100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
ISC2 Certified in Cybersecurity Combined Pre and Post Course Assessment Tests With Exam Reviewed Questions Correctly Answered | Updated For Revision $17.99   Add to cart

Exam (elaborations)

ISC2 Certified in Cybersecurity Combined Pre and Post Course Assessment Tests With Exam Reviewed Questions Correctly Answered | Updated For Revision

 8 views  0 purchase
  • Course
  • ISC2
  • Institution
  • ISC2

ISC2 Certified in Cybersecurity Combined Pre and Post Course Assessment Tests With Exam Reviewed Questions Correctly Answered | Updated For Revision 1. The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, ...

[Show more]

Preview 4 out of 44  pages

  • August 26, 2024
  • 44
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • cybersecurity
  • ISC2
  • ISC2
avatar-seller
EWLindy
ISC2 Certified in Cybersecurity Combined Pre
and Post Course Assessment
Tests With Exam Reviewed Questions
Correctly Answered | Updated For Revision


1. The Payment Card Industry (PCI) Council is a committee made up of
representatives from major credit card providers (Visa, Mastercard,
American Express) in the United States. The PCI Council issues rules that
merchants must follow if the merchants choose to accept payment via
credit card. These rules describe best practices for securing credit card
processing technology, activities for securing credit card information, and
how to protect customers' personal data. This set of rules is a _____. (D1,
L1.4.2)

A) Law
B) Policy
C) Standard
D) Procedure
C is correct. This set of rules is known as the Data Security Standard, and it is
accepted throughout the industry. A is incorrect, because this set of rules was not
issued by a governmental body. B is incorrect, because the set of rules is not a
strategic, internal document published by senior leadership of a single
organization. D is incorrect, because the set of rules is not internal to a given
organization and is not limited to a single activity.
2. For which of the following systems would the security concept of availability
probably be most important? (D1, L1.1.1)

A) Medical systems that store patient data
B) Retail records of past transactions
C) Online streaming of camera feeds that display historical works of art in

, museums around the world
D) Medical systems that monitor patient condition in an intensive care unit
D is correct. Information that reflects patient condition is data that necessarily
must be kept available in real time, because that data is directly linked to the
patients' well-being (and possibly their life). This is, by far, the most important of
the options listed. A is incorrect because stored data, while important, is not as
critical to patient health as the monitoring function listed in answer D. B is
incorrect because retail transactions do not constitute a risk to health and human
safety. C is incorrect because displaying artwork does not reflect a risk to health
and human safety; also because the loss of online streaming does not actually
affect the asset (the artwork in the museum) in any way—the art will still be in the
museum, regardless of whether the camera is functioning.


3. Which of the following is an example of a "something you know"
authentication factor? (D1, L1.1.1)

A) User ID
B) Password
C) Fingerprint
D) Iris scan
B is correct. A password is something the user knows and can present as an
authentication factor to confirm an identity assertion. A is incorrect because a
user ID is an identity assertion, not an authentication factor. C and D are incorrect
as they are examples of authentication factors that are something you are, also
referred to as "biometrics."


4. In risk management concepts, a(n) _________ is something a security practitioner might need to
protect. (D1, L1.2.1)

A) Vulnerability
B) Asset
C) Threat
D) Likelihood

,B is correct. An asset is anything with value, and a security practitioner may need
to protect assets. A, C, and D are incorrect because vulnerabilities, threats and
likelihood are terms associated with risk concepts, but are not things that a
practitioner would protect.
5. Olaf is a member of (ISC)² and a security analyst for Triffid Corporation.
During an audit, Olaf is asked whether Triffid is currently following a
particular security practice. Olaf knows that Triffid is not adhering to that
standard in that particular situation, but that saying this to the auditors will
reflect poorly on Triffid. What should Olaf do? (D1, L1.5.1)

A) Tell the auditors the truth
B) Ask supervisors for guidance
C) Ask (ISC)² for guidance
D) Lie to the auditors
A is the best answer. The (ISC)² Code of Ethics requires that members "act
honorably, honestly, justly, responsibly" and also "advance and protect the
profession." Both requirements dictate that Olaf should tell the truth to the
auditors. While the Code also says that Olaf should "provide diligent and
competent service to principals," and Olaf's principal is Triffid in this case, lying
does not serve Triffid's best long-term interests, even if the truth has some
negative impact in the short term.


6. Siobhan is an (ISC)² member who works for Triffid Corporation as a security
analyst. Yesterday, Siobhan got a parking ticket while shopping after work.
What should Siobhan do? (D1, L1.5.1)

A) Inform (ISC)²
B) Pay the parking ticket
C) Inform supervisors at Triffid
D) Resign employment from Triffid
B is the best answer. A parking ticket is not a significant crime, besmirchment of
character or moral failing, and has nothing to do with Siobhan's duties for Triffid.
Even though the (ISC)² Code of Ethics requires that members act "legally," and

, "protect the profession," a parking ticket does not reflect poorly on Siobhan,
Triffid, (ISC)², or the security profession. Siobhan should, however, pay the ticket.
7. Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation.
While Aphrodite is reviewing user log data, Aphrodite discovers that
another Triffid employee is violating the acceptable use policy and watching
streaming videos during work hours. What should Aphrodite do? (D1,
L1.5.1)

A) Inform (ISC)²
B) Inform law enforcement
C) Inform Triffid management
D) Nothing
C is the best answer. Aphrodite is required by the (ISC)² Code of Ethics to "provide
diligent and competent service to principals." This includes reporting policy
violations to Triffid management (Triffid is the principal, in this case). A policy
violation of this type is not a crime, so law enforcement does not need to be
involved, and (ISC)² has no authority over Triffid policy enforcement or employees.
8. A software firewall is an application that runs on a device and prevents
specific types of traffic from entering that device. This is a type of ________
control. (D1, L1.3.1)

A) Physical
B) Administrative
C) Passive
D) Technical
D is correct. A software firewall is a technical control, because it is a part of the IT
environment. A is incorrect; a software firewall is not a tangible object that
protects something. B is incorrect; a software firewall is not a rule or process.
Without trying to confuse the issue, a software firewall might incorporate an
administrative control: the set of rules which the firewall uses to allow or block
particular traffic. However, answer D is a much better way to describe a software
firewall. C is incorrect; "passive" is not a term commonly used to describe a
particular type of security control, and is used here only as a distractor.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller EWLindy. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $17.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75323 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$17.99
  • (0)
  Add to cart