ISC Deck 1 - multi-unit Flashcards
Which CIS principle considers the security life cycle of software to prevent, detect and remediate security weaknesses?
Application software security
Which regulatory framework empasizes explicit informed consent from individuals for data processing activities?
GDPR
What does HIPAA’s security rule require of covered entities?
Ensure the confidentiality, integrity and availability of all e-PHI they create, receive, maintain, or transmit.
The 6 COBIT 2019 governance system framework principles
- Meet stakeholder needs
- holistic approach
- dynamic governance system
- distinct governance from mgmt
- tailored to enterprise needs
- end to end governance system
What is Domain integrity?
The integrity constraint that ensures valid entries for a given column through data type restrictions.
What is the purpose of Boyce Codd normal form (BCNF) in the context of database design?
To prevent specific types of anomalies beyond the third normal form (3NF).
As defined in NIST SP 800-53 when should the risk management strategy exist?
It should exist at the organizational level to address concerns about assessments and determination of risk, security, and privacy requirements.
What SQL command is used to delete an existing table and all of its data?
DROP table
According to NIST SP 800-53 which organizational responsibility includes the consideration of requirements for security and privacy in light of organizational risks?
Risk management strategy
What is the purpose of an event in a business process model and notation diagram (BPMN)?
To indicate the flow of the process
Using profiles, the NIST Cybersecurity Framework assists an organization to align and prioritize its cybersecurity activities with each of the following:
1) business/mission requirements
2) risk tolerances
3) resources
NOT capability levels
What does a gateway represent in a business process model and notation diagram?
A decision point
Which of the NIST Privacy Framework functions is considered foundational for effecive use of the framework?
Identify-P
What is the purpose of a feedback loop in data integration process?
It allows for continuous improvement based on user input
Which GDPR principle is associated with controlling data?
Accountability
Describe the snowflake schema in data warehousing
It eliminates data redundancy in dimension tables by normalizing them, extending the star shape into a web resembling a snowflake.
Which of the following NIST Privacy Framework Core functions focuses on understanding organizational risk tolerance?
Govern-P
Which SQL command is used to create a new table in a database?
CREATE table
Which of the following PCI DSS requirements includes the identification, evaluation, and management of risks to cardholder data?
Maintain an information security policy
The 8 privacy rights of a data subject specifically acknowledged in GDPR include each of the following
1) the right to be informed
2) the right of access
3) the right to rectification
4) the right to erasure
5) the right to restrict processing
6) the right to data portability
7) the right to object
8) rights in relation to automated decision-making and profiling
Which organizational responsibility defined in NIST SP 800-53 includes the consideration of continuous monitoring of information systems to determine ongoing effectiveness of controls, changes in information systems, and the state of security organization-wide?
Management of security and privacy risk
What is the primary purpose of a database management system (DBMS) in the context of IT systems?
Providing a systematic and efficient way of managing and accessing data
What is threat modeling?
Threat modeling is a form of risk assessment that analyzes aspects of the attack and defense sides of a logical entity, such as a piece of data, an application, a host, a system, or an environment.
What is a difference between mirroring and replicating?
Mirroring involves two copies of a single database, typically residing on two separate machines, to prevent a single machine failure from causing data loss. Replication is performed on different databases or data objects.
At what stage of a cyberattack is the perpetrator capable of preparing and delivering the attack?
Network exploitation
Which of the following PCI DSS requirements includes the identification, evaluation, and management of risks to cardholder data?
Maintain an information security policy.
