Domain 2

Question 1

Adverse Events

Answer 1

events with negative consequences

Question 2

Breach

Answer 2

when an entity who is unauthorized accesses PII

Question 3

Business Continuity

Answer 3

actions, processes, & tools for ensuring organization can continue critical operations

Question 4

Business Continuity Plan

Answer 4

documentation of predetermined instructions/procedures to ensure Business Continuity

Question 5

Business Impact Analysis

Answer 5

analysis of IS requirements, function, & interdependencies to determine continuity requirements

Question 6

Disaster Recovery

Answer 6

in IS terms, necessary actions to restore IT/communications to a company (follows after Incident Response/Handling)

Question 7

Disaster Recovery Plan

Answer 7

processes, policy, and procedures for recovery/continuity

Question 8

Event

Answer 8

observable occurrence in a network/system

Question 9

Exploit

Answer 9

particular attack that attacks specific vulnerabilities

Question 10

Incident

Answer 10

event that (actually/potentially) jeopardizes CIA of a IS or data within IS

Question 11

Incident Handling/Response

Answer 11

process of detecting/analyzing incidents to limit its effect

Question 12

Incident Response Plan

Answer 12

documentation of predetermined set of instructions/procedures to respond to/limit effects of malicious cyberattack

Question 13

Instrusion

Answer 13

unauthorized access to system/system resource

Question 14

SOC

Answer 14

Security Operations Center. Information security team that monitors, detects, and analyzing events to prevent/resolve issues before disruptions

Question 15

Vulnerability

Answer 15

weakness in IS, security procedures, internal controls, or implementation that can be exploited/triggered

Question 16

Zero Day

Answer 16

previously unknown system vulnerability with potential of exploitation without detection/prevention because it does not fit recognized patterns, signatures, or methods (tech equivalent of “Patient 0”)