iSACA Cybersecurity Fundamentals Certification
Exam Questions and Answers Updated (2024)
(Verified Answers)
Confidentiality
Protection from unauthorized access
integrity
Protection from unauthorized modification
Availability
protection from disruptions in access
Cybersecurity
the protection of information assets (digital assets) by addressing threats to information processed,
stored, and transported by internetworked information systems
Nonrepudiation
Def: ensuring that a message or other piece of information is genuine
Examples: digital signatures and transaction logs
Risk
combination of the probability of an event and its consequences, mitigated through controls
Threat
Anything that is capable of acting against an asset in a harmful manner
Asset
something of either tangible or intangible value that is worth protecting
Vulnerability
A weakness in the design, implementation, operation or internal control of a process that could
expose the system to adverse threats from threat events
Inherent risk
The risk level or exposure without taking into account the actions that management has taken or
might take (e.g., implementing controls)
,Residual risk
the risk that remains after management implements internal controls or some other response to risk
Likelihood
A.K.A probability
measure of frequency of which an event may occur, which depends on the threat and vulnerability
Approaches to Cybersecurity Risk
Dependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
Threat Agents
The actors causing the threats that might exploit a vulnerability
Threat Process
1) Perform reconnaissance (gathering information)
, 2) Create attack tools
3) Deliver malicious capabilities
4) Exploit and compromise
5) Conduct an attack
6) Achieve results
7) Maintain a presence or set of capabilities
8) Coordinate a campaign
Malware
Def: software designed to infiltrate or damage a computer system without the user's informed
consent
Examples: Viruses, network worms, Trojan horses
Policies
communicate required and prohibited activities and behaviors
Standards
Interpret policies in specific situations
Procedures
Provide details on how to comply with policies and standards
Guidelines
Provide general guidance on issues; not requirements but strongly recommended
Defense in Depth
Layering defenses to provide added protection
Security perimeter
A well-defined boundary between the organization and the outside world. Cybersecurity emphasizes
the system-centric model (placing controls at the network level)
Internet Perimeter
Secure access to the Internet for enterprise employees and guest users, regardless of location.
It should...
1) Route traffic between enterprise & internet
2) Prevent executable files from being transferred through email attachments/browsing
3) Monitor internal/external network ports
4) Detect & block traffic from infected internal end point
5) Control user traffic bound for the internet
6) Identify and block malicious packets
7) Eliminate threats such as email spam, viruses
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller LectDan. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.
