ISC Deck 1 - multi-unit

Question 1

Which CIS principle considers the security life cycle of software to prevent, detect and remediate security weaknesses?

Answer 1

Application software security

Question 2

Which regulatory framework empasizes explicit informed consent from individuals for data processing activities?

Answer 2

GDPR

Question 3

What does HIPAA’s security rule require of covered entities?

Answer 3

Ensure the confidentiality, integrity and availability of all e-PHI they create, receive, maintain, or transmit.

Question 4

The 6 COBIT 2019 governance system framework principles

Answer 4

1. Meet stakeholder needs
2. holistic approach
3. dynamic governance system
4. distinct governance from mgmt
5. tailored to enterprise needs
6. end to end governance system

Question 5

What is Domain integrity?

Answer 5

The integrity constraint that ensures valid entries for a given column through data type restrictions.

Question 6

What is the purpose of Boyce Codd normal form (BCNF) in the context of database design?

Answer 6

To prevent specific types of anomalies beyond the third normal form (3NF).

Question 7

As defined in NIST SP 800-53 when should the risk management strategy exist?

Answer 7

It should exist at the organizational level to address concerns about assessments and determination of risk, security, and privacy requirements.

Question 8

What SQL command is used to delete an existing table and all of its data?

Answer 8

DROP table

Question 9

According to NIST SP 800-53 which organizational responsibility includes the consideration of requirements for security and privacy in light of organizational risks?

Answer 9

Risk management strategy

Question 10

What is the purpose of an event in a business process model and notation diagram (BPMN)?

Answer 10

To indicate the flow of the process

Question 11

Using profiles, the NIST Cybersecurity Framework assists an organization to align and prioritize its cybersecurity activities with each of the following:

Answer 11

1) business/mission requirements
2) risk tolerances
3) resources
NOT capability levels

Question 12

What does a gateway represent in a business process model and notation diagram?

Answer 12

A decision point

Question 13

Which of the NIST Privacy Framework functions is considered foundational for effecive use of the framework?

Answer 13

Identify-P

Question 14

What is the purpose of a feedback loop in data integration process?

Answer 14

It allows for continuous improvement based on user input

Question 15

Which GDPR principle is associated with controlling data?

Answer 15

Accountability

Question 16

Describe the snowflake schema in data warehousing

Answer 16

It eliminates data redundancy in dimension tables by normalizing them, extending the star shape into a web resembling a snowflake.

Question 17

Which of the following NIST Privacy Framework Core functions focuses on understanding organizational risk tolerance?

Answer 17

Govern-P

Question 18

Which SQL command is used to create a new table in a database?

Answer 18

CREATE table

Question 19

Which of the following PCI DSS requirements includes the identification, evaluation, and management of risks to cardholder data?

Answer 19

Maintain an information security policy

Question 20

The 8 privacy rights of a data subject specifically acknowledged in GDPR include each of the following

Answer 20

1) the right to be informed
2) the right of access
3) the right to rectification
4) the right to erasure
5) the right to restrict processing
6) the right to data portability
7) the right to object
8) rights in relation to automated decision-making and profiling

Question 21

Which organizational responsibility defined in NIST SP 800-53 includes the consideration of continuous monitoring of information systems to determine ongoing effectiveness of controls, changes in information systems, and the state of security organization-wide?

Answer 21

Management of security and privacy risk

Question 22

What is the primary purpose of a database management system (DBMS) in the context of IT systems?

Answer 22

Providing a systematic and efficient way of managing and accessing data

Question 23

What is threat modeling?

Answer 23

Threat modeling is a form of risk assessment that analyzes aspects of the attack and defense sides of a logical entity, such as a piece of data, an application, a host, a system, or an environment.

Question 24

What is a difference between mirroring and replicating?

Answer 24

Mirroring involves two copies of a single database, typically residing on two separate machines, to prevent a single machine failure from causing data loss. Replication is performed on different databases or data objects.

Question 25

At what stage of a cyberattack is the perpetrator capable of preparing and delivering the attack?

Answer 25

Network exploitation

Question 26

Which of the following PCI DSS requirements includes the identification, evaluation, and management of risks to cardholder data?

Answer 26

Maintain an information security policy.