ISC2 CC Post Course Study Questions
The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a _________.
Procedure
A vendor sells a particular operating system (OS). In order to deploy the OS securely on different platforms, the vendor publishes several sets of instructions on how to install it, depending on which platform the customer is using. This is an example of a ________.
Procedure This is a set of instructions to perform a particular task, so it is a procedure (several procedures, actually—one for each platform).
What is the goal of an incident response effort?
Reduce the impact of incidents on operations
To adequately ensure availability for a data center, it is best to plan for both resilience and _______ of the elements in the facility.
Redundancy
Which of the following are not typically involved in incident detection? A) Users B) Security analysts C) Automated tools D) Regulators
Regulators
Data _____ is data left behind on systems/media after normal deletion procedures have been attempted.
Remanence
What is the overall objective of a disaster recovery (DR) effort?
Return to normal, full operations DR efforts are intended to return the organization to normal, full operations.
An IoT (Internet of Things) device is typified by its effect on or use of the _____ environment.
Physical IoT devices typically have some interaction with the physical realm, either by having some physical effect (a vacuum cleaner, refrigerator, light) or by monitoring the physical environment itself (a camera, sensor, etc.).
The Triffid Corporation publishes a strategic overview of the company's intent to secure all the data the company possesses. This document is signed by Triffid senior management. What kind of document is this?
Policy
The senior leadership of Triffid Corporation decides that the best way to minimize liability for the company is to demonstrate the company's commitment to adopting best practices recognized throughout the industry. Triffid management issues a document that explains that Triffid will follow the best practices published by SANS, an industry body that addresses computer and information security. The Triffid document is a ______, and the SANS documents are ________. A) Law, policy B) Policy, standard C) Policy, law D) Procedure, procedure
Policy, standard The Triffid document is a strategic, internal rule published by senior management; this is a policy. The SANS documents are industry best practices recognized globally; these are standards. A and C are incorrect, because neither document was issued by a governmental body, so they are not laws. D is incorrect because neither document is a detailed set of instructions, so they are not procedures.
By far, the most crucial element of any security instruction program.
Preserve health and human safety This is the paramount rule in all security efforts.
If two people want to use symmetric encryption to conduct a confidential conversation, how many keys do they need? A) 1 B) 3 C) 8 D) none
1
Which of the following would be considered a logical access control? A) An iris reader that allows an employee to enter a controlled area B) A fingerprint reader that allows an employee to enter a controlled area C) A fingerprint reader that allows an employee to access a laptop computer D) A chain attached to a laptop computer that connects it to furniture so it cannot be taken
A fingerprint reader that allows an employee to access a laptop computer Logical access controls limit who can gain user access to a device/system.
Which of the following probably poses the most risk? A) A high-likelihood, high-impact event B) A high-likelihood, low-impact event C) A low-likelihood, high-impact event D) A low-likelihood, low-impact event
A high-likelihood, high-impact event
Which of these is an example of a physical access control mechanism?
A lock on a door
Which of the following is an example of a "something you are" authentication factor? A) A credit card presented to a cash machine B) Your password and PIN C) A user ID D) A photograph of your face
A photograph of your face
Which of the following is not an appropriate control to add to privileged accounts
A) Increased logging B) Multifactor authentication C) Increased auditing D) Security deposit
Which of the following will have the most impact on determining the duration of log retention?
A) Personal preference B) Applicable laws C) Industry standards D) Type of storage media
Which of the following is an example of a "something you know" authentication factor?
A) User ID B) Password C) Fingerprint D) Iris scan
Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction?
Administrative Both the policy and the instruction are administrative controls; rules and governance are administrative.
Preenka works at an airport. There are red lines painted on the ground next to the runway; Preenka has been instructed that nobody can step or drive across a red line unless they request, and get specific permission from, the control tower. This is an example of a(n)______ control.
Administrative The process of requesting and getting permission, and the painted signage, are examples of administrative controls. A is incorrect; while the line is painted on the ground (and the ground is a tangible object), the line does not actually act to prevent or control anything—the line is a symbol and indicator; Preenka could easily walk across the line, if Preenka chose to do so.
Data retention periods apply to ____ data. A) Medical B) Sensitive C) All D) Secret
All
Security needs to be provided to ____ data. A) Restricted B) Illegal C) Private D) All
All
A tool that monitors local devices to reduce potential threats from hostile software.
