicate with the Internet. (D4.3 L4.3.3)
A) VLAN
B) DMZ
C) MAC
D) RBAC
B) DMZ
Which common cloud service model offers the customer the most control of the cloud environment?
(D4.3 L4.3.2)
A) Lunch as a service (LaaS)

B) Infrastructure as a service (IaaS)
C) Platform as a service (PaaS)
D) Software as a service (SaaS)
B) Infrastructure as a service (IaaS)
Which of the following would be best placed in the DMZ of an IT environment? (D4.3 L4.3.3)
A) User's workplace laptop

B) Mail server
C) Database engine
D) SIEM log storage
B) Mail server
A device typically accessed by multiple users, often intended for a single purpose, such as managing
email or web pages. (D4.1 L4.1.1)
A) Router
B) Switch
C) Server
D) Laptop
C) Server
Cyril wants to ensure all the devices on his company's internal IT environment are properly synchronized.
Which of the following protocols would aid in this effort? (D4, L4.1.2)
A) FTP (File Transfer Protocol)

B) NTP (Network Time Protocol)
C) SMTP (Simple Mail Transfer Protocol)
D) HTTP (Hypertext Transfer Protocol)
B) NTP (Network Time Protocol)
Gary is an attacker. Gary is able to get access to the communication wire between Dauphine's machine
and Linda's machine and can then surveil the traffic between the two when they're communicating. What
kind of attack is this? (D4.2 L4.2.1)
A) Side channel
B) DDOS
C) On-path
D) Physical
C) On-path
The logical address of a device connected to the network or Internet. (D4.1 L4.1.1)
A) Media access control (MAC) address

B) Internet Protocol (IP) address
C) Geophysical address
D) Terminal address
B) Internet Protocol (IP) address
A tool that monitors local devices to reduce potential threats from hostile software. (D4.2 L4.2.3)
A) NIDS (network-based intrusion-detection systems)

B) Anti-malware
C) DLP (data loss prevention)
D) Firewall
B) Anti-malware
A tool that aggregates log data from multiple sources, and typically analyzes it and reports potential
threats. (D4.2 L4.2.2)
A) HIDS
B) Anti-malware
C) Router
D) SIEM
D) SIEM
Which of the following is not a typical benefit of cloud computing services? (D4.3 L4.3.2)
A) Reduced cost of ownership/investment

B) Metered usage
C) Scalability
D) Freedom from legal constraints
D) Freedom from legal constraints
Carol is browsing the Web. Which of the following ports is she probably using? (D4, L4.1.2)
A) 12
B) 80
C) 247
D) 999
B) 80
Which type of fire-suppression system is typically the safest for humans? (D4.3 L4.3.1)
A) Water
B) Dirt
C) Oxygen-depletion
D) Gaseous
A) Water
Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an additional
task necessary to ensure this control will function properly? (D4.2 L4.2.3)
A) Pay all employees a bonus for allowing anti-malware solutions to be run on their systems
B) Update the anti-malware solution regularly
C) Install a monitoring solution to check the anti-malware solution
D) Alert the public that this protective measure has been taken
B) Update the anti-malware solution regularly
If two people want to use asymmetric communication to conduct a confidential conversation, how many
keys do they need? (D5.1, L5.1.2)
A) 1
B) 4
C) 8
D) 11
B) 4
Which of these is the most important reason to conduct security instruction for all employees. (D5.4,
L5.4.1)
A) Reduce liability
B) Provide due diligence
C) It is a moral imperative
D) An informed user is a more secure user
D) An informed user is a more secure user
An organization must always be prepared to ______ when applying a patch. (D5.2, L5.2.1)
A) Pay for the updated content

B) Buy a new system
C) Settle lawsuits
D) Rollback
D) Rollback
By far, the most crucial element of any security instruction program. (D5.4, L5.4.1)
A) Protect assets
B) Preserve health and human safety
C) Ensure availability of IT systems
D) Preserve shareholder value
B) Preserve health and human safety
The output of any given hashing algorithm is always _____. (D5.1, L5.1.3)
A) The same length

B) The same characters
C) The same language
D) Different for the same inputs
A) The same length
Data _____ is data left behind on systems/media after normal deletion procedures have been attempted.
(D5.1, L5.1.1)
A) Fragments
B) Packets
C) Remanence
D) Residue
C) Remanence
Proper alignment of security policy and business goals within the organization is important because:
(D5.3, L5.3.1)
A) Security should always be as strict as possible

