Download Your Ultimate Guide to Mastering the (ISC)² Certified in Cybersecurity Exam: Strategies f and more Exams Information Technology in PDF only on Docsity!
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
Document specific requirements that a customer has about any aspect of a vendor's service performance. A) DLR B) Contract C) SLR D) NDA - ANSC) SLR (Service-Level Requirements) _________ identifies and triages risks. - ANSRisk Assessment _________ are external forces that jeopardize security. - ANSThreats _________ are methods used by attackers. - ANSThreat Vectors _________ are the combination of a threat and a vulnerability. - ANSRisks We rank risks by _________ and _________. - ANSLikelihood and impact _________ use subjective ratings to evaluate risk likelihood and impact. - ANSQualitative Risk Assessment _________ use objective numeric ratings to evaluate risk likelihood and impact. - ANSQuantitative Risk Assessment _________ analyzes and implements possible responses to control risk. - ANSRisk Treatment _________ changes business practices to make a risk irrelevant. - ANSRisk Avoidance _________ reduces the likelihood or impact of a risk. - ANSRisk Mitigation An organization's _________ is the set of risks that it faces. - ANSRisk Profile _________ Initial Risk of an organization. - ANSInherent Risk _________ Risk that remains in an organization after controls. - ANSResidual Risk _________ is the level of risk an organization is willing to accept. - ANSRisk Tolerance _________ reduce the likelihood or impact of a risk and help identify issues. - ANSSecurity Controls _________ stop a security issue from occurring. - ANSPreventive Control _________ identify security issues requiring investigation. - ANSDetective Control _________ remediate security issues that have occurred. - ANSRecovery Control Hardening == Preventative - ANSVirus == Detective Backups == Recovery - ANSFor exam (Local and Technical Controls are the same) _________ use technology to achieve control objectives. - ANSTechnical Controls _________ use processes to achieve control objectives. - ANSAdministrative Controls _________ impact the physical world. - ANSPhysical Controls _________ tracks specific device settings. - ANSConfiguration Management _________ provide a configuration snapshot. - ANSBaselines (track changes) _________ assigns numbers to each version. - ANSVersioning _________ serve as important configuration artifacts. - ANSDiagrams _________ and _________ help ensure a stable operating environment. - ANSChange and Configuration Management Purchasing an insurance policy is an example of which risk management strategy? - ANSRisk Transference What two factors are used to evaluate a risk? - ANSLikelihood and Impact What term best describes making a snapshot of a system or application at a point in time for later comparison? - ANSBaselining What type of security control is designed to stop a security issue from occurring in the first place? - ANSPreventive What term describes risks that originate inside the organization? - ANSInternal
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
What four items belong to the security policy framework? - ANSPolicies, Standards, Guidelines, Procedures _________ describe an organization's security expectations. - ANSPolicies (mandatory and approved at the highest level of an organization) _________ describe specific security controls and are often derived from policies. - ANSStandards (mandatory) _________ describe best practices. - ANSGuidelines (recommendations/advice and compliance is not mandatory) _________ step-by-step instructions. - ANSProcedures (not mandatory) _________ describe authorized uses of technology. - ANSAcceptable Use Policies (AUP) _________ describe how to protect sensitive information. - ANSData Handling Policies _________ cover password security practices. - ANSPassword Policies _________ cover use of personal devices with company information. - ANSBring Your Own Device (BYOD) Policies _________ cover the use of personally identifiable information. - ANSPrivacy Policies _________ cover the documentation, approval, and rollback of technology changes. - ANSChange Management Policies Which element of the security policy framework includes suggestions that are not mandatory? - ANSGuidelines What law applies to the use of personal information belonging to European Union residents?
