Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CySA+ > Practice Tests - Chapter 4: Reporting and Communication > Flashcards

Practice Tests - Chapter 4: Reporting and Communication Flashcards

1
Q

4- Ben is preparing to conduct a vulnerability scan for a new client of his security consulting organization. Which one of the following steps should Ben perform first?

  • Conduct penetration testing.
  • Run a vulnerability evaluation scan.
  • Run a discovery scan.
  • Obtain permission for the scans.
A

Obtain permission for the scans.

Ben should obtain permission from the client to perform scans before engaging in any other activities. Failure to do so may violate the law and/or anger the client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

6- Grace ran a vulnerability scan and detected an urgent vulnerability in a public‐facing web server. This vulnerability is easily exploitable and could result in the complete compromise of the server. Grace wants to follow best practices regarding change control while also mitigating this threat as quickly as possible. What would be Grace’s best course of action?

  • Initiate a high‐priority change through her organization’s change management process and wait for the change to be approved.
  • Implement a fix immediately and document the change after the fact.
  • Schedule a change for the next quarterly patch cycle.
  • Initiate a standard change through her organization’s change management process.
A

Implement a fix immediately and document the change after the fact.

In this situation, Grace is facing a true emergency. Her web server has a critical vulnerability that is exposed to the outside world and may be easily exploited. Grace should correct the issue immediately, informing all relevant stakeholders of the actions that she is taking. She can then follow up by documenting the change as an emergency action in her organization’s change management process. All of the other approaches in this question introduce an unacceptable delay.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

9- Gene runs a vulnerability scan of his organization’s datacenter and produces a summary report to share with his management team. The report includes the chart shown here. When Gene’s manager reads the report, she points out that the report is burying important details because it is highlighting too many unimportant issues. What should Gene do to resolve this issue?

(look up diagram in book)

  • Tell his manager that all vulnerabilities are important and should appear on the report.
  • Create a revised version of the chart using Excel.
  • Modify the sensitivity level of the scan.
  • Stop sharing reports with the management team.
A

Modify the sensitivity level of the scan.

Gene’s best option is to alter the sensitivity level of the scan so that it excludes low‐importance vulnerabilities. The fact that his manager is telling him that many of the details are unimportant is his cue that the report contains superfluous information. Although he could edit the chart manually, he should instead alter the scan settings so that he does not need to make those manual edits each time he runs the report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DRP

A

Disaster Recovery Plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

BIA

A

Business Impact Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

12- Zhang Wei is evaluating the success of his vulnerability management program and would like to include some metrics. Which one of the following would be the least useful metric?

  • Time to resolve critical vulnerabilities
  • Number of open critical vulnerabilities over time
  • Total number of vulnerabilities reported
  • Number of systems containing critical vulnerabilities
A

Total number of vulnerabilities reported

Zhang Wei should likely focus his efforts on high‐priority vulnerabilities, as vulnerability scanners will report results for almost any system scanned. The time to resolve critical vulnerabilities, the number of open critical vulnerabilities over time, and the number of systems containing critical vulnerabilities are all useful metrics. The total number of reported vulnerabilities is less useful because it does not include any severity information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

14- Abdul received the vulnerability report shown here for a server in his organization. The server runs a legacy application that cannot easily be updated. What risks does this vulnerability present?

(look up diagram in book)

  • Unauthorized access to files stored on the server
  • Theft of credentials
  • Eavesdropping on communications
  • All of the above
A

All of the above

The use of FTP is not considered a good security practice. Unless tunneled through a secure protocol, FTP is unencrypted, allowing an attacker to eavesdrop on communications and steal credentials that may be transmitted over FTP links. Additionally, this vulnerability indicates that an attacker can gain access to the server without even providing valid credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

BPA

A

business partnership agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

16- Raul is replacing his organization’s existing vulnerability scanner with a new product that will fulfill that functionality moving forward. As Raul begins to build the policy, he notices some conflicts in the scanning settings between different documents. Which one of the following document sources should Raul give the highest priority when resolving these conflicts?

