Study

CBS700

  •   0%
  •  0     0     0

      Back   Restart
  • A company is audited and certified — but suffers a major data breach the following month. Which misconception does this illustrate?
    That following one standard means you are fully secure
  • The CIS Critical Security Controls are based on what
    Real-world attack data and proven defences
  • Which standard specifically governs how payment card data must be handled?
    PCI DSS
  • Which organization publishes the ISO/IEC 27000 family of standards
    ISO and IEC jointly
  • What is the difference between a standard and a regulation?
    Standards are voluntary best practices; regulations are legally mandated
  • An attacker intercepts a financial transaction and later denies sending it. Which security objective has been violated?
    Non-repudiation
  • Which NIST CSF function involves identifying what assets you have and what risks exist?
    Identify
  • PCI DSS applies to which organizations
    Any organization that stores, processes, or transmits cardholder data
  • What does NIST stand for
    National Institute of Standards and Technology
  • ISO 27002 uses which type of language?
    "Should" — advisory
  • Which NIST CSF function focuses on restoring normal operations after an incident?
    Recover
  • Which framework organizes cybersecurity around: Identify, Protect, Detect, Respond, Recover?
    NIST CSF
  • Which is a cybersecurity DILEMMA described in the chapter?
    User needs vs. security requirements
  • What is "non-repudiation"
    Ensuring neither sender nor recipient can deny their involvement
  • What is the definition of "availability" in the CIA Triad
    The system is accessible and usable upon demand by authorized entities
  • What does "risk" mean in cybersecurity terminology
    A measure of threat extent based on impact and likelihood
  • Which body publishes COBIT
    ISACA
  • What is the correct definition of a "vulnerability"
    A flaw or weakness that could be exploited
  • What language does ISO 27001 use, and what does it mean?
    "Shall" — mandatory requirements
  • Which ISO standard can an organization get CERTIFIED against?
    ISO 27001
  • What does CIA stand for in cybersecurity
    Confidentiality, Integrity, Availability
    • Your experience on this site will be improved by allowing cookies.