Cartes mémoires Certified in Cybersecurity (Seite 1 von 5)

Cartes-fiches	200
Utilisateurs	19
Langue	English
Catégorie	Informatique
Niveau	Université
Crée / Actualisé	18.08.2023 / 11.06.2025
Lien de web	https://card2brain.ch/box/20230818_certified_in_cybersecurity
Intégrer	<iframe src="https://card2brain.ch/box/20230818_certified_in_cybersecurity/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>

Which of the following Cybersecurity concepts guarantees that information is accessible only to those authorized to access it?

Non-repudiation

Confidentiality

Accessibility

Authentication

Which type of attack has the PRIMARY objective of encrypting devices and their data, and then demanding a ransom payment for the decryption key?

Ransomware

Phishing

Cross-Site Scripting

Trojan

In the event of a disaster, which of these should be the PRIMARY objective? ( )

A. Application of disaster communication

B. Protection of the production database

C. Guarantee the safety of people

D. Guarantee the continuity of critical systems

According to ISC2, which are the six phases of data handling?

A. Create -> Store -> Use -> Share -> Archive -> Destroy

B. Create -> Use -> Store -> Share -> Archive -> Destroy

C. Create -> Share -> Use ->Store -> Archive -> Destroy

D. Create -> Share -> Store -> Use -> Archive -> Destroy

Which devices have the PRIMARY objective of collecting and analyzing security events?

Hubs

SIEM

Firewalls

Routers

Which of these is the PRIMARY objective of a Disaster Recovery Plan?

A. Outline a safe escape procedure for the organization's personnel

B. Communicate to the responsible entities the damage caused to operations in the event of a disaster

C. Restore company operation to the last-known reliable operation state

D. Maintain crucial company operations in the event of a disaster

Which of the following areas is the most distinctive property of PHI?

Authentication

Integrity

Non-Repudiation

Confidentiality

Which of the following properties is NOT guaranteed by Digital Signatures?

Authentication

Confidentiality

Non-Repudiation

Integrity

A biometric reader that grants access to a computer system in a data center is a:

A. Authorization Control

B. Physical Control

C. Technical Control

D. Administrative Control

Which of the following documents contains elements that are NOT mandatory?

Policies

Procedures

Guidelines

Regulations

Which of the following are NOT types of security controls?

A. System-specific controls

B. Hybrid controls

C. Storage controls

D. Common controls

After an earthquake disrupting business operations, which document contains the procedures required to return business to normal operation?

A. The Business Impact Analysis

B. The Business Continuity Plan

C. The Disaster Recovery Plan

D. The Business Impact Plan

Which of the following is NOT an ethical canon of the ISC2?

A. Provide active and qualified service to principal

B. Act honorably, honestly, justly, responsibly and legally

C. Advance and protect the profession

D. Protect society, the common good, necessary public trust and confidence, and the infrastructure

How many data labels are considered good practice?

1

2 - 3

1-2

>4

Risk Management is:

The impact and likelihood of a threat.

The identification, evaluation and prioritization of risks.

The assessment of the potential impact of a threat.

The creation of an incident response team.

According to the canon "Provide diligent and competent service to principals", ISC2 professionals are to:

Avoid apparent or actual conflicts of interest.

Treat all members fairly and,when resolving conflicts, consider public safety and duties to principals, individuals and the profession, in that order.

Promote the understanding and acceptance of prudent information security measures.

Take care not to tarnish the reputation of other professionals through malice or indifference.

Which of these is NOT a change management component?

Rollback

RFC

Approval

Governance

Which of the following is not a protocol of the OSI Level 3?

IGMP

ICMP

SNMP

IP

Which of the following principles aims primarily at fraud detection?

Defense in Depth

Least Privilege

Separation of Duties

Privileged Accounts

Which tool is commonly used to sniff network traffic? ( )

Nslookup

John the Ripper

Wireshark

Burp Suite

The magnitude of the harm expected as a result of the consequences of an unauthorized disclosure, modification, destruction, or loss of information, is known as the:

Threat

Impact

Vulnerability

Likelihood

A web server that accepts requests from external clients should be placed in which network?

Intranet

DMZ

VPN

Internal Network

The process of verifying or proving the user's identification is known as:

Authorization

Integrity

Confidentiality

Authentication

Which of these is the most efficient and effective way to test a business continuity plan?