  • NIST guidance documents
  • Vendor best practices
  • Corporate policy
  • Configuration settings from the prior system
A

Corporate policy

Of the documents listed, only corporate policy is binding on Raul, and he should ensure that his new system’s configuration complies with those requirements. The other sources may provide valuable information to inform Raul’s work, but compliance with them is not mandatory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

20- Maria discovered an operating system vulnerability on a system on her network. After tracing the IP address, she discovered that the vulnerability is on a proprietary search appliance installed on her network. She consulted with the responsible engineer who informed her that he has no access to the underlying operating system. What is the best course of action for Maria?

  • Contact the vendor to obtain a patch.
  • Try to gain access to the underlying operating system and install the patch.
  • Mark the vulnerability as a false positive.
  • Wait 30 days and rerun the scan to see whether the vendor corrected the vulnerability.
A

Contact the vendor to obtain a patch.

Maria should contact the vendor to determine whether a patch is available for the appliance. She should not attempt to modify the appliance herself, as this may cause operational issues. Maria has no evidence to indicate that this is a false positive report, and there is no reason to wait 30 days to see whether the problem resolves itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

22- Thomas discovers a vulnerability in a web application that is part of a proprietary system developed by a third‐party vendor, and he does not have access to the source code. Which one of the following actions can he take to mitigate the vulnerability without involving the vendor?

  • Apply a patch.
  • Update the source code.
  • Deploy a web application firewall.
  • Conduct dynamic testing.
A

Deploy a web application firewall.

Thomas can deploy a web application firewall to block attempts to exploit the vulnerability. Applying a patch or updating the source code may also resolve the issue, but Thomas cannot do this himself because he does not have access to the source code. Dynamic testing identifies vulnerabilities but does not correct them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

24- The company that Brian works for processes credit cards and is required to be compliant with PCI DSS. If Brian’s company experiences a breach of card data, what type of disclosure will they be required to provide?

  • Notification to local law enforcement
  • Notification to their acquiring bank
  • Notification to federal law enforcement
  • Notification to Visa and MasterCard
A

Notification to their acquiring bank

Organizations that process credit cards work with acquiring banks to handle their card processing, rather than directly with the card providers. Notification to the bank is part of this type of response effort. Requiring notification of law enforcement is unlikely, and the card provider listing specifies only two of the major card vendors, none of which are specified in the question.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

25- As Lauren prepares her organization’s security practices and policies, she wants to address as many threat vectors as she can using an awareness program. Which of the following threats can be most effectively dealt with via awareness?

  • Attrition
  • Impersonation
  • Improper usage
  • Web
A

Improper usage

Improper usage, which results from violations of an organization’s acceptable use policies by authorized users, can be reduced by implementing a strong awareness program. This will help ensure users know what they are permitted to do and what is prohibited. Attrition attacks focus on brute‐force methods of attacking services. Impersonation attacks include spoofing, man‐in‐the‐middle attacks, and similar threats. Finally, web‐based attacks focus on websites or web applications. Awareness may help with some specific web‐based attacks like fake login sites, but many others would not be limited by Lauren’s awareness efforts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Attrition Attacks

A

focus on brute‐force methods of attacking services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Impersonation attacks

A

include spoofing, man‐in‐the‐middle attacks, and similar threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

26- Laura wants to ensure that her team can communicate during an incident. Which of the following should the team prepare to be ready for an incident?

  • A second, enterprise authenticated messaging system
  • An enterprise VoIP system using encryption
  • Enterprise email with TLS enabled
  • A messaging capability that can function if enterprise authentication is unavailable
A

A messaging capability that can function if enterprise authentication is unavailable

A distinct messaging system that can work if enterprise services are unavailable due to an incident can be a critical factor for IR teams. Whether it’s a phone tree, a collaboration system that also allows distinct logins that are not part of enterprise authentication, or another solution, IR teams often need a system that is separate during wide‐ranging incidents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

29- NIST SP 800‐61 identifies six outside parties that an incident response team will typically communicate with. Which of the following is not one of those parties?

