Memorization

Question 1

Data Lifecycle

Answer 1

1. Create - classify
2. Store
3. Use
4. Share
5. Archive
6. Destroy

Question 2

Manage Data Life Cycle

Answer 2

1. Collection
2. Location
3. Maintenance
4. Retention
5. Remance
6. Destruction

Question 3

Cyber Kill Chain

Answer 3

Reconnaissance
Weaponization
Delivery
Exploit
Installation
Command & Control
Actions

Question 4

Incident Response

Answer 4

Preparation
Detection
Response
Mitigation / Containment
Reporting
Recovery
Remediation
Lessons Learned

Question 5

Software Delivery Life Cycle

Answer 5

Initiation
Requirements
Architecture / Design
Development
Testing
Release / Deployment
Operation
Disposal

Question 6

Common Criteria Evaluation Assurance Levels

Answer 6

Greatest to least assurance.

7 - Formally verified, designed, and tested
6 - Semi-formally verified, designed, and tested
5 - Semi-formally designed and tested
4 - Methodically designed, tested, and reviewed
3 - Methodically tested and checked
2 - Structurally tested
1 - Functionally tested

Question 7

ISC2 Code of Ethics Canons

Answer 7

1. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
2. Act honourably, honestly, justly, responsibly, and legally.
3. Provide diligent and competent service to principals.
4. Advance and protect the profession.

Question 8

ISC2 Code of Ethics Canons

Answer 8

1. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
2. Act honourably, honestly, justly, responsibly, and legally.
3. Provide diligent and competent service to principals.
4. Advance and protect the profession.

Question 9

Risk assessment or risk analysis

Answer 9

The examination of an environment for risks, evaluating each threat event as to its likelihood of occurring and the severity of the damage it would cause if it did occur, and assessing the cost of various countermeasures for each risk.

Question 10

Risk response

Answer 10

Evaluating countermeasures, safeguards, and security controls using a cost/benefit analysis; adjusting findings based on other conditions, concerns, priorities, and resources; and providing a proposal of response options in a report to senior management.

Question 11

Single Loss Expectancy (SLE)

Answer 11

SLE = Asset Value (AV) * Exposure Factor (EF)

SLE = $ * %

Question 12

Annualized Loss Expectancy (ALE)

Answer 12

ALE = Single Loss Expectancy (SLE) * annualized rate of occurrence (ARO)

or

ALE = AV * EF * ARO

Question 13

Cost / Benefit Equation

Answer 13

[ALE pre-safeguard – ALE post-safeguard] – annual cost of safeguard (ACS) = value of the safeguard to the company

Question 14

Risk Management Framework

Answer 14

Prepare
Categorize
Select
Implement
Assess
Authorize
Monitor

Question 15

STRIDE

Answer 15

Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service (DoS)
Elevation of privilege

Question 16

Process for Attach Simulation and Threat Analysis (PASTA)

Answer 16

Stage I: Definition of the Objectives (DO)
Stage II: Definition of the Technical Scope (DTS)
Stage III: Application Decomposition and Analysis (ADA)
Stage IV: Threat Analysis (TA)
Stage V: Weakness and Vulnerability Analysis (WVA)
Stage VI: Attack Modeling & Simulation (AMS)
Stage VII: Risk Analysis & Management (RAM)