- ANSGDPR What type of security policy normally describes how users may access business information with their own devices? - ANSBYOD Policy _________ the set of controls designed to keep a business running in the face of adversity, whether natural or man-made. - ANSBusiness Continuity Planning (BCP) BCP is also known as _________. - ANSContinuity of Operations Planning (COOP) Defining the BCP Scope: - ANSWhat business activities will the plan cover? What systems will it cover? What controls will it consider? _________ identifies and prioritizes risks. - ANSBusiness Impact Assessment BCP in the cloud requires _________ between providers and customers. - ANSCollaboration _________ protects against the failure of a single component. - ANSRedundancy _________ identifies and removes SPOFs. - ANSSingle Point of Failure Analysis _________ continues until the cost of addressing risks outweighs the benefit. - ANSSPOF Analysis _________ uses multiple systems to protect against service failure. - ANSHigh Availability _________ makes a single system resilient against technical failures. - ANSFault Tolerance _________ spreads demand across systems. - ANSLoad Balancing 3 Common Points of Failure in a system. - ANSPower Supply, Storage Media, Networking Disk Mirroring is which RAID level? - ANS Disk striping with parity is which RAID level? - ANS5 (uses 3 or more disks to store data) What goal of security is enhanced by a strong business continuity program? - ANSAvailability What is the minimum number of disk required to perform RAID level 5? - ANS What type of control are we using if we supplement a single firewall with a second standby firewall ready to assume responsibility if the primary firewall fails? - ANSHigh Availability _________ provide structure during cybersecurity incidents. - ANSIncident Response Plan
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
_________ stock with all necessary equipment and data but are not maintained in a parallel fashion. Similar in expense to hot sites and can become operational in hours or days. - ANSWarm Site _________ these are geographically distant, offer site resiliency, require manual transfer or site replication through SAN or VM and provide online or offline backups. - ANSOffsite Storage Disaster Recovery Testing Goals: - ANSValidate that the plan functions correctly, Identify necessary plan updates Disaster Recovery Test types: - ANSRead-through, Walk-through, Simulation, Parallel Test, Full interruption test _________ ask each team member to review their role in the disaster recovery process and provide feedback. - ANSRead-throughs _________ gather the team together for a formal review of the disaster recovery plan. - ANSWalk-throughs (aka Tabletop exercise) _________ use a practice scenario to test the disaster recovery plan. - ANSSimulations _________ activate the disaster recovery environment but do not switch operations there. - ANSParallel tests _________ this switches primary operations to the alternate environment and can be very disruptive to business. - ANSFull Interruption tests Which type of backup includes only those files that have changes since the most recent full or incremental backup? - ANSIncremental (Revisit) What disaster recovery metric provides the targeted amount of time to restore a service after a failure? - ANSRTO (Revisit) Which disaster recovery tests involve the actual activation of the DR site? - ANSParallel What type of disaster recovery site is able to be activated most quickly in the event of a disruption? - ANSHot site Within the organization, who can identify risk? (D1, L1.2.2) A) The security manager B) Any security team member C) Senior management D) Anyone - ANSD) Anyone Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)² certification exam. What should Glen do? (D1, L1.5.1) A) Nothing B) Inform (ISC)² C) Inform law enforcement D) Inform Glen's employer - ANSB) Inform (ISC)² A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________. (D1, L1.1.1) A) Non-repudiation B) Multifactor authentication C) Biometrics
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
D) Privacy - ANSA) Non-repudiation In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset. (D1, L1.2.1) A) Fear B) Threat C) Control D) Asset - ANSB) Threat A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. (D1, L1.3.1) A) Physical B) Administrative C) Passive D) Technical - ANSD) Technical Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do? (D1, L1.5.1) A) Nothing B) Stop participating in the group C) Report the group to law enforcement D) Report the group to (ISC)² - ANSB) Stop participating in the group The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1) A) Policy B) Procedure C) Standard D) Law - ANSD) Law The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers' personal data. This set of rules is a _____. (D1, L1.4.2) A) Law B) Policy C) Standard D) Procedure - ANSC) Standard Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do? (D1, L1.5.1) A) Inform (ISC)² B) Explain the style and format of the questions, but no detail C) Inform the colleague's supervisor D) Nothing - ANSB) Explain the style and format of the questions, but no detail Of the following, which would probably not be considered a threat? (D1, L1.2.1) A) Natural disaster B) Unintentional damage to the system caused by a user C) A laptop with sensitive data on it D) An external attacker trying to gain unauthorized access to the environment - ANSC) A laptop with sensitive data on it Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do? (D1, L1.5.1) A) Inform (ISC)² B) Pay the parking ticket C) Inform supervisors at Triffid D) Resign employment from Triffid - ANSB) Pay the parking ticket