Domain 2

Question 1

Breach

Answer 1

The loss of control, compromise, unauthorized disclosure, unauthorized acquisition or any similar occurrence where colon a person other than an authorized user accesses or potentially accesses personally identifiable information

Question 2

Business continuity

Answer 2

Actions processes and tools for ensuring an organization can continue critical operations during

Question 3

Business continuity plan or BCP

Answer 3

The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption

Question 4

Business impact analysis or

Answer 4

An analysis of an information systems requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant description

Question 5

Disaster Recovery or Dr

Answer 5

An information systems terms the activities necessary to restore it and communication services to an organization during an after an outage, disruption or disturbance of any kind or scale

Question 6

Disaster Recovery plan or DRP

Answer 6

The processes policies and procedures related to preparing for Recovery or continuation of an organization’s critical business functions technology infrastructure systems and applications after the organization experiences a disaster

Question 7

Event

Answer 7

Any observable occurrence in a network or system

Question 8

Exploit

Answer 8

A particular attack. It is named this way because these attacks exploit system vulnerabilities.

Question 9

Incident

Answer 9

An event that actually or potentially jeopardizes the confidentiality Integrity or availability of an information system

Question 10

Incident handling or incident response IR

Answer 10

The process of detecting and analyzing incidents to limit the incidence effect

Question 11

Incident response plan or IRP

Answer 11

The documentation of a predetermined set of instructions or procedures to detect, respond to and limit consequences of a malicious Cyber attack against an organization’s Information Systems

Question 12

Intrusion

Answer 12

A security event or a combination of security events that constitutes a security incident in which an intruder gains or attempts to gain, access to a system or system resource without authorization

Question 13

Security operations center

Answer 13

A centralized organizational function fulfilled by an information security team that monitors detects and analyzes events on the network or system to prevent and resolve issues before they result in business disruptions

Question 14

Vulnerability

Answer 14

Weakness in an information system system security procedures, internal controls or implementation that could be exploited or triggered by a threat source.

Question 15

Zero day

Answer 15

A previously unknown system vulnerability with the potential of exploitation without risk of detection or prevention because it does not, in general, fit recognize patterns, signatures or methods