CC Exam: Domain 1 Security Principles
US Regulations apply to an NJ organization at all levels and require compliance. What three levels is this example referring to?
National, Regional, Local
Alice, using her private key encryption, created an email to Bob which provides a digital signature authenticating that it was Alice sending an email to Bob. Alice realizes she cannot take back her email and claim it was never sent by her. What is this an example of?
Non-repudiation
What is kind of risk analysis is based off of categorized levels of perceived judgements and or perceptions?
Qualitative Risk Analysis
What kind of risk analysis is based in verified data and or statistical knowledge ?
Quantitative Risk Analysis
Biometric door locks, , planned security awareness training and ACLs(access control lists) are implemented in the organization. What are these examples of?
Security Controls
An AV (attack vector) plans to exploit a weakness found in a firewall, what is this concept called?
Threat
A lack of security cameras in a physical building, an earthquake, or weak login credentials are examples of what?
Vulnerabilities
A password, a physical token and iris scan are common methods of what?
Authentication
A high likelihood, high impact rating usually results in what kind of priority level?
High Priority
The NIST (National Institute of Standards and Technology) Framework focuses on 5 core functions of being able to identity, protect, detect, respond and recover. What is another name for a this kind of framework?
Standard
Let's dive into Integrity a little, ensuring Integrity begins with an awareness of _______ when it comes to a system. Once you have that concept grasped, a baseline can be formed.
State
Jeff is an ISC(2) member that refuses to have a look at file he should not have access to. What ISC2 Ethics Canon did Jeff adhere to in this scenario?
Act honorably, honestly, justly, responsibly and legally
Clever Consultants Co is an organization that has something in need of protection. What is this known as?
Asset
What is defined as timely reliable access and the ability to use information?
Availability
Who determines level of risk acceptance usually in an organization? For example, an environmental risk of earthquake in California.
Executive/Senior management and or Board of Directors
Sandra is an ISC(2) member who finds out Benjamin, another ISC(2) member, has cheated on the certification exam. Sandra remembers the ___ ethics canons and decides to report to ISC(2) the incident. How many canons are there in the ISC(2) Code of Ethics?
Four
An appetite for risk is usually determined by the amount of risk tolerance an organization is willing to accept. The goal of a security professional is to maintain that acceptable level. What leading factor risk example usually dictates this decision when determining that level of tolerance?
Geographical Location of Organization
What part of the CIA triad measures the degree in which something is whole and complete , consistent and correct?
Integrity
PHI (Protected Health Information) or PII (Personally Identifiable Information) are terms related to which area of the CIA triad?
Confidentiality
What are the three components that make up the CIA triad?
Confidentiality, Integrity and Availability