Which of the following is an example of a "something you are" authentication factor? (D1, L1.1.1) A) A credit card presented to a cash machine B) Your password and PIN C) A user ID D) A photograph of your face - ANSD) A photograph of your face For which of the following systems would the security concept of availability probably be most important? (D1, L1.1.1) A) Medical systems that store patient data B) Retail records of past transactions C) Online streaming of camera feeds that display historical works of art in museums around the world D) Medical systems that monitor patient condition in an intensive care unit - ANSD) Medical systems that monitor patient condition in an intensive care unit In risk management concepts, a(n) _________ is something a security practitioner might need to protect. (D1, L1.2.1) A) Vulnerability B) Asset C) Threat D) Likelihood - ANSB) Asset
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1) A) Administrative B) Finite C) Physical D) Technical - ANSA) Administrative What is the overall objective of a disaster recovery (DR) effort? (D2, L2.3.1) A) Save money B) Return to normal, full operations C) Preserve critical business functions during a disaster D) Enhance public perception of the organization - ANSB) Return to normal, full operations True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs. A) True B) False - ANSB) False An attacker outside the organization attempts to gain access to the organization's internal files. This is an example of a(n) ______. (D2, L2.1.1) A) Intrusion B) Exploit C) Disclosure D) Publication - ANSA) Intrusion What is the most important goal of a business continuity effort? (D2, L2.2.1) A) Ensure all IT systems function during a potential interruption B) Ensure all business activities are preserved during a potential disaster C) Ensure the organization survives a disaster D) Preserve health and human safety - ANSD) Preserve health and human safety What is the risk associated with resuming full normal operations too soon after a DR effort? (D2, L2.3.1) A) The danger posed by the disaster might still be present B) Investors might be upset C) Regulators might disapprove D) The organization could save money - ANSA) The danger posed by the disaster might still be present What is the goal of an incident response effort? (D2, L2.1.1) A) No incidents ever happen B) Reduce the impact of incidents on operations C) Punish wrongdoers D) Save money - ANSB) Reduce the impact of incidents on operations
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
B) Fence C) Vacuum D) Firewall - ANSD) Firewall What is the most critical element of an organization's security program? - ANSAnswer: People What is the primary purpose of a security policy? - ANSAnswer: To provide guidance and direction for the organization's security program. What is the role of a security manager? - ANSAnswer: To plan, implement, and manage an organization's security program. What is a vulnerability assessment? - ANSAnswer: A process of identifying, quantifying, and prioritizing security weaknesses in an organization's systems, applications, and networks. What is the difference between a vulnerability assessment and a penetration test? - ANSAnswer: A vulnerability assessment is a non-intrusive evaluation of an organization's security posture, while a penetration test is an intrusive evaluation that attempts to exploit identified vulnerabilities. What is the CIA triad? - ANSAnswer: Confidentiality, Integrity, and Availability. What is the difference between confidentiality and privacy? - ANSAnswer: Confidentiality refers to the protection of sensitive information from unauthorized access, while privacy refers to an individual's right to control their personal information. What is the principle of least privilege? - ANSAnswer: The principle that users and processes should only be given the minimum level of access necessary to perform their duties. What is a firewall? - ANSAnswer: A network security device that monitors and controls incoming and outgoing traffic based on a set of rules. What is a DMZ? - ANSAnswer: A demilitarized zone, a network segment that is isolated from the internal network and is used to host servers that are accessible from the internet. What is encryption? - ANSAnswer: The process of converting plain text into an unreadable format to protect the confidentiality of the data. What is a digital signature? - ANSAnswer: An electronic method of verifying the authenticity and integrity of a message or document. What is a certificate authority? - ANSAnswer: An organization that issues digital certificates that can be used to verify the identity of individuals, systems, or organizations. What is a secure socket layer (SSL)? - ANSAnswer: A protocol that provides secure communication over the internet by encrypting data between web servers and web browsers. What is a virtual private network (VPN)? - ANSAnswer: A technology that creates a secure and encrypted connection between two networks over the internet. What is multi-factor authentication? - ANSAnswer: A security mechanism that requires users to provide more than one form of authentication, such as a password and a fingerprint, to gain access to a system. What is a denial of service (DoS) attack? - ANSAnswer: An attack that attempts to make a server, network, or website unavailable by overwhelming it with traffic or requests. What is social engineering? - ANSAnswer: The use of deception to manipulate individuals into divulging confidential information or performing actions that may not be in their best interest. What is a malware? - ANSAnswer: A software that is designed to cause harm or damage to a computer system, network, or data.
