Pass the ISC ISC certification CC Questions and answers with CertsForce

Availability ensures that systems and data are accessible to authorized users when needed. A power outage that disrupts access to a data center directly impacts availability.

Confidentiality concerns unauthorized disclosure, integrity concerns unauthorized modification, and non-repudiation concerns accountability. None of these are directly affected by a power outage.

Availability risks are commonly addressed through redundancy, backup power supplies, generators, UPS systems, and disaster recovery planning.

Ensuring availability is a core objective of business continuity and disaster recovery programs.

Preparation includes asset identification, system classification, and readiness planning.

Crime Prevention Through Environmental Design (CPTED) uses environmental design principles such as visibility, lighting, access control, and territorial reinforcement to deter criminal activity.

Virtualization enables multiple virtual machines to run on a single physical system by abstracting hardware resources. Each VM operates independently with its own OS, improving efficiency and isolation.

Unauthorized access that compromises confidentiality constitutes abreach. Intrusions become breaches when access is successful.

Privacy focuses on individual rights over personal information, distinct from confidentiality which focuses on access control.

Business Continuity Plans ensure operations continue during long-term disruptions.

Human safety always takes precedence over systems, data, and business operations.

System security configuration management focuses on ensuring that systems are securely configured, consistently maintained, and properly tracked throughout their lifecycle. Core elements includebaselines,updates, andinventory. Baselines define the approved secure configuration for systems. Updates (such as patches and configuration changes) ensure systems remain secure over time. Inventory tracks hardware and software assets so organizations know what must be configured and maintained.

Audit logs, while extremely important for security monitoring, incident response, and compliance, arenot a core element of configuration management. Instead, audit logs fall under security operations, monitoring, and logging controls. Configuration management is concerned with how systems are built and maintained, not with recording activity after deployment.

Frameworks such as NIST SP 800-128 clearly distinguish configuration management from logging and auditing, even though both contribute to overall system security.

A Risk Management Framework (RMF) provides a structured, continuous process for identifying, assessing, and mitigating risk across an organization.