B) Security policy that conflicts with business goals can inhibit productivity
C) Bad security policy can be illegal
D) Security is more important than business
B) Security policy that conflicts with business goals can inhibit productivity
When data has reached the end of the retention period, it should be _____. (D5.1, L5.1.1)
A) Destroyed
B) Archived
C) Enhanced
D) Sold
A) Destroyed
When Pritha started working for Triffid, Inc., Pritha had to sign a policy that described how Pritha would
be allowed to use Triffid's IT equipment. What policy was this? (D5.3, L5.3.1)
A) The organizational security policy

B) The acceptable use policy (AUP)
C) The bring-your-own-device (BYOD) policy
D) The workplace attire policy
B) The acceptable use policy (AUP)
Who dictates policy? (D5.3, L5.3.1)
A) The security manager

B) The Human Resources office
D) Auditors
If two people want to use symmetric encryption to conduct a confidential conversation, how many keys
do they need? (D5.1, L5.1.3)
A) 1
B) 3
C) 8
D) none
A) 1
Security needs to be provided to ____ data. (D5.1, L5.1.1)
A) Restricted
B) Illegal
C) Private
D) All
D) All
Data retention periods apply to ____ data. (D5.1, L5.1.1)
A) Medical
B) Sensitive
C) All
D) Secret
C) All
Two people must enter sensitive areas together is known as what?
A) Two Person Integrity

B) Two Person Control
Two people must jointly approve sensitive actions is known as what?

What set of principles uses the built environment to improve security?
A) CSA
B) NSA
C) CPTED
D) NIST
C) CPTED
What type of lock always requires entering a code to enter the facility?
A) Magnetic stripe card lock

B) Proximity card lock
C) Biometric lock
D) Cipher lock
D) Cipher lock
What type of physical security control should always be disclosed to visitors when used?
A) Fences
B) Cameras
C) Intrusion alarms
D) Security guards
B) Cameras
Attestation reviews formal approval documentation.
A) True
B) False
A) True
_____________ adds user location information to logs.
A) Caching
B) Hashing
C) Geotagging
D) Stickies
C) Geotagging
_____________ alerts when a device leaves defined boundaries.
A) NIDS
B) Firewalls
C) Geofencing
D) Routers
C) Geofencing
After onboarding, administrators create authentication credentials and grant appropriate authorization.
What is this known as?
A) Deprovisioning
B) Provisioning
C) Setup
D) Installation
B) Provisioning
During the offboarding process, administrators disable accounts and revoke authorizations at the
appropriate time. What is this known as?
A) Deprovisioning
B) Provisioning
C) Setup
D) Installation
A) Deprovisioning
True or False
A Routine Workflow is when an administrator disables accounts on a scheduled basis for planned
departures.
A) True
B) False
A) True
True or False
A Emergency Workflow is when an administrator disables accounts immediately when a user is

unexpectedly terminated.
A) True
B) False
A) True
True or False
Authentication determines what an authorized user can do.
A) True
B) False
B) False
Correct Answer: Authorization determines what an authenticated user can do.

What are the most stringent access control types?
A) Mandatory Access Control (MAC)

B) Role-Based Access Control (RBAC)
C) Discretionary Access Control (DAC)
D) None of the above
What are access control system is flexible and is determined by file owners? (This access control is most
common)

What access control type grants permissions to groups of people?

What principle states that individuals should only have the minimum set of permissions necessary to carry
out their job functions?
A) Least privilege
B) Two person control
C) Job rotation
D) Separation of privileges
A) Least privilege
Local Area Networks (LAN) are connected to what?
A) WiFI
B) WAN
C) TAN
D) MAN
B) WAN
RJ-45 (Ethernet Cables) connectors have how many pins?
A) 6
B) 4
C) 8
D) 10
C) 8
What are RJ-11 cables used for?
A) Computers
B) Monitors
C) Printers
D) Telephone connections
D) Telephone connections
RJ-11 cables have how many pins?
A) 6
B) 4
C) 8
D) 10
A) 6
Bluetooth devices create what type of networks?
A) Personal Area Networks (PANs)

