CC Sample Questions Answers

Which type of malware encrypts a users file system and demands payment in exchange of decrypting key

A backup is which type for security control

Events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, defacement of a web page or execution of malicious code that destroys data.

Which one of the following cryptographic algorithms does not depend upon the prime factorization problem?

provide integrity services that allow a recipient to verify that a message has not been altered.

The practice of ensuring that an organizational process cannot be completed by a single person; forces collusion as a means to reduce insider threats.

Which of the following physical controls is used to protect against eavesdropping and data theft through electromagnetic radiation

Removing the design belief that the network has any trusted space. Security is managed at eachpossible level, representing the most granular asset. Micro segmentation of workloads is a tool of the model.

What is the main purpose of using digital signatures in communication security?

Uses multiple types of access controls in literal or theoretical

layers to help an organization avoid a monolithic security

The amount of risk, at a broad level, that an organization is

willing to accept in pursuit of its strategic objectives.

Which is related to Privacy

What is the difference between BCP and DRP

Which access control model can grant access to a given object based on complex rules

What is the first step in incident response planning

What is the best practise to clear SSD storage after usage in term of cyber security

A logical group of workstations, servers and network devices that appear to be on the same LAN despite their geographical distribution.

Which type of fire suppression system is more friendly to electronics

DevOps team has updated the application source code, Tom has discovered that many unauthorized changes have been made. What is the BEST control Tom can implement to prevent a recurrence of this problem?

A one-way spinning door or barrier that allows only one person at a time to enter a building or pass through an area.

Timiting access to resources based on the sensitivity of the information that the resource contains and the authorization of the user to access information with that level of sensitivity.

What is the purpose of immediate response procedures and checklists in a BCP

What is the difference between business continuity planning and disaster recovery planning?

Devid is worried about distributed denial of service attacks against his company's primary web application, which of the following options will provide the MOST resilience against large-scale ddos attacks?

A company's governing board may agree that legal services will examine any third-party contracts, so they create a________stating that aside from legal services, no other department in the companvhahppn pivpn nprmkcinn to review third-party contracts

An agreement between a cloud service provider and a cloud service customer based on a taxonomy of cloud computing- specific terms

255.255.255.0 Address represents

Organization experiences a security event that does not affect the confidentiality integrity and availability of its information system. What term BEST describes this situation?

DDOS attack affect which OSI layer

Mark has purchased a MAC LAPTOP. He is scared of losing his screen and planning to buy an insurance policy. So, which risk management strategy is?

Which authentication helps build relationships between different technology providers, enabling automatic identification and user access. Employees no longer need to enter separate usernames and passwords when visiting a new service provider

Faking the sending address of a transmission to gain illegal entry into a secure system.

What is the primary goal of Identity and Access Management (1AM) in cybersecurity?

What cybersecurity principle focuses on granting users only the privileges necessary to perform their job functions?

A cyber security professional observes an unusual occurrence in the network or system. What term best describes this situations

The prevention of authorized access to resources or the delaying of time critical operations.

An unknown person obtaining access to the company file system without authorization is example of

Which is an authorized simulated attack performed on a computer system to evaluate its security.

The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.

A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff. This is an example of

John joined the ISC2 Organizations, his manager asked to check the authentications in security module. What would John use to ensure a certain control is working as he want and expect it to?

While taking the certification exam for ISC2 CC, You notice another candidate for the certification cheating. What should you do?

Is defined as the process of identifying, estimating and prioritizing risks

A set of instructions to help IT staff detect, respond to, and recover from network security incidents?

Centralized organizational function fulfilled by an information security team that monitors, detects and analyzes events on the network or system to prevent and resolve issues before they result in business disruptions.

A company experiences a power outage that causes a major disruption in its operations. What type of plan will help the company sustain operations?

Sending employees to work at a customer's home can open your business to more risk of bodily injury or property damage claims. So, to reduce risk and avoid potential losses, you decide not to offer those kinds of services

Example of Technical controls

Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of information

Which aspect of cybersecurity is MOST impacted by Distributed Denial of Service (DDoS) attacks?

What is the primary goal of a risk management process in cybersecurity?

An analysis of an information system's requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.

Which phase of the access control process(AAA) does a user prove his/her identity?

Devid's team recently implemented a new system that gathers information from a variety of different log sources, analyses that information, and then triggers automated playbooks in response to security events, what term BEST describes this technology?

What principle states that individuals should only have the minimum set of permissions necessary to carry out their job functions?

A hacker gains access to an organization system without authorization and steal confidential data. What term best describes this ?

