ISC2 CC Latest Update -

ISC2 – CC Latest Update - 250 Questions and 100% Verified Correct Answers Guaranteed A+

Adequate Security - CORRECT ANSWER: Security commensurate with the risk and the

magnitude of harm resulting from the loss, misuse or unauthorized access to or

modification of information. Source: OMB Circular A-130

Administrative Controls - CORRECT ANSWER: Controls implemented through policy

and procedures. Examples include access control processes and requiring multiple personnel to conduct a specific operation. Administrative controls in modern environments are often enforced in conjunction with physical and/or technical controls, such as an access-granting policy for new users that requires login and approval by the hiring manager.

Adverse Events - CORRECT ANSWER: Events with a negative consequence, such as

system crashes, network packet floods, unauthorized use of system privileges, defacement of a web page or execution of malicious code that destroys data.

Application programming interface (API) - CORRECT ANSWER: A set of routines,

standards, protocols, and tools for building software applications to access a web-based software application or web tool.

Application Server - CORRECT ANSWER: A computer responsible for hosting

applications to user workstations. NIST SP 800-82 Rev.2

Artificial Intelligence - CORRECT ANSWER: The ability of computers and robots to simulate human intelligence and behavior.

Asset - CORRECT ANSWER: Anything of value that is owned by an organization.

Assets include both tangible items such as information systems and physical property and intangible assets such as intellectual property.

Asymmetric Encryption - CORRECT ANSWER: An algorithm that uses one key to

encrypt and a different key to decrypt the input plaintext.

Audit - CORRECT ANSWER: Independent review and examination of records and

activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. NIST SP 1800-15B

Authentication - CORRECT ANSWER: Access control process validating that the

identity being claimed by a user or entity is known to the system, by comparing one (single factor or SFA) or more (multi-factor authentication or MFA) factors of identification.

• / 3

Authorization - CORRECT ANSWER: The right or a permission that is granted to a

system entity to access a system resource. NIST 800-82 Rev.2

Availability - CORRECT ANSWER: Ensuring timely and reliable access to and use of information by authorized users.

Baseline - CORRECT ANSWER: A documented, lowest level of security configuration

allowed by a standard or organization.

Biometric - CORRECT ANSWER: Biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns.

Bit - CORRECT ANSWER: The most essential representation of data (zero or one) at Layer 1 of the Open Systems Interconnection (OSI) model.

Bot - CORRECT ANSWER: Malicious code that acts like a remotely controlled "robot" for an attacker, with other Trojan and worm capabilities.

Breach - CORRECT ANSWER: The loss of control, compromise, unauthorized

disclosure, unauthorized acquisition or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other

than an authorized purpose. Source: NIST SP 800-53 Rev. 5

Broadcast - CORRECT ANSWER: Broadcast transmission is a one-to-many (one-to-

everyone) form of sending internet traffic.

Business Continuity (BC) - CORRECT ANSWER: Actions, processes and tools for

ensuring an organization can continue critical operations during a contingency.

Business Continuity Plan (BCP) - CORRECT ANSWER: The documentation of a

predetermined set of instructions or procedures that describe how an organization's mission/business processes will be sustained during and after a significant disruption.

Business Impact Analysis (BIA) - CORRECT ANSWER: An analysis of an information

system's requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.Reference: https://csrc.nist.gov/glossary/term/business-impact-analysis

Byte - CORRECT ANSWER: The byte is a unit of digital information that most

commonly consists of eight bits.

Checksum - CORRECT ANSWER: A digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data.

• / 3

Ciphertext - CORRECT ANSWER: The altered form of a plaintext message so it is

unreadable for anyone except the intended recipients. In other words, it has been turned into a secret.

Classification - CORRECT ANSWER: Classification identifies the degree of harm to the organization, its stakeholders or others that might result if an information asset is divulged to an unauthorized person, process or organization. In short, classification is focused first and foremost on maintaining the confidentiality of the data, based on the data sensitivity.

Classified or Sensitive Information - CORRECT ANSWER: Information that has been

determined to require protection against unauthorized disclosure and is marked to indicate its classified status and classification level when in documentary form.

Cloud computing - CORRECT ANSWER: A model for enabling ubiquitous, convenient,

on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. NIST 800- 145

Community cloud - CORRECT ANSWER: A system in which the cloud infrastructure is

provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy and compliance considerations). It may be owned, managed and operated by one or more of the organizations in the community, a third party or some combination of them, and it may exist on or off premises. NIST 800-145

Confidentiality - CORRECT ANSWER: The characteristic of data or information when it is not made available or disclosed to unauthorized persons or processes. NIST 800-66

Configuration management - CORRECT ANSWER: A process and discipline used to

ensure that the only changes made to a system are those that have been authorized and validated.

Crime Prevention through Environmental Design (CPTED) - CORRECT ANSWER: An

architectural approach to the design of buildings and spaces which emphasizes passive features to reduce the likelihood of criminal activity.

Criticality - CORRECT ANSWER: A measure of the degree to which an organization

depends on the information or information system for the success of a mission or of a business function. NIST SP 800-60 Vol. 1, Rev. 1

Cryptanalyst - CORRECT ANSWER: One who performs cryptanalysis which is the

study of mathematical techniques for attempting to defeat cryptographic techniques and/or information systems security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself.

• / 3