  • Customers, constituents, and media
  • Internet service providers
  • Law enforcement agencies
  • Legal counsel
A

Legal counsel

NIST identifies customers, constituents, media, other incident response teams, Internet service providers, incident reporters, law enforcement agencies, and software and support vendors as outside parties that an IR team will communicate with.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

NIST SP 800‐61 identifies six outside parties that an incident response team will typically communicate with. Who?

A
  • customers, constituents, media,
  • other incident response teams,
  • Internet service providers
  • incident reporters,
  • law enforcement agencies
  • software and support vendors
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

30- Ben works at a U.S. federal agency that has experienced a data breach. Under FISMA, which organization does he have to report this incident to?

  • US‐CERT
  • The National Cyber Security Authority
  • The National Cyber Security Centre
  • CERT/CC
A

US‐CERT

FISMA requires that U.S. federal agencies report incidents to US‐CERT. CERT/CC is the coordination center of the Software Engineering Institute and researches software and Internet security flaws as well as works to improve software and Internet security. The National Cyber Security Authority is Israel’s CERT, whereas the National Cyber Security Centre is the UK’s CERT.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

33- Craig is revising his organization’s incident response plan and wants to ensure that the plan includes coordination with all relevant internal and external entities. Which one of the following stakeholders should he be most cautious about coordinating with?

  • Regulatory bodies
  • Senior leadership
  • Legal
  • Human resources
A

Regulatory bodies

All of these stakeholders should be included in the planning for an incident response program. However, Craig should be most careful about coordinating with external entities, such as regulatory bodies, because of their enforcement role. He should plan to coordinate more freely with internal entities, such as senior leadership, legal, and human resources.

21
Q

34- The vulnerability management action plan that was sent to Jacinda notes that a critical application that her organization uses relies on an insecure version of a software package because of a long‐standing workflow requirement. Jacinda’s organization’s best practices state that the organization will select the most secure option that also permits business to be conducted. What should Jacinda do?

  • Mark the vulnerability as “ignored.”
  • Change the business requirements to enable the vulnerability to be handled.
  • Disable the service.
  • Install a third‐party patch for the service.
A

Change the business requirements to enable the vulnerability to be handled.

Jacinda knows that reviewing business processes to see if they can be changed to use a secure version of the software package may require some business process changes but is often a possible solution. Ignoring the vulnerability isn’t secure, turning off the service will disrupt the business itself, and third party patches rarely exist and are seldom a preferred solution.

22
Q

37- Jason is required to notify the company that provides credit card processing services to his organization if an incident impacting credit card data occurs. What type of communications does he need to perform?

  • Regulatory reporting
  • Customer communications
  • Law enforcement communications
  • None of the above
A

None of the above

Payment card industry requirements contractual, not regulatory. Jason’s organization is the customer, and law enforcement communication is not required by PCI.

23
Q

41- The incident response report that Brian is reading includes a statement that says “Impacted systems were limited to those in the organization’s AWS VPC.” What part of an incident response report will typically contain this type of information?

  • The timeline
  • The evidence statement
  • The impact statement
  • The scope statement
A

The scope statement

Scope statements are used to explain and define which systems, services, or infrastructure components were part of an incident. Timelines are used to show when events occurred in relation to each other. Evidence is provided as part of a report to show what was found and how it was interpreted. Impact statements describe what the incident’s results or outcome was for the organization.

24
Q

42- Nila’s incident response team has discovered evidence of an employee who may have been engaged in criminal activity while they were conducting an incident investigation. The team has suggested that law enforcement should be contacted. What significant concern should Nila raise about this potential communication?

  • Law enforcement can’t enforce organizational policy.
  • Law enforcement engagement may hinder the organization’s ability to respond or operate.
  • Law enforcement involvement may create communications issues.
  • Law enforcement may arrest a critical employee.
A

Law enforcement engagement may hinder the organization’s ability to respond or operate.

