Domain 1

Question 1

Adequate Security

Answer 1

proper level of security that is equivalent to the level of risk potential

Question 2

Administrative Controls

Answer 2

controls implemented through policy & procedure

Question 3

Artificial Intelligence

Answer 3

ability of human intelligence/behavior to be replicated by computer/robots

Question 4

Asset

Answer 4

anything of value owned by an organization & needs protection (e.g. laptop with sensitive data)

Question 5

Authentication

Answer 5

act of identifying/verifying eligibility to access information

Question 5

Authorization

Answer 5

right/permission granted to an entity to access a resource

Question 6

Availability

Answer 6

principle of the CIA triad that sets the standard that data will be accessible/usable in a timely/reliable manner

Question 7

Baseline

Answer 7

documented lowest-level of security configuration allowed by a standard &/or organization

Question 8

Biometric

Answer 8

biological characteristics of individual. “something you are”. (e.g. fingerprint, iris scan)

Question 9

Bot

Answer 9

malicious code that can be controlled remotely

Question 10

Classified/Sensitive Information

Answer 10

protected information

Question 11

Confidentiality

Answer 11

principle of the CIA triad that sets the standard that data is not made available/disclosed to unauthorized people or processes

Question 12

Criticality

Answer 12

degree of importance/necessity of information &/or system

Question 13

Data Integrity

Answer 13

property that data has not been altered in an unauthorized manner (in storage, processing, &/or transit)

Question 14

Encryption

Answer 14

converting plaintext to ciphertext. “enciphering”

Question 15

GDPR

Answer 15

General Data Protection Regulation. EU legislation passed in 2016 that defines personal privacy as an individual human right regardless of nationally

Question 16

Governance

Answer 16

process of how an organization is managed & aspects of how decisions are made (including policies, roles, & procedures)

Question 17

HIPAA

Answer 17

Health Insurance Portability & Accountability Act. National standards of electronic healthcare transactions while protecting PHI

Question 18

Impact

Answer 18

magnitude of harm that could be caused by a threat exploiting a vulnerability

Question 19

Information Security Risk

Answer 19

potential adverse impacts to an organization’s operations, assets, individuals, etc

Question 20

Integrity

Answer 20

principle of the CIA triad that sets the standard that information maintained in a way that ensures completeness, accuracy, internal consistency, & usefulness

Question 21

ISO

Answer 21

International Organization of Standards. Sets voluntary international standards with the IEC & ITU

Question 22

IETF

Answer 22

Internet Engineering Task Force. Internet standards organization that defines protocol standards through collaboration

Question 23

Likelihood

Answer 23

probability of a threat using a vulnerability

Question 24

Likelihood of Occurrence

Answer 24

weighted probability of a threat using a vulnerability based on subjective analysis

Question 25

Multi-Factor Authentication

Answer 25

utilization of two (or more) distinct instances for identity verification (“something you know”, “something you have”, “something you are”)

Question 26

NIST

Answer 26

National Institutes of Standards & Technology. Part of the US Department of Commerce. Sets standards in IS within the Computer Security Resource Center of the Computer Security Divisions

Question 27

Non-Repudiation

Answer 27

inability to deny taking direction/action (i.e. logs are used to ensure non-repudiation)

Question 28

PII

Answer 28

Personally Identifiable Information. Any data that can distinguish/trace an individual’s identity

Question 29

Physical Controls

Answer 29

controls implemented through a tangible mechanism (e.g. walls, fences, guards, locks, etc)

Question 30

Privacy

Answer 30

right of an individual to control the distribution of information about themselves

Question 31

Probability

Answer 31

likelihood that threat will/can exploit a vulnerability

Question 32

PHI

Answer 32

Protected Health Information. PII that relates to health. (Covered by HIPAA)

Question 33

Qualitative Risk Analysis

Answer 33

method for risk analysis that is based on the assignment of descriptor (low, medium, high)

Question 34

Quantitative Risk Analysis

Answer 34

method for risk analysis where numerical values are assigned both impact & likelihood based on statistical probabilities & monetarized evaluation of loss/gain

Question 35

Risk

Answer 35

measure of the extent to which an entity is threatened by potential circumstance or event

Question 36

Risk Acceptance

Answer 36

potential benefits of business function outweighs the risk

Question 37

Risk Assessment

Answer 37

process of identifying/analyzing risks to organization. Part of Risk Management

Question 38

Risk Avoidance

Answer 38

potential impact/likelihood of risk outweighs benefits

Question 39

Risk Management

Answer 39

process of identifying, evaluating, and controlling threats (risk context/frame, assessment, treatment, monitoring)

Question 40

Risk Management Framework

Answer 40

structured approach used to oversee and manage risk for an enterprise

Question 41

Risk Mitigation

Answer 41

putting security controls to reduce possible risk

Question 42

Risk Tolerance

Answer 42

level of risk that is acceptable for desired result

Question 43

Risk Transferance

Answer 43

paying external party to accept financial impact

Question 44

Risk Treatment

Answer 44

determination of best way to address identified risk

Question 45

Security Controls

Answer 45

parameters implemented to protect various forms of data and infrastructure important to an organization. includes management, operation, and technical controls

Question 46

Sensitivity

Answer 46

measure of the importance assigned to information by its owner

Question 47

Single-Factor Authentication

Answer 47

use of 1/3 available factors for authentication (“something you know”, “something you have”, “something you are”)

Question 48

State

Answer 48

condition an entity is in at any point in time

Question 49

System Integrity

Answer 49

when systems perform its intended funtion

Question 50

Technical Controls

Answer 50

security controls (safeguards/countermeasures) for a information system that are primarily implemented and executed by IS through hardware, software/firmware

e.g firewalls

Question 51

Threat

Answer 51

circumstance/event with potential to negatively impact the organization

Question 52

Threat Actor

Answer 52

individual/group that attempts to exploit vulnerabilities

Question 53

Threat Vector

Answer 53

means by which a threat actor carries out their objectives

Question 54

Token

Answer 54

physical object a user possesses/controls used to authenticate a user’s identity (“something you have”)

Question 55

Vulnerability

Answer 55

weakness in an IS, system security procedures, internal controls, and implementation that could be exploited

Question 56

IEEE

Answer 56

Institute of Electrical & Electronics Engineers. Sets standards for telecommunications, computer engineering, and similar disciplines