B) Wide Area Networks (WANs)
C) Mobile Area Networks (MANs)
D) Wireless Local Area Networks (WLANs)
A) Personal Area Networks (PANs)
Range for a Bluetooth network is what?
A) 30 FT / 10 meters
B) 25 FT / 8 meters
C) 10 FT / 2 meters
D) Unlimited
A) 30 FT / 10 meters
TCP is a ________________________ oriented protocol.
A) connection
B) connectionless
C) seamless
D) universal
A) connection
How does the TCP Threeway Handshake look?
A) SYN > SYN/ACK > ACK

B) ACK > SYN > ACK/SYN
C) SYN > ACK > SYN/ACK
D) SYN/ACK > ACK > SYN
A) SYN > SYN/ACK > ACK
At what stage of the TCP Threeway Handshake is the request to connect generated?
A) ACK
B) SYN/ACK
C) SYN
C) SYN
Which TCP Flag indicates a connection needs to be opened?
A) SYN
B) FIN
C) ACK
D) RST
A) SYN
What is known as a lightweight, connectionless protocol?
A) TCP
B) UDP
C) RDP
D) LDAP
B) UDP
At what layer of the OSI model do cables exist?
A) Layer 1 (Physical)
B) Layer 2 (Data Link)
C) Layer 3 (Network)
D) Layer 4 (Transport)
At what layer of the OSI model does TCP and UDP exist?
At what layer of the OSI model does data translation and encryption/decryption take place?
C) Layer 6 (Presentation)
D) Layer 7 (Application)
C) Layer 6 (Presentation)
How many layers does the TCP model have?
A) 2
B) 1
C) 4
D) 7
C) 4
How many layers does the OSI model have?
A) 2
B) 1
C) 4
D) 7
D) 7
What are the layer names for the TCP model?
A) Network Interface, Internet, Transport, Application

B) Transport, Session, Presentation, Application
C) Data Link, Network, Transport, Presentation
D) Physical, Data Link, Network, Session
A) Network Interface, Internet, Transport, Application
How many possible ports are there on a network?
A) 65,300
B) 1,000
C) 10,000
D) 65,535
D) 65,535
What port range is known as the "well-known" ports?
A) 0 - 1,023
B) 0 - 1,000
C) 0 - 10,000
D) 0 - 65,535
A) 0 - 1,023
What port range is known as the "registered" ports?
A) 1,000 - 50,000
B) 1,024 - 49,151
C) 1,025 - 55,252
D) 1,215 - 48,565
B) 1,024 - 49,151
What port range is known as "dynamic" ports?
A) 49,152 - 65,535
B) 10,000 - 65,535
C) 47,455 - 65,535
D) 36,712 - 65,535
A) 49,152 - 65,535
What is port 21 used for?
A) HTTP
B) SSH
C) FTP
D) SMB
C) FTP
A) HTTP
B) SSH
C) FTP
D) SMB
B) SSH
A) HTTPS
B) SQL Server
C) SMB
D) RDP
D) RDP
What are ports 137, 138, and 139 used for?
A) SMB
B) NetBIOS
C) LDAP
D) NTP
B) NetBIOS
A) DNS
B) FTPS
C) HTTP
D) RDP
A) DNS
A) SMTP
B) HTTP
C) HTTPS
D) DNS
A) SMTP
A) DNS
B) LDAP
C) NetBIOS
D) POP
D) POP
A) NetBIOS
B) SSH
C) IMAP
D) SMTP
C) IMAP
A) HTTP
B) HTTPS
C) FTP
D) RDP
A) HTTP
A) HTTP
B) HTTPS
C) FTP
D) RDP
B) HTTPS
Wi-Fi Protected Access (WPA) changes keys with the ______________ Key Integrity Protocol (TKIP).
A) Traditional
B) Temporary
C) Temporal
D) Tailored
C) Temporal
Wi-Fi Protected Access v2 (WPA2) adds security with _____________.
A) ICMP
B) PNP
C) CCMP
D) RMPT
C) CCMP
What new authentication technology is introduced with Wi-Fi Protected Access v3 (WPA3)?
A) Blockchain
B) SAE
C) RKIP
D) Blowfish
B) SAE
What is it known when a ping request is successfully received?
A) ICMP Echo Reply

B) ICMP Echo Response
C) ICMP Echo Request
D) ICMP Echo Init
A) ICMP Echo Reply
What is it known when a ping request is successfully sent?
A) ICMP Echo Reply