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
What is a phishing attack? - ANSAnswer: An attack that attempts to trick individuals into revealing sensitive information, such as passwords or credit card numbers, by posing as a trustworthy entity. What is a man-in-the-middle (MitM) attack? - ANSAnswer: An attack that intercepts communication between two parties to eavesdrop or modify the data being exchanged. What is a rootkit? - ANSAnswer: A software that is designed to hide its presence on a system, allowing an attacker to gain unauthorized access and control. What is a honeypot? - ANSAnswer: A decoy system that is designed to attract and detect unauthorized access attempts. What is a security incident? - ANSAnswer: An event that could potentially threaten the confidentiality, integrity, or availability of an organization's information or systems. What is the difference between a vulnerability and a risk? - ANSAnswer: A vulnerability is a weakness in a system that can be exploited by an attacker, while a risk is the likelihood and potential impact of a vulnerability being exploited. What is a security control? - ANSAnswer: A measure or mechanism that is implemented to reduce or mitigate a security risk. What is the difference between a security control and a security countermeasure? - ANSAnswer: A security control is a general term that refers to any measure or mechanism used to reduce risk, while a security countermeasure specifically refers to a measure that is implemented in response to a known threat. What is the concept of defense in depth? - ANSAnswer: The principle of implementing multiple layers of security controls to protect an organization's systems and data. What is a security incident response plan? - ANSAnswer: A documented plan that outlines the steps to be taken in the event of a security incident. What is a security audit? - ANSAnswer: A systematic evaluation of an organization's security controls and practices to ensure they are in compliance with industry standards and regulations. What is a risk assessment? - ANSAnswer: A process of identifying, analyzing, and evaluating risks to an organization's systems and data. What is the difference between a vulnerability scan and a penetration test? - ANSAnswer: A vulnerability scan is a non-intrusive evaluation of an organization's systems and networks, while a penetration test is an intrusive evaluation that attempts to exploit identified vulnerabilities. What is a security baseline? - ANSAnswer: A set of minimum security requirements that must be met by an organization's systems and networks. What is the difference between symmetric and asymmetric encryption? - ANSAnswer: Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses a public key for encryption and a private key for decryption. What is an access control list (ACL)? - ANSAnswer: A set of rules that determines which users or systems are allowed to access or interact with a particular resource. What is a security information and event management (SIEM) system? - ANSAnswer: A system that collects and analyzes security events and alerts to detect and respond to security threats. What is a data loss prevention (DLP) system? - ANSAnswer: A system that monitors and prevents the unauthorized transmission of sensitive data outside of an organization's network.
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
What is a security clearance investigation? - ANSAnswer: An investigation into an individual's background, character, and loyalty to determine their eligibility for a security clearance. What is a security baseline configuration? - ANSAnswer: A standardized configuration for an organization's systems and applications that meets minimum security requirements. What is a security incident response playbook? - ANSAnswer: A documented plan that outlines the specific steps to be taken in response to different types of security incidents. What is a security key management system? - ANSAnswer: A system used to generate, distribute, and manage encryption keys. What is a security governance framework? - ANSAnswer: A framework that outlines the policies, procedures, and processes for managing an organization's security program. What is a security key exchange protocol? - ANSAnswer: A protocol used to exchange encryption keys securely between two parties. What is a security information exchange format (STIX)? - ANSAnswer: A standard format for exchanging security information and threat intelligence. What is a security content automation protocol (SCAP)? - ANSAnswer: A standardized approach to assessing and managing security vulnerabilities and configurations. What is a security information management (SIM) system? - ANSAnswer: A system that collects, analyzes, and reports on security events and incidents. What is a security event correlation system? - ANSAnswer: A system that analyzes security events from multiple sources to identify potential security threats. What is a security access management (SAM) system? - ANSAnswer: A system that manages user access to an organization's systems and data. What is a security audit trail? - ANSAnswer: A log of security events and actions that can be used to track and investigate security incidents. What is a security exception management process? - ANSAnswer: A process for reviewing and approving exceptions to an organization's security policies and procedures. What is a security incident response communication plan? - ANSAnswer: A plan that outlines how communication will be handled during a security incident, including who will be notified, what information will be shared, and how communication will be managed. What is a security vulnerability management program? - ANSAnswer: A program that identifies, prioritizes, and addresses security vulnerabilities in an organization's systems and applications. What is a security breach notification law? - ANSAnswer: A law that requires organizations to notify individuals of a security breach that may have compromised their personal information. What is a security token service (STS)? - ANSAnswer: A service that issues and manages security tokens used for authentication and authorization. What is a security content repository? - ANSAnswer: A database or storage system that contains security-related information and documentation. What is a security incident management process? - ANSAnswer: A process for managing security incidents from identification through resolution and reporting. What is a security posture assessment? - ANSAnswer: An assessment of an organization's overall security posture, including strengths, weaknesses, and areas for improvement. What is a security information and event management (SIEM) correlation rule? - ANSAnswer: A rule that specifies criteria for correlating security events and alerts to detect and respond to security threats.