Anti-malware
Within the organization, who can identify risk?
Anyone
Trina and Doug both work at Triffid, Inc. Doug is having trouble logging into the network. Trina offers to log in for Doug, using Trina's credentials, so that Doug can get some work done. What is the problem with this?
Anything either of them do will be attributed to Trina
In risk management concepts, a(n) _________ is something a security practitioner might need to protect.
Asset
Of the following, which would probably not be considered a threat? A) Natural Disaster B) Unintentional damage to the system caused by a user C) A laptop with sensitive data on it D) An external attacker trying to gain unauthorized access to the environment
C) A laptop with sensitive data on it
You are reviewing log data from a router; there is an entry that shows a user sent traffic through the router at 11:45 am, local time, yesterday. This is an example of a(n) _______.
Event An event is any observable occurrence within the IT environment. (Any observable occurrence in a network or system.
Bruce is the branch manager of a bank. Bruce wants to determine which personnel at the branch can get access to systems, and under which conditions they can get access. Which access control methodology would allow Bruce to make this determination?
DAC (discretionary access control) Discretionary access control is a model wherein permissions are granted by operational managers, allowing them to make the determination of which personnel can get specific access to particular assets controlled by the manager.
Which of the following roles does not typically require privileged account access? (D3, L3.1.1) A) Security administrator B) Data entry professional C) System administrator D) Help Desk technician
Data entry professional Data entry professionals do not usually need privileged access.
Archiving is typically done when _________.
Data is not needed for regular work purposes
At Parvi's place of work, the perimeter of the property is surrounded by a fence; there is a gate with a guard at the entrance. All inner doors only admit personnel with badges, and cameras monitor the hallways. Sensitive data and media are kept in safes when not in use. This is an example of:
Defense in depth Defense in depth is the use of multiple different (and different types of) overlapping controls to provide sufficient security.
When data has reached the end of the retention period, it should be _____.
Destroyed
Hoshi is an ISC2 member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do?
Disclose the relationship, but recommend the vendor/product According to the third Canon of the ISC2 Code of Ethics, members are required to "provide diligent and competent service to principals." Hoshi's principal here is Triffid, Hoshi's employer. It would be inappropriate for Hoshi to select the cousin's product solely based upon the family relationship; however, if the cousin's product is, in fact, the best choice for Triffid, then Hoshi should recommend that product. In order to avoid any appearance of impropriety or favoritism, Hoshi needs to declare the relationship when making the recommendation.
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that operational managers have the utmost personal choice in determining which employees get access to which systems/data. Which method should Handel select?
Discretionary access controls (DAC) DAC gives managers the most choice in determining which employees get access to which assets.
Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens. Which security concept is being applied in this situation?
Dual control This is an example of dual control, where two people, each with distinct authentication factors, must be present to perform a function. A is incorrect; defense in depth requires multiple controls protecting assets—there is no description of multiple controls in this situation.
Which of the following is probably the main purpose of configuration management? A) Keeping out intruders B) Ensuring the organization adheres to privacy laws C) Keeping secret material protected D) Ensuring only authorized modifications are made to the IT environment
Ensuring only authorized modifications are made to the IT environment
All visitors to a secure facility should be _______.
Escorted
Zarma is an ISC2 member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an ISC2 certification and asks Zarma what the test questions are like. What should Zarma do?
Explain the style and format of the questions, but no detail
All of the following are important ways to practice an organization disaster recovery (DR) effort; which one is the most important? A) Practice restoring data from backups B) Facility evacuation drills C) Desktop/tabletop testing of the plan D) Running the alternate operating site to determine if it could handle critical functions in times of emergency
Facility evacuation drills The only answer that directly addresses health and human safety, which is the paramount concern of all security efforts.
True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs.
False. Business continuity planning is proactive preparation for restoring operations after disruption. Members from across the organizations participate in the planning to ensure all systems, processes and operations are accounted for in the plan.
Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of the following except: A) Sign-in sheet/tracking log B) Fence C) Badges that differ from employee badges D) Receptionist
Fence
A device that filters network traffic in order to enhance overall security/performance.
Firewall
A device that is commonly useful to have on the perimeter between two networks.
Firewall
A tool that filters inbound traffic to reduce potential threats.
Firewall
Network traffic originating from outside the organization might be admitted to the internal IT environment or blocked at the perimeter by a ________.
Firewall
Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed. Which security solution can often identify and potentially counter this risk?
Firewall Firewalls can often identify hostile inbound traffic, and potentially counter it.
Which of the following is not a typical benefit of cloud computing services? (D4.3 L4.3.2) A) Reduced cost of ownership/investment B) Metered usage C) Scalability D) Freedom from legal constraints
Freedom from legal constraints
Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why?
Gary's actions look like an attack
Triffid, Inc., has many remote workers who use their own IT devices to process Triffid's information. The Triffid security team wants to deploy some sort of sensor on user devices in order to recognize and identify potential security issues. Which of the following is probably most appropriate for this specific purpose?
HIDS (host-based intrusion-detection systems) Host-based intrusion-detection systems are expressly designed for this purpose; each HIDS is installed on each endpoint machine.
Cheryl is browsing the Web. Which of the following protocols is she probably using?
HTTP (80)
The common term for systems that ensure proper temperature and humidity in the data center.
HVAC
Siobhan is an ISC2 member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do? A) Inform ISC2 B) Pay the parking ticket C) Inform supervisors at Triffid D) Resign employment from Triffid
Pay the parking ticket
Glen is an ISC2 member. Glen receives an email from a company offering a set of answers for an ISC2 certification exam. What should Glen do?
Inform ISC2
Which common cloud service model offers the customer the most control of the cloud environment?
Infrastructure as a service (IaaS)
Chad is a security practitioner tasked with ensuring that the information on the organization's public website is not changed by anyone outside the organization. This task is an example of ensuring _________.
Integrity Preventing unauthorized modification is the definition of integrity.
The logical address of a device connected to the network or Internet.
Internet Protocol (IP) address
An attacker outside the organization attempts to gain access to the organization's internal files. This is an example of a(n) ______.
Intrusion
A bollard is a post set securely in the ground in order to prevent a vehicle from entering an area or driving past a certain point. Bollards are an example of ______ controls.
Physical
Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don't collide with pedestrians. What is probably the most effective type of control for this task? A) Administrative B) Technical C) Physical D) Nuanced
Physical
Which of the following statements is true? A) Logical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls B) Physical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls C) Administrative access controls can protect the IT environment perfectly; there is no reason to deploy any other controls D) It is best to use a blend of controls in order to provide optimum security
It is best to use a blend of controls in order to provide optimum security
What is the goal of Business Continuity efforts?
Keep critical business functions operational
All of the following are typically perceived as drawbacks to biometric systems, except: (D3, L3.2.1) A) Lack of accuracy B) Potential privacy concerns C) Retention of physiological data past the point of employment D) Legality
Lack of accuracy Biometric systems can be extremely accurate, especially when compared with other types of access controls.
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachis logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. Which security concept is being applied in this situation?
Least privilege This is an example of least privilege; Prachi needs to be able to add or delete users from the database in order to perform as a database administrator, but does not need to view or modify the data in the database itself in order to perform the job.
A VLAN is a _____ method of segmenting networks.
Logical
Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a "classification." Every person in the agency is assigned a "clearance" level, which determines the classification of data each person can access. What is the access control model being implemented in Tekila's agency?
MAC (mandatory access control)
Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a "classification." Every person in the agency is assigned a "clearance" level, which determines the classification of data each person can access. What is the access control model being implemented in Tekila's agency?
MAC (mandatory access control) This is an example of how MAC can be implemented. B is incorrect; in discretionary access control, operational managers are granted authority to determine which personnel have access to assets the manager controls. C is incorrect; in RBAC, personnel might not have clearance levels, and assets might not have classifications. D is incorrect; FAC is not a term used in this context, and is only included here as a distractor.
For which of the following systems would the security concept of availability probably be most important? A) Medical systems that store patient data B) Retail records of past transactions C) Online streaming of camera feeds that display historical works of art in museums around the world D) Medical systems that monitor patient condition in an intensive care unit
Medical systems that monitor patient condition in an intensive care unit
Cyril wants to ensure all the devices on his company's internal IT environment are properly synchronized. Which of the following protocols would aid in this effort?
NTP (Network Time Protocol)
A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________.
Non-repudiation
Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of ___________.
Risk tolerance
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions. Which method should Handel select?
Role-based access controls (RBAC) RBAC can aid in reducing "privilege creep," where employees who stay with the company for a long period of time might get excess permissions within the environment.
An organization must always be prepared to ______ when applying a patch.
Rollback
Barry wants to upload a series of files to a web-based storage service, so that people Barry has granted authorization can retrieve these files. Which of the following would be Barry's preferred communication protocol if he wanted this activity to be efficient and secure?
SFTP (Secure File Transfer Protocol)
A tool that aggregates log data from multiple sources, and typically analyzes it and reports potential threats.
SIEM
One of the benefits of computer-based training (CBT):
Scalable
Proper alignment of security policy and business goals within the organization is important because:
Security policy that conflicts with business goals can inhibit productivity
Who dictates policy?
Senior management Only senior management has the legal and financial authority to issue policy and accept risk on behalf of the organization.
Which common cloud service model only offers the customer access to a given application?
Software as a service (SaaS)
ISC2 publishes a Common Body of Knowledge (CBK) that IT security practitioners should be familiar with; this is recognized throughout the industry as a set of material that is useful for practitioners to refer to. Certifications can be issued for demonstrating expertise in this Common Body of Knowledge. What kind of document is the Common Body of Knowledge?
Standard The Common Body of Knowledge is used throughout the industry, recognized among many people, countries and organizations. This is a standard.
Tina is an ISC2 member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do?
Stop participating in the group The ISC2 Code of Ethics requires that members "protect society, the common good, necessary public trust and confidence, and the infrastructure"; this would include a prohibition against disseminating and deploying malware for offensive purposes. However, the Code does not make ISC2 members into law enforcement officers; there is no requirement to get involved in legal matters beyond the scope of personal responsibility. Tina should stop participating in the group, and perhaps (for Tina's own protection) document when participation started and stopped, but no other action is necessary on Tina's part.
In order for a biometric security to function properly, an authorized person's physiological data must be ______.
Stored
Suvid works at Triffid, Inc. When Suvid attempts to log in to the production environment, a message appears stating that Suvid has to reset the password. What may have occurred to cause this?
Suvid's password has expired
Jengi is setting up security for a home network. Jengi decides to configure MAC address filtering on the router, so that only specific devices will be allowed to join the network. This is an example of a(n)_______ control.
Technical
The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.) are at all times, so the city has GPS transmitters installed in all the vehicles. What kind of control is this?
Technical A GPS unit is part of the IT environment, so this is a technical control. While a GPS unit is a tangible object, it is also part of the IT environment, and it does not interact directly with other physical objects in order to prevent action, so "technical" is a better descriptor.
Olaf is a member of ISC2 and a security analyst for Triffid Corporation. During an audit, Olaf is asked whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not adhering to that standard in that particular situation, but that saying this to the auditors will reflect poorly on Triffid. What should Olaf do?
Tell the auditors the truth
The European Union (EU) law that grants legal protections to individual human privacy.
The General Data Protection Regulation
What is the risk associated with resuming full normal operations too soon after a DR effort?
The danger posed by the disaster might still be present Resuming full normal operations too soon after a disaster might mean personnel are put in danger by whatever effects the disaster caused.
For which of the following assets is integrity probably the most important security aspect? A) One frame of a streaming video B) The file that contains passwords used to authenticate users C) The color scheme of a marketing website D) Software that checks the spelling of product descriptions for a retail website
The file that contains passwords used to authenticate users If a password file is modified, the impact to the environment could be significant; there is a possibility that all authorized users could be denied access, or that anyone (including unauthorized users) could be granted access. The integrity of the password file is probably the most crucial of the four options listed.
What is the risk associated with delaying resumption of full normal operations after a disaster?
The impact of running alternate operations for extended periods
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the database?
The object
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the database?
The object Prachi is manipulating the database, so the database is the object in the subject-object-rule relationship in this case.
The output of any given hashing algorithm is always _____.
The same length Hashing algorithms create output of a fixed length.
Guillermo logs onto a system and opens a document file. In this example, Guillermo is:
The subject
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is Prachi?
The subject
In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset.
Threat
Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an additional task necessary to ensure this control will function properly?
Update the anti-malware solution regularly
Which type of fire-suppression system is typically the least expensive?
Water