B) ICMP Echo Response
D) ICMP Echo Init
What TCP flag indicates that a packet is requesting a new connection?
A) PSH
B) SYN
C) RST
D) URG
B) SYN
What type of network is most often used to connect peripherals to computers and mobile devices?
A) Wi-Fi
B) Bluetooth
C) WAN
D) LAN
B) Bluetooth
Which one of the following ports is not normally used by email systems?
A) 25
B) 139
C) 110
D) 143
B) 139 - NetBIOS
What technology provides the translation that assigns public IP addresses to privately addressed systems
that wish to communicate on the Internet?
A) TLS
B) HTTP
C) SSL
D) NAT
D) NAT
What command may be used to determine the network path between two locations?
A) tracert
B) ping
C) arp
D) dig
A) tracert
Brad is configuring a new wireless network for his small business. What wireless security standard should
he use?
A) WPA
B) WEP2
C) WPA2
D) WEP
C) WPA2
How many components does Malware have?
A) 1
B) 2
C) 4
D) 9
B) 2
1. Propagation Mechanism
2. Payload
What is the best way to protect against viruses?
A) User Education
B) Patching
C) NIDS
D) Fences
A) User Education
___________ steal computing power, network bandwidth, and storage capacity.
A) Blockchains
B) Virus
C) Botnets
D) Spyware
C) Botnets
______________ attacks exploit flaws in browsers and browser plugins.
A) Man-in-the-Browser
B) Man-in-the-Middle
C) Man-in-the-Connection
D) Man-in-the-Know
A) Man-in-the-Browser
True or False
In a Replay Attack, the attacker can see the encoded credentials.
A) True
B) False
B) False
_________________ tricks browsers into using unencrypted communications.
A) Spoofing
B) SSL Stripping
C) HTTP Masquerade
D) Detour Attack
B) SSL Stripping
________________________ use externally forced errors.
A) Fault Injection Attacks

B) Reverse Engineering
C) SQL Injections
D) XSS
A) Fault Injection Attacks
What type of malware spreads under its own power?
A) Worm
B) Spyware
C) Virus
D) Trojan horse
A) Worm
Which one of the following techniques is useful in preventing replay attacks?
A) Man-in-the-middle
B) Full disk encryption
C) Session tokens
D) Mobile device management
C) Session tokens
_________________ monitor network traffic for signs of malicious activity.
A) IDS
B) Firewall
C) Anti-Virus
D) Cameras
A) IDS
True or False
An IDS can detect SQL Injection attacks, malformed packets used to create a DoS, unusual login patterns
outside of normal hours or geographic area, and botnet traffic.
A) True
B) False
A) True
_____________________ block malicious activity automatically.
A) IDS
B) IPS
C) Anti-Virus
D) Biometrics
B) IPS
The following are detection types for an IDS:
1. Signature Based Detection

2. Anomaly Base Detection
1. Also known as Behavior Based Detection
2. Also known as Heuristic Based Detection
1. Signature Based Detection
2. Anomaly Base Detection
1. Also known as Behavior Based Detection
2. Also known as Heuristic Based Detection
True or False
In-band (inline) IPS deployment mode sits in the path of network communications.
A) True
B) False
A) True
True or False
Out-of-band (passive) IPS deployment mode connects to a SPAN port on a switch.
A) True
B) False
A) True
What type of malware prevention is most effective against known viruses?
A) Behavior analysis
B) Signature detection
C) Anomaly detection
D) Heuristic detection
B) Signature detection
Rachel recently investigated a security alert from her intrusion detection system and, after exhaustive
research, determined that the alert was not the result of an intrusion. What type of error occurred?
A) True positive
B) False negative
C) True negative
D) False positive
D) False positive
Nmap is an example of a _____ tool.
A) Port scanning
B) Web application vulnerability scanning
C) Protocol analyzing
D) Network vulnerability scanning
A) Port scanning
Nessus is an example of a _____ tool.
A) Port scanning
B) Web application vulnerability scanning
C) Protocol analyzing
What temperature range should be maintained in a data center?
A) 64.4 F - 80.6 F
B) 50 F - 85 F
C) 32 F - 60 F
D) 45 F - 90 F
A) 64.4 F - 80.6 F
What dew point range should be maintained in a data center?
A) 64.4 F - 80.6 F
B) 50 F - 85 F
C) 41.9 - 50 F
D) 45 F - 90 F
C) 41.9 - 50 F
True or False
Pipes that contain water and are ready to deploy when a fire strikes is known as "Wet Pipe Systems".
A) True
B) False
A) True
Network Border Firewalls have three different security zones, these are called:
A) Private, Internal, Virtual