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
What is a security information and event management (SIEM) dashboard? - ANSAnswer: A graphical display that provides a real-time view of an organization's security events and alerts. What is a security vulnerability scanner? - ANSAnswer: A tool that scans an organization's systems and networks for vulnerabilities. What is a security threat intelligence feed? - ANSAnswer: A feed of information about security threats, vulnerabilities, and attacks that can be used to inform an organization's security program. What is a security assessment framework? - ANSAnswer: A framework that provides guidelines and standards for conducting security assessments. What is a security classification system? - ANSAnswer: A system for categorizing information based on its sensitivity and confidentiality requirements. What is a security architecture framework? - ANSAnswer: A framework that provides guidelines and standards for designing and implementing a secure architecture for an organization's systems and applications. What is a security control assessment? - ANSAnswer: An assessment of an organization's security controls to determine their effectiveness and compliance with industry standards and regulations. What is a security patch management program? - ANSAnswer: A program that manages the process of identifying, testing, and deploying security patches to address vulnerabilities in an organization's systems and applications. What is a security incident severity level? - ANSAnswer: A classification system used to categorize security incidents based on their potential impact and severity. What is a security exception request process? - ANSAnswer: A process for requesting exceptions to an organization's security policies and procedures. What is a security log analysis tool? - ANSAnswer: A tool used to analyze logs of security events and actions to identify potential security threats. What is a security vulnerability exploit? - ANSAnswer: An attack that uses a vulnerability in an organization's systems or applications to gain unauthorized access or control. What is a security incident response plan testing? - ANSAnswer: The process of testing an organization's security incident response plan to ensure it is effective and efficient. What is a security information and event management (SIEM) retention policy? - ANSAnswer: A policy that specifies how long security event logs and data should be retained. What is a security information and event management (SIEM) correlation engine? - ANSAnswer: An engine that analyzes security events and alerts to detect and respond to security threats. What is a security control validation? - ANSAnswer: The process of testing and verifying the effectiveness of an organization's security controls. What is a security incident response playbook testing? - ANSAnswer: The process of testing an organization's security incident response playbook to ensure it is effective and efficient. What is a security maturity model? - ANSAnswer: A model that provides a framework for assessing an organization's security maturity and identifying areas for improvement. What is a security culture? - ANSAnswer: The collective beliefs, attitudes, and behaviors of an organization's employees towards security. What is a security governance committee? - ANSAnswer: A committee responsible for overseeing an organization's security program and ensuring it aligns with business objectives.
