Domain 6

Question 1

Artifact

Answer 1

A piece of evidence, such as text or a reference to a resource, that is submitted to support a response to a question.

Question 2

Assessment

Answer 2

The testing or evaluation of the controls in an information system or an organization to determine the extent to which the controls are implemented correctly, operating as intended and producing the desired outcome with respect to meeting the security or privacy requirements for the system or the organization.

Question 3

Audit/Auditing

Answer 3

The process of reviewing a system for compliance against a standard or baseline. Examples include audits of security controls, configuration baselines and financial records. Can be formal and independent, or informal using internal staff.

Question 4

Chaos Engineering

Answer 4

The discipline of experimenting on a software system in production in order to build confidence in the system’s capability to withstand turbulent and unexpected conditions.

Question 5

Compliance Calendar

Answer 5

A calendar that tracks an organization’s audits, assessment, required filings, their due dates and related details.

Question 6

Compliance Tests

Answer 6

An evaluation that provides assurance an organization’s controls are being applied in accordance with management policies and procedures.

Question 7

Ethical Penetration Testing, Penetration Testing

Answer 7

A security testing and assessment method in which testers actively attempt to circumvent or defeat the security features of a system. Ethical penetration testing is constrained, typically by contracts, to stay within specified rules of engagement (RoE).

Question 8

Examination

Answer 8

The process of reviewing, inspecting, observing, studying or analyzing one or more assessment objects (i.e., specifications, mechanisms or activities). The purpose of the examine method is to facilitate assessor understanding, achieve clarification or obtain evidence.

Question 9

Finding(s)

Answer 9

Assessment results produced by the application of an assessment procedure to a security control or control enhancement to achieve an assessment objective.

Question 10

Interview(s)

Answer 10

As a systems assessment technique, the process of holding discussions with individuals or groups of individuals within an organization to facilitate assessor understanding, achieve clarification or obtain evidence.

Question 11

Judgmental Sampling

Answer 11

Also called purposive sampling or authoritative sampling, it is a non- probability sampling technique in which the sample members are chosen only on the basis of the researcher’s knowledge and judgment.

Question 12

Misuse Case Testing

Answer 12

Testing strategy and technique from the point of view of an actor hostile to the system, using deliberately chosen sets of actions, which could lead to systems integrity failures, malfunctions or other security or safety compromises.

Question 13

Plan of Action and Milestones (POA&M)

Answer 13

A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones for meeting the tasks and scheduled milestone completion dates.

Question 14

Rules of Engagement (RoE)

Answer 14

A set of rules, constraints, boundaries or conditions that establish limits on what participants in an activity may or may not do. Ethical penetration testing, for example, uses RoE to define the scope of the testing to be done and to establish liability limitations for both the testers and the sponsoring organization or systems owners.

Question 15

Statistical Sampling

Answer 15

Statistical sampling is the process of selecting subsets of examples from a population with the objective of estimating properties of the total population.

Question 16

Substantive Test

Answer 16

The testing technique used by an auditor to obtain the audit evidence in order to support auditor opinion.

Question 17

Testing

Answer 17

The process of exercising one or more assessment objects (i.e., activities or mechanisms) under specified conditions to compare actual with expected behavior.

Question 18

Trust Services Criteria (TSC)

Answer 18

The criteria used by an auditor when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the entity.

Question 19

Full Backup

Answer 19

Copies the entire system to backup media.

Question 20

Hackback

Answer 20

Actions taken by a victim of hacking to compromise the systems of the alleged attacker.

Question 21

Hardening

Answer 21

A reference to the process of applying secure configurations (to reduce the attack surface) and locking down various hardware, communications systems and software, including operating system, web server, application server, application. Hardening is normally performed based on industry guidelines and benchmarks such as those provided by the Center for Internet Security (CIS).

Question 22

Heuristics

Answer 22

A method of machine learning, which identifies patterns of acceptable activity so that deviations from the patterns will be identified.

Question 23

Honeypots/ Honeynets

Answer 23

Machines that exist on the network, but do not contain sensitive or valuable data; they are meant to distract and occupy malicious attackers or unauthorized intruders, as a means of delaying their attempts to access production data/assets. A number of machines of this kind, linked together a network or subnet, are referred to as a honeynet.

Question 24

Hot Site

Answer 24

A fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption.

Question 25

Incident

Answer 25

An event which actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits.