B) Internet, DMZ, Internal
C) Internet, VLAN, Local
D) Internet, DMZ, Private
B) Internet, DMZ, Internal
Intranet segments that are extended to business partners.
A) Intranet
B) Internet
C) VPN
D) Extranet
D) Extranet
Decoy networks designed to attract attackers.
A) LAN
B) Honeynet
C) Honeybowl
D) Honeycombs
B) Honeynet
Temporary networks that may bypass security controls.
A) Honeypot
B) Honeynet
C) Ad-Hoc Network
D) Temporary LAN
C) Ad-Hoc Network
What do professionals call network traffic that exists between systems located in the data center?
A) East-West Traffic
B) Side-by-Side Traffic
C) Local Traffic
D) On Premise Traffic
A) East-West Traffic
What do professionals call network traffic that exists between systems and systems on the internet?
A) North-South Traffic
B) Side-by-Side Traffic
C) Local Traffic
D) On Premise Traffic
A) North-South Traffic
Switches operate at which layers of the OSI model? (Pick two)
___________ firewalls evaluate each connection independently.
A) Stateful
B) Stateless
C) Semi-Stateful
D) Semi-Stateless
B) Stateless
_____________ firewalls track open connections.
A) Stateful
B) Stateless
C) Semi-Stateful
D) Semi-Stateless
A) Stateful (These are Modern Firewalls)
What firewall rule receives traffic not explicitly allowed by a firewall rule, then that traffic must be
blocked?
A) Implicit Deny
B) Explicit Deny
C) Strict Deny
D) Closed Deny
A) Implicit Deny (This is a default deny rule)
What are 4 types of VPN Endpoints?
A) Firewalls, Routers, Servers, VPN Concentrators

B) Computers, Switches, Hubs, Modems
C) Firewalls, NID, HID, DMZ
D) Switches, Routers, OpenVPN, NAS
A) Firewalls, Routers, Servers, VPN Concentrators
IPSec (Internet Protocol Security) operates at what layer of the OSI model?
A) Layer 1
B) Layer 2
C) Layer 3
D) Layer 6
C) Layer 3 (Supports L2TP - Layer 2 Tunneling Protocol)
SSL/TLS VPNs work at the application layer (Layer 7) of the OSI model over TCP port _________.
A) 443
B) 139
C) 8081
D) 445
A) 443
True or False
Full Tunnel VPN's allow all network traffic to leave a connected device and routes it through a VPN
tunnel, regardless of its final destination.
A) True
B) False
A) True
True or False
Split Tunnel VPN's allow only traffic destined for the corporate network and is sent through a VPN
tunnel. Other traffic is routed directly over the internet.
A) True
B) False
A) True
True or False
Split Tunnel VPN's provide users with a false sense of security.
A) True
B) False
A) True
Network Access Control (NAC) uses __________ authentication.
A) 800.5x
B) 802.1x
C) 741.5x
D) 850.2x
B) 802.1x
True or False
Network segmentation is the most important control for embedded devices.

A) True
B) False
A) True
What is the piece of software running on a device that enables it to connect to a NAC-protected network?
A) SNMP agent
B) Authenticator
C) Supplicant
D) Authentication server
C) Supplicant
What network port is used for SSL/TLS VPN connections?
A) 88
B) 80
C) 1521
D) 443
D) 443
What is the most important control to apply to smart devices?
A) Intrusion detection
B) Application firewalls
C) Wrappers
D) Network segmentation
D) Network segmentation
What network device can connect together multiple networks?
A) Switch
B) Router
C) AP
D) Wireless controller
B) Router
Ricky would like to separate his network into three distinct security zones. Which one of the following
devices is best suited to that task?
A) IPS
B) Router
C) Switch
D) Firewall
D) Firewall
What security principle does a firewall implement with traffic when it does not have a rule that explicitly
defines an action for that communication?
A) Least privilege
B) Separation of duties
C) Informed consent
D) Implicit deny
D) Implicit deny
Which one of the following devices carries VLANs on a network?
A) Switch
B) Router
C) Firewall
D) Hub
A) Switch
What is the minimum acceptable temperature for a data center?
A) 80.6 degrees Fahrenheit