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
performed based on industry guidelines and benchmarks, such as those provided by the Center for Internet Security (CIS). - ANSHardening An algorithm that computes a numerical value (called the hash value) on a data file or electronic message that is used to represent that file or message and depends on the entire contents of the file or message. A hash function can be considered to be a fingerprint of the file or message. NIST SP 800- 152 - ANSHash Function The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data. Source CNSSI 4009- 2015 - ANSHashing The requirements for information sharing by an IT system with one or more other IT systems or applications, for information sharing to support multiple internal or external organizations, missions, or public programs. NIST SP 800- 16 - ANSInformation Sharing Monitoring of incoming network traffic. - ANSIngress Monitoring A digital signature that uniquely identifies data and has the property such that changing a single bit in the data will cause a completely different message digest to be generated. NISTIR-8011 Vol.3 - ANSMessage Digest The software "master control application" that runs the computer. It is the first program loaded when the computer is turned on, and its main component, the kernel, resides in memory at all times. The operating system sets the standards for all application programs (such as the Web server) that run in the computer. The applications communicate with the operating system for most user interface and file management operations. NIST SP 800- 44 Version 2 - ANSOperating System A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component. Source: ISO/IEC 19770- 2 - ANSPatch The systematic notification, identification, deployment, installation and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs. Source: CNSSI 4009 - ANSPatch Management A message or data in its natural format and in readable form; extremely vulnerable from a confidentiality perspective. - ANSPlaintext The recordings (automated and/or manual) of evidence of activities performed or results achieved (e.g., forms, reports, test results), which serve as a basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items). NIST SP 800-53 Rev. 4 - ANSRecords A practice based on the records life cycle, according to which records are retained as long as necessary, and then are destroyed after the appropriate time interval has elapsed. - ANSRecords Retention Residual information remaining on storage media after clearing. NIST SP 800-88 Rev. 1 - ANSRemanence The first stage of change management, wherein a change in procedure or product is sought by a stakeholder. - ANSRequest for change (RFC) The entirety of the policies, roles, and processes the organization uses to make security decisions in an organization. - ANSSecurity Governance Tactics to infiltrate systems via email, phone, text, or social media, often impersonating a person or agency in authority or offering a gift. A low-tech method would be simply following someone into a secure building. - ANSSocial engineering
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
An algorithm that uses the same key in both the encryption and the decryption processes. - ANSSymmetric encryption A computer that provides World Wide Web (WWW) services on the Internet. It includes the hardware, operating system, Web server software, and Web site content (Web pages). If the Web server is used internally and not by the public, it may be known as an "intranet server." NIST SP 800-44 Version 2 - ANSWeb Server Phishing attacks that attempt to trick highly placed officials or private individuals with sizable assets into authorizing large fund wire transfers to previously unknown entities. - ANSWhaling Attack A set of routines, standards, protocols, and tools for building software applications to access a web-based software application or web tool. - ANSApplication programming interface (API) The most essential representation of data (zero or one) at Layer 1 of the Open Systems Interconnection (OSI) model. - ANSBit Broadcast transmission is a one-to-many (one-to-everyone) form of sending internet traffic. - ANSBroadcast The byte is a unit of digital information that most commonly consists of eight bits. - ANSByte A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. NIST 800- 145 - ANSCloud computing A system in which the cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy and compliance considerations). It may be owned, managed and operated by one or more of the organizations in the community, a third party or some combination of them, and it may exist on or off premises. NIST 800- 145 - ANSCommunity cloud The opposite process of encapsulation, in which bundles of data are unpacked or revealed. - ANSDe-encapsulation The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.) Source: NIST SP 800-27 Rev A - ANSDenial-of-Service (DoS) This acronym can be applied to three interrelated elements: a service, a physical server and a network protocol. - ANSDomain Name Service (DNS) Enforcement of data hiding and code hiding during all phases of software development and operational use. Bundling together data and methods is the process of encapsulation; its opposite process may be called unpacking, revealing, or using other terms. Also used to refer to taking any set of data and packaging it or hiding it in another data structure, as is common in network protocols and encryption. - ANSEncapsulation The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings. - ANSEncryption The internet protocol (and program) used to transfer files between hosts. - ANSFile Transfer Protocol (FTP) In a fragment attack, an attacker fragments traffic in such a way that a system is unable to put data packets back together. - ANSFragment attack The physical parts of a computer and related devices. - ANSHardware
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
