ISC(2) CC Certification

The purpose of security policies and procedures in an organization is to establish guidelines, rules, and best practices to protect the organization's assets, data, and resources from potential threats and vulnerabilities.

To increase employee productivity

To promote work-life balance

To enhance customer satisfaction

Mandatory access control is more flexible than discretionary access control.

The main difference is in who sets the access rights: system administrator for mandatory access control, resource owner for discretionary access control.

Discretionary access control is only used in government systems.

Mandatory access control allows users to set their own access rights.

Cryptography slows down the data transmission process due to complex encryption methods.

Cryptography changes the data format to make it easier to intercept during transmission.

Cryptography compresses data to reduce its size during transmission.

Cryptography encrypts data using algorithms and keys to keep it secure during transmission.

Detection, Analysis, Remediation, Validation, Documentation

Assessment, Isolation, Resolution, Backup, Reporting

Prevention, Response, Mitigation, Restoration, Evaluation

Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned

Firewalls play a crucial role in enforcing network security protocols by monitoring and controlling traffic flow.

Firewalls are used to create network connections

Firewalls are responsible for managing software updates

Firewalls are designed to enhance network speed

Identifying and assessing risks does not impact security measures

Cybersecurity can be maintained without considering potential risks

Risk management is not important for cybersecurity

Risk management helps identify, assess, and prioritize potential risks to information assets, enabling the implementation of appropriate security measures.

Biometric authentication methods, Firewall configurations, Data backup procedures

Physical security measures, Network monitoring tools, Cloud computing services

Software development practices, Employee break policies, Marketing strategies

Access control measures, Data encryption protocols, Incident response procedures, Security awareness training, Regular security audits

Multi-factor authentication requires users to provide only one form of identification

Multi-factor authentication does not enhance security in access control systems

Multi-factor authentication in access control systems involves using the same password for all users

Multi-factor authentication in access control systems requires users to provide two or more forms of identification, such as passwords, security tokens, or biometric verification, to gain access.

SHA-1

MD5

Blowfish

AES, RSA, DES

Ignore security measures and hope for the best

Implement security protocols, conduct regular security audits, train employees on security best practices, create an incident response plan, monitor network activity, and stay informed about the latest security threats.

Use outdated security software

Share sensitive information with unauthorized personnel