ISC S1

Question 1

What is the definition of Control 1: Inventory and Control of Enterprise Assets?

Answer 1

Track and manage all IT assets.

Question 2

What is the definition of Control 2: Inventory and control of Software assets?

Answer 2

Allow authorized software.

Question 3

What is the definition of Control 3: Data Protection?

Answer 3

Manage data life cycle.

Question 4

What is the definition of Control 4: Secure Configuration of Assets and Software?

Answer 4

Secure configuation.

Question 5

What is the definition of Control 5: Account Management?

Answer 5

Authorization for credentials.

Question 6

What is the definition of Control 6: Access Control Management?.

Answer 6

Manage access credentials.

Question 7

What is the definition of Control 7: Continuous Vulnerability Management?

Answer 7

Identify & track vulnerabilities/weak points.

Question 8

What is the definition of Control 8: Audit Log Management?

Answer 8

Recover from attacks.

Question 9

What is the definition of Control 9: Email and Web Browser Protection?

Answer 9

Protect & detect from Email and Web.

Question 10

What is the definition of Control 10: Malware Defense?

Answer 10

Prevent or control bad software.

Question 11

What is the definition of Control 11: Data Recovery?

Answer 11

Restore data pre-incident.

Question 12

What is the definition of Control 12: Network Infrastructure Management?

Answer 12

Prevent attacks in vulnerable points.

Question 13

What is the definition of Control 13: Network Monitoring and Defense?

Answer 13

Establish defense as security measure.

Question 14

What is the definition of Control 14: Security Awareness and Skill Training?

Answer 14

Security mindset.

Question 15

What is the definition of Control 15: Service Provider Management?

Answer 15

Competency in service providers.

Question 16

What is the definition of Control 16: Software Security?

Answer 16

Implement before it’s needed.

Question 17

What is the definition of Control 17: Incident Response Management?

Answer 17

Detect and response to attacks.

Question 18

What is the definition of Control 18: Penetration Testing?

Answer 18

Simulate attacker to exploit vulnerabilities.

Question 19

What are the objectives of the COBIT core model Evaluate, Direct and Monitor (EDM)?

Answer 19

Ensure:
1. Governance framework
2. Benefit delivery
3. Risk optimization
4. Resource optimizations
4. Stakeholder engagement

Question 20

What are some of the 14 objectives of the COBIT core model Align, Plan, and Organize (APO)

Answer 20

Manage:
1. Strategy
2. Innovation
3. Portfolio
4. Risk
5. Data

Question 21

What are the objectives of the COBIT core model Build, Acquire, and Implement (BAI)?

Question 22

What are the objectives of the COBIT core model Deliver, Service, Support (DSS)?

Answer 22

Manage:
1. Operations
2. Service and incidents
3. Problems
4. Continuity
5. Security services
6. Business controls

Question 23

What are the objectives of the COBIT core model Monitor, Evaluate, and Assess (MEA)?