B) 64.4 degrees Fahrenheit
C) 72.4 degrees Fahrenheit
D) 68.0 degrees Fahrenheit
B) 64.4 degrees Fahrenheit
What is known as a ubiquitous, convenient, on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or service provider interaction?
A) Cloud Computing
B) Hybrid Computing
C) Server Farm
D) Segregated Networks
A) Cloud Computing
What are the three cloud service categories?
A) SaaS, IaaS, PaaS

B) SaaS, MaaS, TaaS
C) FaaS, EaaS, PaaS
D) FaaS, MaaS, TaaS
A) SaaS, IaaS, PaaS
Which cloud service category allows customers to purchase an entire app and have it built?
A) IaaS
B) PaaS
C) SaaS
D) TaaS
C) SaaS (Software as a Service)
Which cloud service category allows customers to purchase servers/storage?
A) IaaS
B) PaaS
C) SaaS
D) TaaS
A) IaaS (Infrastructure as a Service)
Which cloud service category allows customers to purchase an app platform?
A) IaaS
B) PaaS
C) SaaS
D) TaaS
B) PaaS (Platform as a Service)
True or False
The security responsibility for IaaS platforms are separated into two categories: vendor is responsible for
the hardware and data center, and the customer is responsible for the OS, application, and Data
maintained.
A) True
B) False
A) True
True or False
The security responsibility for PaaS platforms are separated into two categories: vendor is responsible for
the hardware, OS, and data center, and the customer is responsible for the application and Data
maintained.
A) True
B) False
A) True
True or False
The security responsibility for SaaS platforms are separated into two categories: vendor is responsible for
the hardware, OS, application, and data center, and the customer is responsible for just the Data
maintained.
A) True
B) False
A) True
________ cloud computing uses a shared responsibility model.
A) Private
B) Hybrid
C) Public
D) Community
C) Public
___________ combines resources from two different public cloud vendors.
A) Public
B) Hybrid
C) Community
D) Multi-Cloud
D) Multi-Cloud
_____________ provide security services for other organizations as a managed service.
A) MSSPs
B) CSSPs
C) NSSPs
D) RSSPs
A) MSSPs
MSSPs may also be referred to as ____________.
A) Security as a Service (SECaaS)

B) Protection as a Service (PROaaS)
C) Physical Security as a Service (PHSaaS)
A) Security as a Service (SECaaS)
_______________ add a third-party security layer to the interactions that users have with other cloud
services.
A) Brokers
B) Help Desk
C) CASB (Cloud Access Security Brokers)
D) ITASB (IT Access Security Brokers)
C) CASB (Cloud Access Security Brokers)
True or False
Ensure that vendor security policies are at least as stringent as your own.
A) True
B) False
A) True
What is the Vendor Management Life Cycle?
A) Vendor Selection
B) Onboarding
C) Monitoring
D) Offboarding
E) All of the above
F) None of the above
E) All of the above
Vendors extend your organization's technology environment. If they handle data on your behalf, you
should expect they execute the same degree of care that you would in your own operations.
A) True
B) False
A) True
Which cloud deployment model exclusively uses dedicated cloud resources for a customer?
A) Community cloud
B) Private cloud
C) Hybrid cloud
D) Public cloud
B) Private cloud
What type of agreement is used to define availability requirements for an IT service that an organization
is purchasing from a vendor?
A) ISA
B) MOU
C) BPA
D) SLA
D) SLA (Service-Level Agreement)
Purchasing server instances and configuring them to run your own software is an example of what cloud
deployment model?
A) SecaaS
B) PaaS
C) SaaS
D) IaaS
D) IaaS (Keyword: server)
Which one of the following is not a characteristic of cloud computing?
A) Ubiquitous
B) Fixed
C) On-demand
D) Convenient
B) Fixed
In ______________ encryption you encrypt and decrypt with the same shared secret key.
A) Symmetric
B) Asymmetric
A) Symmetric
You encrypt with the _________ key and decrypt with the _________ key.
A) Public, Private
B) Private, Public
A) Public, Private
In ______________ encryption you encrypt and decrypt with the same shared secret key.
A) Symmetric
B) Asymmetric
B) Asymmetric
_________________ algorithms use keypairs where each user gets a public key and a private key.
A) Symmetric
B) Asymmetric
B) Asymmetric
Keys used for ____________ encryption and decryption must be from the same pair.
A) Symmetric
B) Asymmetric
B) Asymmetric
Example: Bob wants to send Alice an encrypted email. To do so, he takes Alice public key to encrypt the
message and then Alice decrypts it using her private key.
AES is ___________ and RSA is ____________.
A) Symmetric, Asymmetric
B) Asymmetric, Symmetric
A) Symmetric, Asymmetric
___________ is a one-way function that transforms a variable length input into a unique, fixed-length
output.
Hash Function
True or False
Hash Functions may fail if they are reversible or if they are not collision-resistant.
A) True
B) False
A) True
MD5 produces _____ bit hashes.
A) 128
B) 256
C) 512
D) 1024
A) 128
True or False
MD5 is no longer a secure hashing algorithm.
A) True
B) False
A) True
SHA-1 produces _____ bit hashes.
A) 128
B) 160
C) 256
D) 512
B) 160
True or False
SHA-1 is a secure hashing algorithm.