Question 26

Incident Response

Answer 26

The mitigation of violations of security policies and recommended practices.

Question 27

Indicator

Answer 27

A technical artifact or observable occurrence that suggests an attack is imminent or is currently underway, or that a compromise may have already occurred.

Question 28

Indicators of Compromise (IoC)

Answer 28

A signal that an intrusion, malware or other predefined hostile or hazardous set of events is occurring or has occurred.

Question 29

Information Security Continuous Monitoring (ISCM)

Answer 29

Maintaining ongoing awareness of information security, vulnerabilities and threats to support organizational risk management decisions. [Note: The terms “continuous” and “ongoing” in this context mean that security controls and organizational risks are assessed and analyzed at a frequency to systems, networks and cyberspace, by assessing security control implementation and organizational security status in accordance with organizational risk tolerance, and within a reporting structure designed to make real-time, data-driven risk management decisions. sufficient to support risk-based security decisions to adequately protect organization information.] Ongoing monitoring sufficient to ensure and assure effectiveness of security controls related

Question 30

Information Sharing and Analysis Center (ISAC)

Answer 30

Any entity or collaboration created or employed by public- or private-sector organizations, for purposes of gathering and analyzing critical cyber and related information in order to better understand security problems and interdependencies related to cyber systems, to ensure their availability, integrity and reliability.

Question 31

Intrusion

Answer 31

A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without having authorization to do so.

Question 32

Intrusion Detection System (IDS)

Answer 32

A security service that monitors and analyzes network or system events for the purpose of finding and providing real time or near real-time warning of, attempts to access system resources in an unauthorized manner.

Question 33

Intrusion Prevention Systems (IPS)

Answer 33

A security service that uses available information to determine if an attack is underway; it then sends alerts, but also blocks the attack from reaching its intended target.

Question 34

Log

Answer 34

A record of actions and events that have taken place on a computer system.

Question 35

Patch

Answer 35

A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.

Question 36

Patch Management

Answer 36

The systematic notification, identification, deployment, installation and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes and service packs.

Question 37

Precursor(s)

Answer 37

Signals from events that suggest a possible change of conditions (internal or external to the organization) may alter the current threat landscape. An increase in tensions in the local political or social environment, or complaints or grievances by employees or customers going viral in social media, are examples of precursors.

Question 38

Provisioning

Answer 38

Taking a particular configuration baseline, making additional or modified copies of it, then taking steps as necessary to properly place those copies into the environments they should belong in.

Question 39

Ransom Attack

Answer 39

Any form of attack, which threatens the destruction, denial or unauthorized public release or remarketing of private information assets. Usually involves encrypting these assets and withholding the decryption key until the ransom is paid by the victim.

Question 40

Ransomware

Answer 40

Malware used for the purpose of facilitating a ransom attack.

Question 41

Recovery

Answer 41

The process of jointly addressing business resiliency and restoration of critical infrastructure and functionality after a disruption.

Question 42

Regression Testing

Answer 42

Testing of a system to ascertain whether recently approved modifications have changed its performance of other approved functions or has introduced other unauthorized behaviors.

Question 43

Remediation

Answer 43

Changes to a system’s configuration to immediately limit or reduce the chance of reoccurrence of an incident. This might include updating the sensitivities, thresholds or alarm settings on any number of security controls, or instituting a rapid reset of access controls information such as passwords and security challenge responses.

Question 44

Request for Change (RFC)

Answer 44

The documentation of a proposed change in support of change management activities.

Question 45

Root Cause Analysis

Answer 45

A principle-based, systems approach for the identification of underlying causes associated with a particular set of risks or incidents.

Question 46

Sandbox

Answer 46

A testing environment that is logically, physically or virtually isolated from other environments, and in which applications or systems can be evaluated. Sandboxes can be used as part of development, integration or acceptance testing (so as to not interact with the production environments), as part of malware screening, or as part of a honeynet.

Question 47

Threat Intelligence

Answer 47

Threat information that has been aggregated, transformed, analyzed, interpreted or enriched to provide the necessary context for decision-making processes.

Question 48

User and Entity Behavior Analytics (UEBA)

Answer 48

Analysis of behaviors and activities of human and nonhuman users, and of the software and hardware entities associated with those users and activities, as a way of detecting inappropriate or unauthorized activity, including fraud detection, malware and insider attacks.

Question 49

Vulnerability Management

Answer 49

The activities necessary to identify, assess, prioritize and remediate information system weaknesses.