iSACA Cybersecurity Fundamentals Certification Exam with complete solutions
17 keer bekeken 0 keer verkocht
Vak
ISACA Cybersecurity Fundamentals
Instelling
ISACA Cybersecurity Fundamentals
Agile Development - ANSWER A software development methodology that delivers functionality in rapid iterations, measured in weeks, requiring frequent communication, development, testing, and delivery. It works opportunities for reevaluation of the project within the project plan, allowing for the sc...
isaca cybersecurity fundamentals certification exam with complete solutions
Geschreven voor
ISACA Cybersecurity Fundamentals
Alle documenten voor dit vak (3)
Verkoper
Volgen
millyphilip
Ontvangen beoordelingen
Voorbeeld van de inhoud
iSACA Cybersecurity Fundamentals
Certification Exam
Agile Development - ANSWER A software development methodology that delivers
functionality in rapid iterations, measured in weeks, requiring frequent communication,
development, testing, and delivery. It works opportunities for reevaluation of the project
within the project plan, allowing for the schedule to be flexible and adaptable
Anti-forensics - ANSWER An approach to manipulate, erase, or obfuscate digital data or
to make its examination difficult, time-consuming, or virtually impossible
Application firewall systems - ANSWER Def: Allow information to flow between systems
but do not allow the direct exchange of packets. Provide greater protection than packet
filtering. Work at the application level of OSI model
Types:
1) Application level gateways - proxy for each service; impacts network performance
2) Circuit level gateways - one proxy for all services; more efficient
Advantages:
- Provide security for commonly used protocols
- generally hide network from outside untrusted networks
- ability to protect the entire network by limiting break-ins to the firewall itself
- ability to examine and secure program code
Disadvantages:
- reduced performance and scalability as internet usage grows
Approaches to Cybersecurity Risk - ANSWER Dependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
Asset - ANSWER something of either tangible or intangible value that is worth
protecting
Asymmetric key - ANSWER pairs of unidirectional, complementary keys that only
encrypt or decrypt; one of these is secret and the other is publically known; ideal for
short messages (i.e. digital signatures, distribute symmetric keys)
Advantages:
1) Easier distributing keys to untrusted, unknown users
,iSACA Cybersecurity Fundamentals
Certification Exam
2) Provides authentication/nonrepudiation - sender only knows the private key
Disadvantages:
1) computationally intensive and slow
Attack vector - ANSWER The path or route used to gain access to the target (asset)
Types:
1) Ingress - intrusion
2) Egress - Data removal
Attack-signature-detection tools - ANSWER These look for an attack signature, which is
a specific sequence of events indicative of an unauthorized access attempt. A simple
example would be repeated failed logon attempts.
Attrition - ANSWER An attack that employs brute force methods to compromise,
degrade, or destroy systems, networks or services
Audit reduction tools - ANSWER Preprocessors designed to reduce the volume of audit
records to facilitate manual review. Used to analyze large log files
Availability - ANSWER protection from disruptions in access
Business Continuity Plan - ANSWER A plan for how an organization will recover and
restore partially or completely interrupted critical function(s) within a predetermined time
after a disaster or extended disruption
Involves identifying business processes of strategic importance and creating a business
impact analysis (BIA)
1) What are the business processes?
2) What are the critical information resources related to these processes?
3) What is the critical recovery time period for resources to be resumed before losses
are suffered?
Certificate Authority (CA) - ANSWER A trusted third-party agency that is responsible for
issuing digital certificates.
, iSACA Cybersecurity Fundamentals
Certification Exam
Chain of custody - ANSWER documenting, in detail, how evidence is handled and
maintained, including its ownership, transfer and modification; this is necessary to
satisfy legal requirements and mandate high level of confidence regarding integrity of
evidence
Common Firewall issues - ANSWER 1) Configuration errors
2) Monitoring demands
3) Policy maintenance
4) Vulnerability to application/input-based attacks
concentric rings - ANSWER A.K.A. Nested layering
Creates a series of nested layers that must be bypassed in order to complete an attack.
Each layer delays the attacker and provides opportunities to detect and attack
Confidentiality - ANSWER Protection from unauthorized access
cyberrisk assessment - ANSWER process of analyzing the different risk attributes:
1) Examine risk sources (threats/vulnerabilities) for positive/negative consequences
2) Rank risks according to likelihood and impact
3) Evaluate existing controls to determine effectiveness of risk mitigation
Cybersecurity - ANSWER the protection of information assets (digital assets) by
addressing threats to information processed, stored, and transported by internetworked
information systems
Cybersecurity incident - ANSWER an adverse event that negatively impacts the
confidentiality, integrity an availability of data; can be technical or physical events
cybersecurity incident investigations - ANSWER Collection and analysis of evidence
with the goal of identifying the perpetrator of an attack or unauthorized use/access;
sometimes the goals of the investigation can conflict with the incident response (i.e.
destroying evidence unintentionally)
Evidence preservation is very important and may be dependent on data type,
investigator skills/experiences, and tools available; chain of custody needs to be
maintained for evidence to be admissible in court of law
Data at rest - ANSWER Stored data
Data classification - ANSWER tagging data with metadata based on a classification
taxonomy, enabling data to be found quickly and efficiently and cuts back on storage
and backup costs and helps to allocate and maximize resources
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper millyphilip. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €8,52. Je zit daarna nergens aan vast.