ISC - Daily Cumulative Review Flashcards
Flashcards include concepts within daily (final review) cumulative 30 MCQ Exams that were answered wrong. The purpose is to keep the question so simple, one could theoretically study them while driving.
What conversion method implements a new system one at a time?
Phase
What is business impact analysis a part of?
Business continuity plan
What are the four components of NIST Special Publication 800-39?
Risk:
1. Framework
2. Assessment
3. Response
4. Monitoring
Define CIS Critical Security Control 12: Network infrastructure management?
Manage network devices to prevent exploitation of vulnerabilities.
What is Personal Identifiable Information (PII)?
Data that can be used to identify an individual.
What is the purpose of a company-wide Acceptable Use Policy (AUP)?
Control to regulate and protect technology
How does one ensure 3NF during data normalization?
Eliminate data that relies on both primary key and non-key attributes
What is tunneling in terms of a VPN?
Data or packets in one protocol are enclosed into packets of a different protocol.
What is the definition of an Acceptance Test?
Ensures that software works correctly in normal environment.
What are the steps of a business continuity plan for disaster recover?
- Assess risks
- Identify critical applications and data
- Develop plan for handling applications
- Determine responsibilities
- Test recovery plan
What is Recovery Time Objective (RTO)?
Max time it takes to restore operations
What is Recovery Point Objective (RPO)?
Max threshold for acceptable data loss
What are the 8 component’s of COSO ERM Framework?
- Internal environment
- Objective setting
- Event identification
- Risk assessment
- Risk response
- Control activities
- Information and communication
- Monitoring
Define the four tier’s under the NIST CSF?
4 (Adaptive) - Prioritization
3 (Repeatable) - Integration
2 (Risk-informed) - Awareness
1 (Partial) - Incident management
What should be done to CSOCs in the carve-out method?
Excluded from description of SO’s system.
Note: Should not exclude all references of the SoS
What is the point of a digital signature?
Authentication due to encryption
What is disaster recovery planning?
Ensure ability to restore and continue operations
What is the name of the cybersecurity threat where an IoT device is used as an entry point?
Escalated cyberattacks
What is system availability?
Recover from incident
What are some components of system availability?
Business resiliency, business continuity, system availability controls, crisis management, disaster recovery
What is the change management step, close loop verification?
Monitoring output, compare to wanted outcome, adjust
What are some general controls?
- Software acquisition and development
- Security management
- IT infrastructure
What is the main advantage of IaasS over Paas?
Control over:
• Operating system
• Firewalls
• Runtime
What are the four NIST Privacy Framework Core and their respective definitions?
Control - Management structure
Identify - Answers ‘what’?
Communicate - Dialogue
Govern - Best structure