Since the violation is only an organizational policy, Nila should note that law enforcement engagement may hinder the organization’s ability to respond or operate. Law enforcement isn’t being asked to enforce organizational policy, the more pressing issue is interruption of business instead of communications issues, and if the employee violated the law an arrest may happen anyway.

25
Q

43- Sameer wants to establish and track a metric for his organization that will help him know if his IoC monitoring processes are working well. Which of the following metrics is best suited to determining if IoCs are being effectively captured and analyzed?

  • Mean time to detect
  • Mean time to respond
  • Mean time to remediate
  • Mean time to compromise
A

Mean time to detect

Sameer knows that mean time to detect should be lower if IoCs are being effectively captured, correlated, and analyzed. Mean time to respond measures the time from detection to assessing the event as an incident and activating the process. Mean time to remediate is a much more complex measure to provide a metric for since each incident’s size, scope, and complexity will all influence the mean time to remediate. This metric requires more nuanced communication and explanation than a simple number on a report in many cases and may benefit from granular reporting describing types of incidents as well as their impact and scope. Mean time to compromise is not a metric defenders will typically track.

26
Q

44- Sameer is continuing to improve his metrics to report to his organization’s board of directors. The board has requested that he include alert volumes in his reporting. What issue should Sameer discuss with the board after receiving this request?

  • High‐alert volumes indicate poor incident response processes.
  • Low‐alert volumes indicate effective incident response processes.
  • Alert volume is not an effective security metric.
  • Alert volume requires other measures like number of patches installed to be an effective security metric.
A

Alert volume is not an effective security metric.

Alert volume is not an effective security metric because it is highly impacted by tuning as well as external factors like the number of probes and attacks. High‐alert volumes don’t indicate a poor incident response process but may indicate poor tuning or a high number of events. Low‐alert volumes may similarly indicate poor tuning or events that are not being detected. Correlating the number of patches with alert volume does not produce a useful metric.

27
Q

51- What information is typically included in a list of affected hosts in a vulnerability management report?

  • Hostname and IP address
  • IP address and MAC address
  • Hostname and MAC address
  • Hostname and subnet mask
A

Hostname and IP address

The hostname and IP address are commonly used to identify each vulnerable host in a vulnerability report. The hardware (MAC) address is not typically listed, and subnet masks are also not typically listed.

28
Q

Hannah wants to establish a metric that will help her organization determine if their response process completes in a timely manner. Which common metric should she select to help assess this?

  • Mean time to detect
  • Mean time to report
  • Mean time to respond
  • Mean time to remediate
A

Mean time to remediate

Assessing whether incidents are remediated in a timely manner can help Hannah determine if IR completion is happening in a timely manner since remediation is the last nonreporting stage in the process and reporting is not typically a process where time to complete is critical to an organization.

29
Q

54- Gurvinder wants to consider impact metrics like the integrity impact, availability impact, and compatibility impact of a vulnerability that is scored using CVSS. What metric group includes this information?

  • Basic
  • Environmental
  • Temporal
  • Residual
A

Basic

The Basic Metric Group for CVSS includes both exploitability metrics and impact metrics. The impact metric is made up of components covering compatibility, integrity, and availability impact as well as scope.

30
Q

55- Which of the following is not a type of stakeholder that will frequently need to understand an organization’s overall vulnerability stance or status?

  • Security practitioners
  • Legal counsel
  • Auditors
  • Compliance stakeholders
A

Legal counsel

Legal counsel rarely needs to know an organization’s vulnerability management status or stance. Security, audit, and compliance stakeholders do.

31
Q

58- What issue is organizational governance likely to cause in a vulnerability management program?

  • It may prevent vulnerabilities from being patched or compensating controls being used.
  • It may increase the number of vulnerabilities that need patched.
  • It may slow down patching.
  • It may limit the vulnerabilities that will be patched.
A

It may slow down patching.

Governance processes are most likely to lead to slower patching processes because of approval requirements. They typically do not prevent patches from being installed or the use of compensating controls, although it may take some time to identify which option will be put in place. It typically doesn’t increase the number of vulnerabilities that need to be patched nor do they typically limit what vulnerabilities will be patched.

32
Q

59- Jacob has initiated the incident response process in his organization. IoCs have been identified, and Jacob is ready to take the next step in the process. What typically happens next?

  • Legal counsel is notified.
  • Incident responders collect forensic data.
  • Law enforcement is notified.
  • Incident responders determine if it is a real incident.
A

Incident responders determine if it is a real incident.

Just because IoCs exist doesn’t mean that an incident has occurred. Instead, responders need to analyze the data available and to look for additional information that will tell if the incident is a real incident or a false positive. Notifying counsel or law enforcement happens after an incident is verified and only if needed. Collecting forensic data happens once the organization determines that an incident has occurred and wants to investigate it.

33
Q

61- What NIST standard provides information on incident handling practices?

  • NIST SP 800‐61
  • ISO 27001
  • NIST SP 800‐53
  • SOC 2
A

NIST SP 800‐61

NIST SP 800‐61 is NIST’s Computer Security Incident Handling guide and provides information on incident handling standards. NIST SP 800‐53 describes security and privacy controls for information systems and organizations. ISO 27001 and SOC 2 are not NIST standards.

34
Q

65- Jen has discovered that many systems in her organization are being deployed with a vulnerable service active. What solution is best suited to addressing this type of issue in a large organization?

  • An awareness program
  • Compensating controls
  • Changing business requirements
  • Configuration management
A

Configuration management

Jen knows that configuration management is an appropriate solution to ensure that organization wide standards are met and that it can help with this type of issue. She may also need to implement an awareness program to ensure that admins are appropriately configuring systems before deployment, but configuration management is the more complete fix. Compensating controls aren’t indicated by the question, and changing business requirements isn’t a demonstrated need either.

35
Q

67- Jason has defined the problem as part of a root‐cause analysis effort. What step typically comes next in RCA?

  • Collecting data about the problem
  • Determining the root cause of the problem
  • Determining potential causal factors
  • Analyzing the causes
A

Collecting data about the problem

Root‐cause analysis requires data to proceed, and Jason knows that his next step is to collect data. Then he will proceed to determining causal factors, identifying the root cause, and prioritizing causes.

36
Q

68- Mean time to respond is an example of what?

  • An incident response report target
  • An industry standard SOW
  • An industry standard SLA
  • An incident response KPI
A

An incident response KPI

Mean time to respond is a key performance indicator (KPI) for incident response.

37
Q

70- Jason wants to quickly understand the content of an incident report. What should he read?

  • The scope statement
  • The timeline
  • The executive summary
  • The evidence
A

The executive summary

Executive summaries should be short and to the point and are intended to allow readers to quickly understand the content of the report without reading the full report. Scope statements describe the scale and impacted systems or services, timelines list when events happened, and evidence provides detailed information about the incident that support analysis or theories.

38
Q

75- Which of the following is the most critical to have involved in incident escalation processes?

  • End users
  • Legal
  • Management
  • Law enforcement
A

Management

It is critical to involve management in incident escalation processes to allow for proper escalation and response. Legal and law enforcement experts are engaged on an as‐needed basis, and end users are not typically required to be involved in escalation.

39
Q

76- Gurvinder’s organization is required to report breaches within 24 hours of the breach being detected, regardless of how far into the investigation the organization is. What type of requirement is most likely to drive this type of communication?

  • Contractual requirements
  • Social media requirements
  • Regulatory requirements
  • Reputational requirements
A

Regulatory requirements

Regulatory requirements often have specific timeframes for communication, regardless of the state of the incident response process. Contractual requirements tend to offer the organization more flexibility in reporting. Social media does not create requirements, and reputation may benefit from timely notification but does not result in requirements either.

40
Q

77- Xuan’s organization uses an old, no longer updated or sold software package that has an embedded web server that it exposes on every workstation that runs the software allowing file transfer between workstations. During a vulnerability scan the web browser was highlighted as a critical vulnerability. Which of the following solutions should Xuan recommend to best resolve the issue?

