iSACA Cybersecurity Fundamentals Certification Exam with complete solutions
17 views 0 purchase
Course
ISACA Cybersecurity Fundamentals
Institution
ISACA Cybersecurity Fundamentals
Agile Development - ANSWER A software development methodology that delivers functionality in rapid iterations, measured in weeks, requiring frequent communication, development, testing, and delivery. It works opportunities for reevaluation of the project within the project plan, allowing for the sc...
isaca cybersecurity fundamentals certification exam with complete solutions
Written for
ISACA Cybersecurity Fundamentals
All documents for this subject (3)
Seller
Follow
millyphilip
Reviews received
Content preview
iSACA Cybersecurity Fundamentals
Certification Exam
Agile Development - ANSWER A software development methodology that delivers
functionality in rapid iterations, measured in weeks, requiring frequent communication,
development, testing, and delivery. It works opportunities for reevaluation of the project
within the project plan, allowing for the schedule to be flexible and adaptable
Anti-forensics - ANSWER An approach to manipulate, erase, or obfuscate digital data or
to make its examination difficult, time-consuming, or virtually impossible
Application firewall systems - ANSWER Def: Allow information to flow between systems
but do not allow the direct exchange of packets. Provide greater protection than packet
filtering. Work at the application level of OSI model
Types:
1) Application level gateways - proxy for each service; impacts network performance
2) Circuit level gateways - one proxy for all services; more efficient
Advantages:
- Provide security for commonly used protocols
- generally hide network from outside untrusted networks
- ability to protect the entire network by limiting break-ins to the firewall itself
- ability to examine and secure program code
Disadvantages:
- reduced performance and scalability as internet usage grows
Approaches to Cybersecurity Risk - ANSWER Dependent on:
1) Risk tolerance
2) Size & scope of the environment
3) Amount of data available
Approaches:
1) Ad hoc
2) Compliance-based
3) Risk-based
Asset - ANSWER something of either tangible or intangible value that is worth
protecting
Asymmetric key - ANSWER pairs of unidirectional, complementary keys that only
encrypt or decrypt; one of these is secret and the other is publically known; ideal for
short messages (i.e. digital signatures, distribute symmetric keys)
Advantages:
1) Easier distributing keys to untrusted, unknown users
,iSACA Cybersecurity Fundamentals
Certification Exam
2) Provides authentication/nonrepudiation - sender only knows the private key
Disadvantages:
1) computationally intensive and slow
Attack vector - ANSWER The path or route used to gain access to the target (asset)
Types:
1) Ingress - intrusion
2) Egress - Data removal
Attack-signature-detection tools - ANSWER These look for an attack signature, which is
a specific sequence of events indicative of an unauthorized access attempt. A simple
example would be repeated failed logon attempts.
Attrition - ANSWER An attack that employs brute force methods to compromise,
degrade, or destroy systems, networks or services
Audit reduction tools - ANSWER Preprocessors designed to reduce the volume of audit
records to facilitate manual review. Used to analyze large log files
Availability - ANSWER protection from disruptions in access
Business Continuity Plan - ANSWER A plan for how an organization will recover and
restore partially or completely interrupted critical function(s) within a predetermined time
after a disaster or extended disruption
Involves identifying business processes of strategic importance and creating a business
impact analysis (BIA)
1) What are the business processes?
2) What are the critical information resources related to these processes?
3) What is the critical recovery time period for resources to be resumed before losses
are suffered?
Certificate Authority (CA) - ANSWER A trusted third-party agency that is responsible for
issuing digital certificates.
, iSACA Cybersecurity Fundamentals
Certification Exam
Chain of custody - ANSWER documenting, in detail, how evidence is handled and
maintained, including its ownership, transfer and modification; this is necessary to
satisfy legal requirements and mandate high level of confidence regarding integrity of
evidence
Common Firewall issues - ANSWER 1) Configuration errors
2) Monitoring demands
3) Policy maintenance
4) Vulnerability to application/input-based attacks
concentric rings - ANSWER A.K.A. Nested layering
Creates a series of nested layers that must be bypassed in order to complete an attack.
Each layer delays the attacker and provides opportunities to detect and attack
Confidentiality - ANSWER Protection from unauthorized access
cyberrisk assessment - ANSWER process of analyzing the different risk attributes:
1) Examine risk sources (threats/vulnerabilities) for positive/negative consequences
2) Rank risks according to likelihood and impact
3) Evaluate existing controls to determine effectiveness of risk mitigation
Cybersecurity - ANSWER the protection of information assets (digital assets) by
addressing threats to information processed, stored, and transported by internetworked
information systems
Cybersecurity incident - ANSWER an adverse event that negatively impacts the
confidentiality, integrity an availability of data; can be technical or physical events
cybersecurity incident investigations - ANSWER Collection and analysis of evidence
with the goal of identifying the perpetrator of an attack or unauthorized use/access;
sometimes the goals of the investigation can conflict with the incident response (i.e.
destroying evidence unintentionally)
Evidence preservation is very important and may be dependent on data type,
investigator skills/experiences, and tools available; chain of custody needs to be
maintained for evidence to be admissible in court of law
Data at rest - ANSWER Stored data
Data classification - ANSWER tagging data with metadata based on a classification
taxonomy, enabling data to be found quickly and efficiently and cuts back on storage
and backup costs and helps to allocate and maximize resources
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller millyphilip. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.99. You're not tied to anything after your purchase.
