Test Questions

Question 1

ISO 31000

Answer 1

International risk management best practices

Question 2

GDPR

Answer 2

The European Union’s regulation that states that personal data cannot be collected or processed without the individual’s informed consent.

Question 3

PCI DSS

Answer 3

Outlines how credit card/bank info must be safely managed.

Question 4

SSAE SOC2

Answer 4

An audit/test that reports on an organization’s controls relative to the CIA triad..

Question 5

PCI DSS

Answer 5

PCI DSS = Payment Card Industry Data Security Standard

Question 6

NIST CSF

Answer 6

NIST CSF = National Institute of Standards and Technology, Cyber Security Framework

Question 7

ISO 22301

Answer 7

ISO 22301 – security & resilience, business continuity management

Question 8

ISO 27001

Answer 8

ISO 27001 – information security rules and requirements (compliance/regulations)

Question 9

ISO 27001 ***

Answer 9

ISO 27001Information Security Management Systems

Infosec rules and requirements used by many governing bodies to create compliance/regulations

Question 10

ISO 27701***

Answer 10

ISO 27701 Privacy Information Management

An extension to 27001 that outlines rules and regulations specifically tied to privacy.

Question 11

ISO 27002***

Answer 11

ISO 27002 Information Security Best Practices

Guidelines and suggestions for how to start or improve infosec at an organization.

Question 12

ISO 31000***

Answer 12

ISO 31000 Risk Management Best Practices

Generic (non specific) suggestions for managing risk response within an organization

Question 13

AES

Answer 13

• Advanced Encryption Standard (AES/AES256)

Question 14

Compensation

Answer 14

= • Substitutes for a principal control

Question 15

Common Vulnerability Scoring System (CVSS)

Answer 15

provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

Question 16

CVE

Answer 16

is a list of entries—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities.

Question 17

SIEM (Security information and event management)

Answer 17

is a service/software that gathers network and application logs in real-time and analyzes them, giving security experts the ability to better monitor and analyze attacks/threats.

Question 18

SOAR (Security Orchestration, Automation, and Response)

Answer 18

Sometimes running alongside the SIEM or built into it, SOAR (Security Orchestration, Automation, and Response) was designed to automate and improve response time when a SIEM detects a threat/anomaly on the network. Sometimes referred to as a Next Generation SIEM.

Question 19

SSH

Answer 19

Secure Shell (SSH) is a widely used remote access protocol. It is very likely to be used to
manage devices and services. SSH uses two types of key pairs:
• A host key pair identifies an SSH server. The server reveals the public part when a
client connects to it. The client must use some means of determining the validity of
this public key. If accepted, the key pair is used to encrypt the network connection
and start a session.
• A user key pair is a means for a client to login to an SSH server. The server stores a
copy of the client’s public key. The client uses the linked private key to generate an
authentication request and sends the request (not the private key) to the server.
The server can only validate this request if the correct public key is held for that
client.