The cloud customer uses the cloud provider's applications running within a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings. Derived from NIST 800- 145 - ANSSoftware as a Service (SaaS) Faking the sending address of a transmission to gain illegal entry into a secure system. CNSSI 4009- 2015 - ANSSpoofing Internetworking protocol model created by the IETF, which specifies four layers of functionality: Link layer (physical communications), Internet Layer (network-to-network communication), Transport Layer (basic channels for connections and connectionless exchange of data between hosts), and Application Layer, where other protocols and user applications programs make use of network services. - ANSTransport Control Protocol/Internet Protocol (TCP/IP) Model A virtual local area network (VLAN) is a logical group of workstations, servers, and network devices that appear to be on the same LAN despite their geographical distribution. - ANSVLAN A virtual private network (VPN), built on top of existing networks, that can provide a secure communications mechanism for transmission between networks. - ANSVPN A wireless area network (WLAN) is a group of computers and devices that are located in the same vicinity, forming a network based on radio transmissions rather than wired connections. A Wi-Fi network is a type of WLAN. - ANSWLAN The graphical user interface (GUI) for the Nmap Security Scanner, an open-source application that scans networks to determine everything that is connected as well as other information. - ANSZenmap Removing the design belief that the network has any trusted space. Security is managed at each possible level, representing the most granular asset. Microsegmentation of workloads is a tool of the model. - ANSZero Trust Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. NIST SP 1800-15B - ANSAudit An architectural approach to the design of buildings and spaces which emphasizes passive features to reduce the likelihood of criminal activity. - ANSCrime Prevention through Environmental Design (CPTED) Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. Source: NIST SP 800-53 Rev 4 - ANSDefense in Depth A certain amount of access control is left to the discretion of the object's owner, or anyone else who is authorized to control the object's access. The owner can determine who should have access rights to an object and what those rights should be. NIST SP 800- 192 - ANSDiscretionary Access Control (DAC) To protect private information by putting it into a form that can only be read by people who have permission to do so. - ANSEncrypt Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules. - ANSFirewalls
in Cybersecurity Exam: Strategies for Success.
Top Rated Exam Study Guide Latest Updated Exam
Study Guide 2025/2026.
An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service. NIST SP 800- 32 - ANSInsider Threat An operating system manufactured by Apple Inc. Used for mobile devices. - ANSiOS The use of multiple controls arranged in series to provide several consecutive controls to protect an asset; also called defense in depth. - ANSLayered Defense An operating system that is open source, making its source code legally available to end users. - ANSLinux A system irregularity that is identified when studying log entries which could represent events of interest for further surveillance. - ANSLog Anomaly Collecting and storing user activities in a log, which is a record of the events occurring within an organization's systems and networks. NIST SP 1800-25B. - ANSLogging An automated system that controls an individual's ability to access one or more computer system resources, such as a workstation, network, application or database. A logical access control system requires the validation of an individual's identity through some mechanism, such as a PIN, card, biometric or other token. It has the capability to assign different access privileges to different individuals depending on their roles and responsibilities in an organization. NIST SP 800-53 Rev.5. - ANSLogical Access Control Systems Access control that requires the system itself to manage access controls in accordance with the organization's security policies. - ANSMandatory Access Control An entrance to a building or an area that requires people to pass through two doors with only one door opened at a time. - ANSMantrap Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains. See subject. Source: NIST SP 800-53 Rev 4 - ANSObject Controls implemented through a tangible mechanism. Examples include walls, fences, guards, locks, etc. In modern organizations, many physical control systems are linked to technical/logical systems, such as badge readers connected to door locks. - ANSPhysical Access Controls The principle that users and programs should have only the minimum privileges necessary to complete their tasks. NIST SP 800- 179 - ANSPrinciple of Least Privilege An information system account with approved authorizations of a privileged user. NIST SP 800 - 53 Rev. 4 - ANSPrivileged Account A type of malicious software that locks the computer screen or files, thus preventing or limiting a user from accessing their system and data until money is paid. - ANSRansomware An access control system that sets up user permissions based on roles. - ANSRole-based access control (RBAC) An instruction developed to allow or deny access to a system by comparing the validated identity of the subject to an access control list. - ANSRule The practice of ensuring that an organizational process cannot be completed by a single person; forces collusion as a means to reduce insider threats. Also commonly known as Separation of Duties. - ANSSegregation of Duties Generally an individual, process or device causing information to flow among objects or change to the system state. Source: NIST SP800-53 R4 - ANSSubject The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms
