Download ISC2 Certified In Cybersecurity (CC) Practice Exam Questions with answers and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
ISC2 |\Certified |\In |\Cybersecurity |(CC) |\Practice
|\Exam |\Questions |\with |\answers
A |\vendor |\sells |\a |\particular |\operating |\system |(OS). |\In |\order |\to |
deploy |\the |\OS |\securely |\on |\different |\platforms, |\the |\vendor |\publishes |\several |\sets |\of |\instructions |\on |\how |\to |\install |\it, |\depending |\on |
which |\platform |\the |\customer |\is |\using. |\This |\is |\an |\example |\of |______. A. |\Law B. |\Procedure C. |\Standard D. |\Policy |- |\CORRECT |\ANSWERS |\✔✔B. |\Procedure The |\city |\of |\Grampon |\wants |\to |\know |\where |\all |\its |\public |\vehicles |
(garbage |\trucks, |\police |\cars, |\etc.) |\are |\at |\all |\times, |\so |\the |\city |\has |
GPS |\transmitters |\installed |\in |\all |\the |\vehicles. |\What |\kind |\of |\control |\is |\this? A. |\Administrative B. |\Entrenched C. |\Physical D. |\Technical |- |\CORRECT |\ANSWERS |\✔✔D. |\Technical Triffid |\Corporation |\has |\a |\rule |\that |\all |\employees |\working |\with |
sensitive |\hardcopy |\documents |\must |\put |\the |\documents |\into |\a |\safe |\
at |\the |\end |\of |\the |\workday, |\where |\they |\are |\locked |\up |\until |\the |
following |\workday. |\What |\kind |\of |\control |\is |\the |\process |\of |\putting |
the |\documents |\into |\the |\safe? A. |\Administrative B. |\Tangential C. |\Physical D. |\Technical |- |\CORRECT |\ANSWERS |\✔✔A. |\Administrative Grampon |\municipal |\code |\requires |\that |\all |\companies |\that |\operate |
within |\city |\limits |\will |\have |\a |\set |\of |\processes |\to |\ensure |\employees |
are |\safe |\while |\working |\with |\hazardous |\materials. |\Triffid |\Corporation |\creates |\a |\checklist |\of |\activities |\employees |\must |\follow |\while |
working |\with |\hazardous |\materials |\inside |\Grampon |\city |\limits. |\The |
municipal |\code |\is |\a |______, |\and |\the |\Triffid |\checklist |\is |\a |________. A. |\Law, |\procedure B. |\Standard, |\law C. |\Law, |\standard D. |\Policy, |\standard E. |\Policy, |\law |- |\CORRECT |\ANSWERS |\✔✔A. |\Law, |\procedure Which |\of |\the |\following |\is |\an |\example |\of |\a |"something |\you |\know" |
authentication |\factor? A. |\User |\ID B. |\Password
wants |\to |\make |\employees |\aware |\of |\potential |\phishing |\attempts |
that |\the |\employees |\might |\receive |\via |\email. |\What |\kind |\of |\control |\is |
this |\instruction? A. |\Administrative B. |\Finite C. |\Physical D. |\Technical |- |\CORRECT |\ANSWERS |\✔✔A. |\Administrative The |\Triffid |\Corporation |\publishes |\a |\strategic |\overview |\of |\the |
company's |\intent |\to |\secure |\all |\the |\data |\the |\company |\possesses. |
This |\document |\is |\signed |\by |\Triffid |\senior |\management. |\What |\kind |
of |\document |\is |\this? A. |\Policy B. |\Procedure C. |\Standard D. |\Law |- |\CORRECT |\ANSWERS |\✔✔A. |\Policy Chad |\is |\a |\security |\practitioner |\tasked |\with |\ensuring |\that |\the |
information |\on |\the |\organization's |\public |\website |\is |\not |\changed |\by |
anyone |\outside |\the |\organization. |\This |\task |\is |\an |\example |\of |
ensuring |_________. A. |\Confidentiality B. |\Integrity C. |\Availability
D. |\Confirmation |- |\CORRECT |\ANSWERS |\✔✔B. |\Integrity The |\city |\of |\Grampon |\wants |\to |\ensure |\that |\all |\of |\its |\citizens |\are |
protected |\from |\malware, |\so |\the |\city |\council |\creates |\a |\rule |\that |
anyone |\caught |\creating |\and |\launching |\malware |\within |\the |\city |
limits |\will |\receive |\a |\fine |\and |\go |\to |\jail. |\What |\kind |\of |\rule |\is |\this? A. |\Policy B. |\Procedure C. |\Standard D. |\Law |- |\CORRECT |\ANSWERS |\✔✔D. |\Law Zarma |\is |\an |(ISC)² |\member |\and |\a |\security |\analyst |\for |\Triffid |
Corporation. |\One |\of |\Zarma's |\colleagues |\is |\interested |\in |\getting |\an |
(ISC)2 |\certification |\and |\asks |\Zarma |\what |\the |\test |\questions |\are |\like. |
What |\should |\Zarma |\do? A. |\Inform |(ISC) B. |\Explain |\the |\style |\and |\format |\of |\the |\questions, |\but |\no |\detail C. |\Inform |\the |\colleague's |\supervisor D. |\Nothing |- |\CORRECT |\ANSWERS |\✔✔B. |\Explain |\the |\style |\and |\format |\of |\the |\questions, |\but |\no |\detail Druna |\is |\a |\security |\practitioner |\tasked |\with |\ensuring |\that |\laptops |
are |\not |\stolen |\from |\the |\organization's |\offices. |\Which |\sort |\of |\security |\control |\would |\probably |\be |\best |\for |\this |\purpose?
Siobhan |\is |\an |(ISC)² |\member |\who |\works |\for |\Triffid |\Corporation |\as |\a |\security |\analyst. |\Yesterday, |\Siobhan |\got |\a |\parking |\ticket |\while |
shopping |\after |\work. |\What |\should |\Siobhan |\do? A. |\Inform |(ISC) B. |\Pay |\the |\parking |\ticket C. |\Inform |\supervisors |\at |\Triffid D. |\Resign |\employment |\from |\Triffid |- |\CORRECT |\ANSWERS |\✔✔B. |\Pay |
the |\parking |\ticket Hoshi |\is |\an |(ISC)² |\member |\who |\works |\for |\the |\Triffid |\Corporation |\as |
a |\data |\manager. |\Triffid |\needs |\a |\new |\firewall |\solution, |\and |\Hoshi |\is |
asked |\to |\recommend |\a |\product |\for |\Triffid |\to |\acquire |\and |
implement. |\Hoshi's |\cousin |\works |\for |\a |\firewall |\vendor; |\that |\vendor |
happens |\to |\make |\the |\best |\firewall |\available. |\What |\should |\Hoshi |\do? A. |\Recommend |\a |\different |\vendor/product B. |\Recommend |\the |\cousin's |\product C. |\Hoshi |\should |\ask |\to |\be |\recused |\from |\the |\task D. |\Disclose |\the |\relationship, |\but |\recommend |\the |\vendor/product |- |
CORRECT |\ANSWERS |\✔✔D. |\Disclose |\the |\relationship, |\but |\recommend |\the |\vendor/product Of |\the |\following, |\which |\would |\probably |\not |\be |\considered |\a |\threat? A. |\Natural |\disaster B. |\Unintentional |\damage |\to |\the |\system |\cause |\by |\a |\user
C. |\A |\laptop |\with |\sensitive |\data |\on |\it D. |\An |\external |\attacker |\trying |\to |\gain |\unauthorized |\access |\to |\the |
environment |- |\CORRECT |\ANSWERS |\✔✔C. |\A |\laptop |\with |\sensitive |
data |\on |\it Sophia |\is |\visiting |\Las |\Vegas |\and |\decides |\to |\put |\a |\bet |\on |\a |
particular |\number |\on |\a |\roulette |\wheel. |\This |\is |\an |\example |\of |
_________. A. |\Acceptance B. |\Avoidance C. |\Mitigation D. |\Transference |- |\CORRECT |\ANSWERS |\✔✔A. |\Acceptance In |\risk |\management |\concepts, |\a(n) |___________ |\is |\something |\or |
someone |\that |\poses |\risk |\to |\an |\organization |\or |\asset. A. |\Fear B. |\Threat C. |\Control D. |\Asset |- |\CORRECT |\ANSWERS |\✔✔B. |\Threat Who |\approves |\the |\incident |\response |\policy? A. |(ISC) B. |\Senior |\management
What |\is |\the |\risk |\associated |\with |\delaying |\resumption |\of |\full |\normal |
operations |\after |\a |\disaster? A. |\People |\might |\be |\put |\in |\danger B. |\The |\impact |\of |\running |\alternate |\operations |\for |\extended |\periods C. |\A |\new |\disaster |\might |\emerge D. |\Competition |- |\CORRECT |\ANSWERS |\✔✔B. |\The |\impact |\of |\running |
alternate |\operations |\for |\extended |\periods You |\are |\reviewing |\log |\data |\from |\a |\router; |\there |\is |\an |\entry |\that |
shows |\a |\user |\sent |\traffic |\through |\the |\router |\at |\11:45 |\am, |\local |
time, |\yesterday. |\This |\is |\an |\example |\of |\a(n) |_______. A. |\Incident B. |\Event C. |\Attack D. |\Threat |- |\CORRECT |\ANSWERS |\✔✔B. |\Event Which |\of |\the |\following |\are |\not |\typically |\involved |\in |\incident |
detection? A. |\Users B. |\Security |\analysts C. |\Automated |\tools D. |\Regulators |- |\CORRECT |\ANSWERS |\✔✔D. |\Regulators
Prachi |\works |\as |\a |\database |\administrator |\for |\Triffid, |\Inc. |\Prachi |\is |
allowed |\to |\add |\or |\delete |\users, |\but |\is |\not |\allowed |\to |\read |\or |
modify |\the |\data |\in |\the |\database |\itself. |\When |\Prachi |\logs |\onto |\the |
system, |\an |\access |\control |\list |(ACL) |\checks |\to |\determine |\which |
permissions |\Prachi |\has. In |\this |\situation, |\what |\is |\the |\database? A. |\The |\object B. |\The |\rule C. |\The |\subject D. |\The |\site |- |\CORRECT |\ANSWERS |\✔✔The |\object Gelbi |\is |\a |\Technical |\Support |\analyst |\for |\Triffid, |\Inc. |\Gelbi |\sometimes |\is |\required |\to |\install |\or |\remove |\software. |\Which |\of |\the |\following |
could |\be |\used |\to |\describe |\Gelbi's |\account? A. |\Privileged B. |\Internal C. |\External D. |\User |- |\CORRECT |\ANSWERS |\✔✔A. |\Privileged A |\human |\guard |\monitoring |\a |\hidden |\camera |\could |\be |\considered |\a |______ |\control. A. |\Detective B. |\Preventive
C. |\Anything |\either |\of |\them |\do |\will |\be |\attributed |\to |\Trina D. |\It |\is |\against |\the |\law |- |\CORRECT |\ANSWERS |\✔✔C. |\Anything |\either |
of |\them |\do |\will |\be |\attributed |\to |\Trina Which |\of |\the |\following |\is |\a |\biometric |\access |\control |\mechanism? A. |\A |\badge |\reader B. |\A |\copper |\key C. |\A |\fence |\with |\razor |\on |\it D. |\A |\door |\locked |\by |\a |\voiceprint |\identifier |- |\CORRECT |\ANSWERS |
✔✔D. |\A |\door |\locked |\by |\a |\voiceprint |\identifier Which |\of |\the |\following |\statements |\is |\true? A. |\Logical |\access |\controls |\can |\protect |\the |\IT |\environment |\perfectly; |
there |\is |\no |\reason |\to |\deploy |\any |\other |\controls. B. |\Physical |\access |\controls |\can |\protect |\the |\IT |\environment |\perfectly; |\there |\is |\no |\reason |\to |\deploy |\any |\other |\controls. C. |\Administrative |\access |\controls |\can |\protect |\the |\IT |\environment |
perfectly; |\there |\is |\no |\reason |\to |\deploy |\any |\other |\controls. D. |\It |\is |\best |\to |\use |\a |\blend |\of |\controls |\in |\order |\to |\provide |\optimum |\security. |- |\CORRECT |\ANSWERS |\✔✔D. |\It |\is |\best |\to |\use |\a |\blend |\of |
controls |\in |\order |\to |\provide |\optimum |\security. Which |\of |\the |\following |\would |\be |\considered |\a |\logical |\access |
control?
A. |\An |\iris |\reader |\that |\allows |\an |\employee |\to |\enter |\a |\controlled |
area. B. |\A |\fingerprint |\reader |\that |\allows |\an |\employee |\to |\enter |\a |
controlled |\area. C. |\A |\fingerprint |\reader |\that |\allows |\an |\employee |\to |\access |\a |\laptop |
computer. D. |\A |\chain |\attached |\to |\a |\laptop |\computer |\that |\connects |\it |\to |
furniture |\so |\it |\cannot |\be |\taken. |- |\CORRECT |\ANSWERS |\✔✔C. |\A |
fingerprint |\reader |\that |\allows |\an |\employee |\to |\access |\a |\laptop |
computer. Which |\of |\the |\following |\is |\probably |\most |\useful |\at |\the |\perimeter |\of |
a |\property? A. |\A |\safe B. |\A |\fence C. |\A |\data |\center D. |\A |\centralized |\log |\storage |\facility |- |\CORRECT |\ANSWERS |\✔✔B. |\A |
fence Handel |\is |\a |\senior |\manager |\at |\Triffid, |\Inc., |\and |\is |\in |\charge |\of |
implementing |\a |\new |\access |\control |\scheme |\for |\the |\company. |
Handel |\wants |\to |\ensure |\that |\employees |\who |\are |\assigned |\to |\new |
positions |\in |\the |\company |\do |\not |\retain |\whatever |\access |\they |\had |\in |\their |\old |\positions. |\Which |\method |\should |\Handel |\select? A. |\Role-based |\access |\controls |(RBAC)
Larry |\and |\Fern |\both |\work |\in |\the |\data |\center. |\In |\order |\to |\enter |\the |
data |\center |\to |\begin |\their |\workday, |\they |\must |\both |\present |\their |
own |\keys |(which |\are |\different) |\to |\the |\key |\reader, |\before |\the |\door |\to |\the |\data |\center |\opens. Which |\security |\concept |\is |\being |\applied |\in |\this |\situation? A. |\Defense |\in |\depth B. |\Segregation |\of |\duties C. |\Least |\privilege D. |\Dual |\control |- |\CORRECT |\ANSWERS |\✔✔D. |\Dual |\control Prachi |\works |\as |\a |\database |\administrator |\for |\Triffid, |\Inc. |\Prachi |\is |
allowed |\to |\add |\or |\delete |\users, |\but |\is |\not |\allowed |\to |\read |\or |
modify |\the |\data |\in |\the |\database |\itself. |\When |\Prachi |\logs |\onto |\the |
system, |\an |\access |\control |\list |(ACL) |\checks |\to |\determine |\which |
permissions |\Prachi |\has. In |\this |\situation, |\what |\is |\Prachi? A. |\The |\subject B. |\The |\rule C. |\The |\file D. |\The |\object |- |\CORRECT |\ANSWERS |\✔✔A. |\The |\subject Tekila |\works |\for |\a |\government |\agency. |\All |\data |\in |\the |\agency |\is |
assigned |\a |\particular |\sensitivity |\level, |\called |\a |"classification." |\Every |\
person |\in |\the |\agency |\is |\assigned |\a |"clearance" |\level, |\which |
determines |\the |\classification |\of |\data |\each |\person |\can |\access. What |\is |\the |\access |\control |\model |\being |\implemented |\in |\Tekila's |
agency? A. |\MAC |(mandatory |\access |\control) B. |\DAC |(discretionary |\access |\control) C. |\RBAC |(role-based |\access |\control D. |\FAC |(formal |\access |\control) |- |\CORRECT |\ANSWERS |\✔✔A. |\MAC |
(mandatory |\access |\control) Guillermo |\logs |\onto |\a |\system |\and |\opens |\a |\document |\file. |\In |\this |
example, |\Guillermo |\is: A. |\The |\subject B. |\The |\object C. |\The |\process D. |\The |\software |- |\CORRECT |\ANSWERS |\✔✔A. |\The |\subject A |\tool |\that |\monitors |\local |\devices |\to |\reduce |\potential |\threats |\from |
hostile |\software. A. |\NIDS |(network-based |\intrusion-detection |\systems B. |\Anti-malware C. |\DLP |(data |\loss |\prevention) D. |\Firewall |- |\CORRECT |\ANSWERS |\✔✔B. |\Anti-malware
A. |\Side |\channel B. |\DDOS C. |\On-path D. |\Physical |- |\CORRECT |\ANSWERS |\✔✔C. |\On-path A |\VLAN |\is |\a |_____ |\method |\of |\segmenting |\networks. A. |\Secret B. |\Physical C. |\Regulated D. |\Logical |- |\CORRECT |\ANSWERS |\✔✔D. |\Logical Triffid, |\Inc., |\has |\deployed |\anti-malware |\solutions |\across |\its |\internal |
IT |\environment. |\What |\is |\an |\additional |\task |\necessary |\to |\ensure |\this |\control |\will |\function |\properly? A. |\Pay |\all |\employees |\a |\bonus |\for |\allowing |\anti-malware |\solutions |\to |\be |\run |\on |\their |\systems B. |\Update |\the |\anti-malware |\solution |\regularly C. |\Install |\a |\monitoring |\solution |\to |\check |\the |\anti-malware |\solution D. |\Alert |\the |\public |\that |\this |\protective |\measure |\has |\been |\taken |- |
CORRECT |\ANSWERS |\✔✔B. |\Update |\the |\anti-malware |\solution |
regularly
Cyril |\wants |\to |\ensure |\all |\the |\devices |\on |\his |\company's |\internal |\IT |
environment |\are |\properly |\synchronized. |\Which |\of |\the |\following |
protocols |\would |\aid |\in |\this |\effort? A. |\FTP |(File |\Transfer |\Protocol) B. |\NTP |(Network |\Time |\Protocol) C. |\SMTP |(Simple |\Mail |\Transfer |\Protocol) D. |\HTTP |(Hypertext |\Transfer |\Protocol) |- |\CORRECT |\ANSWERS |\✔✔B. |
NTP |(Network |\Time |\Protocol) Barry |\wants |\to |\upload |\a |\series |\of |\files |\to |\a |\web-based |\storage |
service, |\so |\that |\people |\Barry |\has |\granted |\authorization |\can |\retrieve |\these |\files. |\Which |\of |\the |\following |\would |\be |\Barry's |\preferred |
communication |\protocol |\if |\he |\wanted |\this |\activity |\to |\be |\efficient |
and |\secure? A. |\SMTP |(Simple |\Mail |\Transfer |\Protocol) B. |\FTP |(File |\Transfer |\Protocol) C. |\SFTP |(Secure |\File |\Transfer |\Protocol) D. |\SNMP |(Simple |\Network |\Management |\Protocol) |- |\CORRECT |
ANSWERS |\✔✔C. |\SFTP |(Secure |\File |\Transfer |\Protocol) The |\common |\term |\for |\systems |\that |\ensure |\proper |\temperature |\and |\humidity |\in |\the |\data |\center. A. |\RBAC B. |\HVAC
