Pass the ISC certification CC Questions and answers with Dumpstech

Availability ensures that systems and data are accessible to authorized users when needed. A power outage that disrupts access to a data center directly impacts availability.

Confidentiality concerns unauthorized disclosure, integrity concerns unauthorized modification, and non-repudiation concerns accountability. None of these are directly affected by a power outage.

Availability risks are commonly addressed through redundancy, backup power supplies, generators, UPS systems, and disaster recovery planning.

Ensuring availability is a core objective of business continuity and disaster recovery programs.

A security incident is any event that actually or potentially compromises confidentiality, integrity, or availability.

Aprocedureis a detailed, step-by-step set of instructions that explainshowto perform a task in compliance with policies and standards. Procedures translate high-level requirements into actionable guidance for staff.

Policies define what must be done, standards specify mandatory requirements, and procedures explain exactly how to carry them out. Laws are external legal mandates, not internal operational documents.

For example, a security policy may require access reviews, a standard may define review frequency, and a procedure will outline the exact steps to conduct the review. Procedures ensure consistency, reduce errors, and support compliance and auditing efforts.

MITRE ATTandCK maps adversary tactics, techniques, and procedures (TTPs) across the attack lifecycle.

Security benchmarks define baseline performance and configuration standards against which systems are measured.

Unauthorized access that compromises confidentiality constitutes abreach. Intrusions become breaches when access is successful.

Policies are administrative controls that define acceptable behavior and organizational rules.

Elliptic Curve Cryptography (ECC) does not rely on the prime factorization problem. Instead, ECC is based on the mathematical difficulty of solving elliptic curve discrete logarithm problems.

RSA relies directly on the difficulty of factoring large prime numbers. GPG and PGP are encryption tools and standards that may use RSA or other algorithms internally.

ECC provides equivalent security with much smaller key sizes, making it efficient for mobile devices, embedded systems, and environments with limited processing power.

Modern security standards increasingly recommend ECC due to its performance and strong security properties.

Internet of Things (IoT) devices include sensors, cameras, smart appliances, and controllers connected to networks.

DR planning includes technical controls, operational checklists, and security solutions to support recovery of IT systems after a disruption.