A) True
B) False
B) False
SHA-2 produces _____ bit hashes.
A) 224
B) 256
C) 384
D) 512
E) All of the above
E) All of the above
_______ uses a completely different hash generation approach than SHA-2.
A) SHA-1
B) SHA-3
C) SHA-4
D) SHA-5
B) SHA-3
RIPEMD produces _____ bit hashes.
A) 128
B) 160
C) 256
D) 320
E) All of the above
E) All of the above
_____ combines symmetric cryptography and hashing.
A) HMAC
B) BMAC
C) CMAC
D) AMAC
A) HMAC (Hash-Based Message Authentication Code)

ISC Certified in Cybersecurity

Uploaded by

Copyright:

Available Formats

You might also like

ISC Certified in Cybersecurity

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISC Certified in Cybersecurity

Uploaded by

Copyright:

Available Formats

ISC2 (ISC)2 Certified in Cybersecurity - Exam Prep

A) The security manager

A) A credit card presented to a cash machine

A) Medical systems that store patient data

A) Ensure all IT systems function during a potential interruption

A) The danger posed by the disaster might still be present

A) No incidents ever happen

A) MAC (mandatory access control)

Which security concept is being applied in this situation? (D3, L3.1.1)

Which security concept is being applied in this situation? (D3, L3.1.1)

A) Sign-in sheet/tracking log

What is the problem with this? (D3, L3.3.1)

A) Doug is a bad person

A) Role-based access controls (RBAC)

A) Role-based access controls (RBAC)

A) DDOS (distributed denial of service)

A) NIDS (network-based intrusion-detection systems)

A) Lunch as a service (LaaS)

A) User's workplace laptop

A) FTP (File Transfer Protocol)

A) Media access control (MAC) address

A) NIDS (network-based intrusion-detection systems)

A) Reduced cost of ownership/investment

A) Pay for the updated content

A) The same length

A) Security should always be as strict as possible

A) The organizational security policy

A) The security manager

A) Two Person Integrity

A) Two Person Integrity

A) Magnetic stripe card lock

A Emergency Workflow is when an administrator disables accounts immediately when a user is

Authentication determines what an authorized user can do.

Correct Answer: Authorization determines what an authenticated user can do.

A) Mandatory Access Control (MAC)

A) Mandatory Access Control (MAC)

A) Mandatory Access Control (MAC)

A) Personal Area Networks (PANs)

A) SYN > SYN/ACK > ACK

A) Network Interface, Internet, Transport, Application

A) ICMP Echo Reply

A) ICMP Echo Reply

In a Replay Attack, the attacker can see the encoded credentials.

A) Fault Injection Attacks

1. Signature Based Detection

Out-of-band (passive) IPS deployment mode connects to a SPAN port on a switch.

A) Private, Internal, Virtual

A) Firewalls, Routers, Servers, VPN Concentrators

Split Tunnel VPN's provide users with a false sense of security.

Network segmentation is the most important control for embedded devices.

A) 80.6 degrees Fahrenheit

A) SaaS, IaaS, PaaS

A) Security as a Service (SECaaS)

MD5 is no longer a secure hashing algorithm.

SHA-1 is a secure hashing algorithm.

You might also like