Discussions

Simulations

Walkthroughs

Reviews

Which regulations address data protection and privacy in Europe?

SOX

FISMA

GDPR

HIPAA

The SMTP protocol operates at OSI Level:

23

7

3

25

Which of the following canons is found in the ISC2 code of ethics?

Protect society, the common good, and the infrastructure

Act honorably, honestly, safely and legally

Provide diligent and competent service to principals

Advance and promote the profession

Which port is used to secure communication over the web (HTTPS)?

80

443

69

25

A best practice of patch management is to:

Apply patches according to the vendor's reputation

Apply all patches as quickly as possible

Test patches before applying them

Apply patches every Wednesday

In order to find out whether personal tablet devices are allowed in the office, which of the following policies would be helpful to read?

Change Management Policy

BYOD

Privacy Policy

AUP

In which cloud model does the cloud customer have LESS responsibility over the infrastructure? ( )

SaaS

FaaS

IaaS

PaaS

In Software as a Service (SaaS), consumers may control user-specific application configuration settings, but neither the underlying application logic nor the infrastructure.

Which of the following is NOT a social engineering technique?

Double-dealing

Pretexting

Baiting

Quid pro quo

Which device is used to connect a LAN to the Internet?

HIDS

Firewall

Router

SIEM

A router is a device that acts as a gateway between two or more networks by relaying and directing data packets between them

Which of the following is NOT a type of learning activity used in Security Awareness?

Training

Awareness

Education

Tutorial

The three learning activities that organizations use in training for security awareness are Education, Training and Awareness. A tutorial is a form of training, but is not on the list of types of learning activities.

Which are the three packets used on the TCP connection handshake? ( )

Discover → Offer → Request

SYN → ACK → FIN

Offer → Request → ACK

SYN → SYN/ACK → ACK

TCP uses a three-way handshake to establish a reliable connection by exchanging three packets with the SYN, SYN/ACK and ACK flags. Although SYN, ACK and FIN are valid TCP packet flags, the sequence SYN → ACK → FIN is not the TCP handshake. Both the sequences Discover → Offer → Request and Offer → Request → ACK are used in DHCP

An exploitable weakness or flaw in a system or component is a:

Bug

Threat

Vulnerability

Risk

If there is no time constraint, which protocol should be employed to establish a reliable connection between two devices?

UDP

SNMP

DHCP

TCP

TCP is used for connection-oriented communication, verifies data delivery, and is known to favor reliability. In a congested network, TCP delays data transmission, and thus cannot guarantee delivery under time constraints. UDP favors speed and efficiency over reliability, and thus cannot ensure a reliable connection. DHCP and SNMP are (respectively) a device configuration and a device management protocol, which means that neither aims to establish connections between devices.

An entity that acts to exploit a target organization’s system vulnerabilities is a:

Attacker

Threat Vector

Threat

Threat Actor

A Threat Actor is defined as an individual or a group posing a threat (according to NIST SP 800-150 under Threat Actor). A Threat Vector is a means by which a Threat Actor gains access to systems (for example: phishing, trojans, baiting, etc.). An Attacker is always an individual, but a Threat Actor can be either a group or an entity. A Threat is a circumstance or event that can adversely impact organizational operations that a Threat Actor can potentially explore through a Threat Vector.

Which of the following is NOT an example of a physical security control?

Remote control electronic locks

Security cameras

Firewalls

Biometric access controls

Firewalls are a type of electronic equipment which connects to a network that filters inbound traffic arriving from the Internet, and, thus are a type of technical security controls. Security cameras, biometric access control and electronic locks, though connected to a network, control access to physical facilities, and thus are types of physical security controls.

What is the consequence of a Denial Of Service attack?

Exhaustion of device resources

Remote control of a device

Malware Infection

Increase in the availability of resources

A denial of service attack (DoS) consists in a malicious overload of requests which will eventually lead to the exhaustion of resources, rendering the service unavailable, as well as causing the activation of safety mechanisms that delay or limit the availability of that system or service. This type of attack seeks to compromise service availability, but not to control a device nor to install malware.

Certified in Cybersecurity

Créer ou copier des fichiers d'apprentissage

Créer ou copier des fichiers d'apprentissage

Connecte-toi pour voir toutes les cartes.

SWITCHaai

Office 365

Edulog

Apple ID

Google