  • An awareness program
  • Compensating controls
  • Changing business requirements
  • Configuration management
A

Changing business requirements

Xuan should recommend that the organization change business practices. There are many other ways to exchange files that do not require a vulnerable software package, and change in process would resolve this. Awareness, compensating controls, and configuration management do not address the business need.

41
Q

78- Jackie is reviewing the risk scores round in a vulnerability report and notes that the risk she is reviewing scores a 1.0. What recommendation should Jackie make about the vulnerability?

  • It should be patched immediately because the risk score is high.
  • The risk is very low and can likely be ignored.
  • The risk is low and should be patched in the next patch cycle.
  • It should be patched immediately because it is in the top 10 percent of risks.
A

The risk is low and should be patched in the next patch cycle.

While a risk as low as 1.0 on the CVSS scale is unlikely to cause immediate harm, if a patch is available and does not introduce additional risk, it should still be installed at the next patch window.

42
Q

80- Kathleen wants to build a prioritized list of vulnerabilities for her organization. What part of the CVSS metric will help her adjust the score to best match her organization’s availability requirements?

  • The base metric group
  • The advanced metric group
  • The temporal metric group
  • The environmental metric group
A

The environmental metric group

The environmental group includes information that takes an organization’s specific requirements into account including availability requirements the organization itself establishes. Even if you’re not familiar with the CVSS scoring system’s three groupings (basic, temporal, and environmental), you can likely answer a question like this by considering the likely meaning of each of these options.

43
Q

CVSS scoring system’s three groupings

A
  • The Basic Metric Group represents the intrinsic and fundamental characteristics of a vulnerability. These metrics include factors like the attack vector, attack complexity, privileges required, user interaction, and the impact on confidentiality, integrity, and availability of the affected system.
  • Temporal Metric Group
  • Environmental Metric Group
44
Q

84- The company that Amari works for uses an embedded system as part of a manufacturing process. The system relies on an operating system created by the machine’s vendor, and Amari’s team has identified vulnerabilities during a network scan. What type of system should Amari identify this device as?

  • A proprietary system
  • A legacy system
  • A primary system
  • A secondary system
A

A proprietary system

This is an example of a proprietary system that may not use commonly available and supported operating systems or software. Legacy systems are out‐of‐date, often unsupported systems. Primary and secondary systems are not terms typically used to categorize vulnerable systems.

45
Q

85- Amari wants to ensure that her team can meet her organization’s service level agreement for the embedded system that has been identified as vulnerable. Which of the following compensating controls would be the most appropriate solution to allow the system to stay online while remaining secure?

  • Install a hardware‐based IDS between the system and the network.
  • Place a hardware firewall between the system and the network.
  • Disable the device’s network connection.
  • Install a nonproprietary operating system on the embedded system.
A

Place a hardware firewall between the system and the network.

A hardware firewall will prevent the system from being remotely accessed if configured properly, protecting it from network‐based attacks and acting as an appropriate compensating control. An IDS will only detect attacks and won’t stop them. Disabling the network connection for the device entirely is likely to impact the service level agreement for the device, and installing another OS is like impossible.

46
Q

87- NIST provides recommendations for communication with the media as part of incident response. Which of the following is a NIST recommended preparation for working with the media?

  • Pre‐writing all incident communications before incident occur
  • Holding media practice sessions for incident responders as part of IR exercises
  • Creating procedures on media avoidance as part of incident response planning
  • Contacting law enforcement to prepare for media concerns
A

Holding media practice sessions for incident responders as part of IR exercises

Holding media practice sessions for incident responders as part of IR exercises is a NIST‐recommended practice. Incident communication examples and templates can be prepared, but all incident communications cannot be written before incidents occur. Avoiding the media or contacting law enforcement to help with media concerns is also not NIST‐recommended procedures.

47
Q

88- Michele’s root‐cause analysis has determined a number of events that contributed to the problem but were not the root cause. What has she identified?

  • Compensating controls
  • Causal factors
  • Branch causes
  • Nonroot causes
A

Causal factors

Causal factors are events that contribute to an incident but that are not the root cause.

CySA+ (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions