Domain 1: SECURITY PRINCIPLES

Question 1

Data integrity

Answer 1

Property that has not been altered in an unauthorized manner

Question 2

Encryption

Answer 2

The process and act of converting the message from its plain text to ciphertext

Question 3

General data protection regulation

Answer 3

In 2016 the European Union passed comprehensive legislation that addresses personal privacy deeming it an individual human right

Question 4

Governance

Answer 4

The process of how an organization is managed

Question 5

Health insurance portability and accountability act or HIPAA

Answer 5

This US federal law is the most important Healthcare information regulation in the United States

Question 6

Impact

Answer 6

The magnitude of harm that could be caused by a threats exercise of a vulnerability

Question 7

Information security risk

Answer 7

The potential adverse effects to an organization’s operations including Mission functions image and reputation

Question 8

Integrity

Answer 8

The property of information whereby it is recorded used and maintained in a way that ensures it’s completely accuracy internal consistency and usefulness for a stated purpose

Question 9

International organization of standards or ISO

Answer 9

The iso develops voluntary International standards in collaboration with its Partners in international standardization

Question 10

Internet engineering task force ietf

Answer 10

The internet standards organization made up of network designers operators vendors and researchers that defines protocol standards through a process of collaboration and consensus

Question 11

Likelihood

Answer 11

The probability that a potential vulnerability may be exercised within the construct of the associated threat environment

Question 12

Likelihood of occurrence

Answer 12

A weighted Factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or set of vulnerabilities

Question 13

Multi-factor Authentication

Answer 13

Using two or more distinct instances of the three factors of authentication something you know something you have something you are for identity verification

Question 14

National Institutes of standards and technology or nist

Answer 14

The nist is part of the US Department of Commerce and addresses the measurement infrastructure within Science and Technology efforts in the US federal government

Question 15

Non repudiation

Answer 15

The inability to deny taking an action such as creating information approving information and sending or receiving a message

Question 16

Personally identifiable information

Answer 16

The National Institute of Standards and Technology nist defines personally identifiable information pii as any data that can distinguish or trace an individual’s identity

Question 17

Physical controls

Answer 17

Controls implemented through tangible mechanism examples include walls fences guards locks Etc

Question 18

Privacy

Answer 18

The right of an individual to control the distribution of information about themselves

Question 19

Probability

Answer 19

The chances or likelihood that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities

Question 20

Protected health information or Phi

Answer 20

Information regarding health status the provision of healthcare or payment for healthcare as defined in HIPAA

Question 21

Qualitative risk analysis

Answer 21

A method for risk analysis that is based on the assignment of a descriptor such as low medium or high

Question 22

Quantitative risk analysis

Answer 22

A method for risk analysis where numerical values are assigned to both impact and likelihood based on statistical probabilities and monetaryized valuation of loss or gain

Question 23

, risk

Answer 23

A measure of the extent to which any entity is threatened by a potential circumstance or event

Question 24

Risk acceptance

Answer 24

Determining that the potential benefits of a business function outweigh the possible risk or impact and Performing that business function with no other action

Question 25

Risk assessment

Answer 25

The process of identifying and analyzing risks to organizational operations including Mission functions image or reputation the analysis performed as part of risk management which incorporates threat and vulnerability analysis

Question 26

Risk avoidance

Answer 26

Determining that the impact and or likelihood of a specific risk is too great to be offset by the potential benefits and not performing a certain business function because of that determination

Question 27

Risk management

Answer 27

The process of identifying evaluating and controlling threats including all the phases of risk context or frame risk assessment risk treatment and risk monitoring

Question 28

Risk management framework

Answer 28

A structured approach used to oversee and manage risk for an Enterprise

Question 29

Risk mitigation

Answer 29

Putting security controls in place to reduce the possible impact and or likelihood of a specific risk

Question 30

Risk tolerance

Answer 30

The level of risk and entities willing to assume in order to achieve a potential desired result

Question 31

Risk transference

Answer 31

Paying an external party to accept the financial impact of a given risk

Question 32

Risk treatment

Answer 32

The determination of the best way to address and identified risk

Question 33

Security controls

Answer 33

The management operational and Technical controls prescribed for an information system to protect the confidentiality integrity and availability of the system and its information

Question 34

Sensitivity

Answer 34

A measure of the importance assigned to information by its owner for the purpose of denoting its need for protection

Question 35

Single Factor Authentication

Answer 35

Use of just one of the three available factors something you know something you have something you are to carry out the authentication process being requested

Question 36

State

Answer 36

The condition and entity is in at a point of time

Question 37

System integrity

Answer 37

The quality that a system has when it performs its intended function in an unimpaired manner free from unauthorized manipulation of the system whether intentional or accidental

Question 38

Technical controls

Answer 38

Security controls IE safeguards or countermeasures for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware software or firmware components of the system

Question 39

Threat

Answer 39

Any circumstance or event with the potential to adversely impact organizational operations including Mission functions image or reputational

Question 40

Threat actor

Answer 40

An individual or group that attempts to exploit vulnerabilities to cause or force a threat to occur

Question 41

Threat Vector

Answer 41

The means by which a threat actor carries out their objectives

Question 42

Token

Answer 42

A physical object a user possesses and controls that is used to authenticate the user’s identity

Question 43

Vulnerability

Answer 43

Weakness in an information system system security procedures internal controls or implementation that could be exploited by a threat source

Question 44

Institute of electrical and electronics engineers

Answer 44

IEEE is a professional organization that sets standards for telecommunications Computer Engineering and similar disciplines