Which type of attack will most effectively maintain remote access and control over the victims computer

A_________is a distributed denial-of-service (DDoS) attack in which an attacker attempts to flood a targeted server with Internet Control Message Protocol (ICMP) packets.

Which of the following types of vulnerabilities cannot be discovered in the course of a routine vulnerability assessment?

Is a way to prevent unwanted devices from connecting to a network.

allows for extremely granular restrictions within the IT environment, to the

point where rules can be applied to individual machines and/or users,

A collection of actions that must be followed in order to complete a task or process in accordance with a set of rules

A large organization is planning to create a DRP. Which of the following is the BEST document to provide a high-level overview of the plan?

The internet standards organization, made up of network designers, operators, vendors and researchers, that defines protocol standards

4 Embedded systems and network-enabled devices that communicate with the internet are considered as

What is the benefit of subnet

A company network experience a sudden flood of network packets that causes major slowdown in internet traffic. What type of event it this?

Mark works in the security office. During research, Mark learns that a configuration change could better protect the organization's IT environment. Mark makes a proposal for this change, but the change cannot be implemented until it is approved, tested, and then cleared for deployment by the Change Control Board. This is an example of__________

The Order of controls used in Defence in Depth

Ignoring the risk and proceeding the business operations

Duke would like to restrict users from accessing a list of prohibited websites while connected to his network. Which one of the following controls would BEST achieve his objective?

Common network device used to connect networks?

Which access control model is best suited for a large organization with many departments that have different data access needs

What is a type of system architecture where a single instance can serve multiple distinct user groups.

The process of how an organization is managed; usually includes all aspects of how decisions are made for that organization

Which type of encryption uses only one shared key to encrypt and decrypt?

Walmart has large ecommerce presence in world. Which of these solutions would ensure the LOWEST possible latency for their customers using their services?

What federal law requires the use of vulnerability scanning on information systems operated by federal government agencies?

Which of the following documents identifies the principles and rules governing an organization's protection of information systems and data

An employee unintentionally shares confidential information with an unauthorized party. What term best describes this situation?

A company primary data center goes down due to a hardware failure causing a major disruption to the IT and communications systems. What is the focus of disaster recovery planning in this scenario

Which type of control is used to restore systems or processes to their normal state after an attack has occurred

Which of the following is a characteristic of cloud

Which OSI layer VPN works

Which of the following is endpint

A________creates an encrypted tunnel to protect your personal data and communications

Configuration settings or parameters stored as data, managed through a software graphical user interface (GUI) is

Which one of the following controls is not particularly effective against the insider threat?

Which term describes a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an untrusted network?

The requirement of both the manager and the accountant to approve the transaction fund exceeding $ 50000. Which security concept best suits this

The mitigation of violations of security policies and recommended practices

What is the main purpose of creating baseline in ensuring system integrity

Exhibit.

information security is not built on which of the following?

Embedded systems and network-enabled devices that communicate with the internet are considered as

Which of the following uses registered port

Which is related to Standard

Measure of the extent to which an entity is threatened by a potential circumstance or event and likelihood of occurrence

Which one of the following groups is NOT normally part of an organization's cybersecurity incident response team?

Which ensure maintaining business operations during or after an incident

organization experiences a security event that potentially jeopardizes the confidentiality, integrity or availability of its information system. What term best describes this situation?

Which type of attack attempts to gain information by observing the devices power consumption

What is the purpose of the post incident phase of incident response?

A security practitioner who needs step-by-step instructions to complete a provisioning task

Your organization is concerned about network security and wants to prevent unauthorized access to its resources by implementing a security model where the network has not trusted space what type of security model is this

Which is the SSH port

A company security team detected a cyber attack against it information systems and activates a set of procedures to mitigate the attack., What type of plan is this?

Which of the following best describes the puposes of a business impact analysis?

Communication between end systems is encrypted using a key, often known as________?

Is the right of an individual to control the distribution of information about themselves

What is the first component the new security engineer should learn about in the incident response plan?

What is the importance of non-repudiation in todays world of ecommerce

An outward-facing IP address used to access the Internet.

Permitting authorized access to information while protecting it from improper disclosure

What is the main challenge in achieving non repudiation in electronic transactions

Which plan provides the team with immediate response procedures and check lists and guidance for management?

Raj is considering a physical deterrent control to dissuade unauthorized people from entering the organization's property. Which of the following would serve this purpose?

What goal of security is enhanced by a strong business continuity program?

Configuration settings or parameters stored as data, managed through a software graphical user interface (GUI) is

Risk tolerance also known as