ISC CC test
If two people want to use symmetric encryption to conduct a confidential conversation, how many keys do they need? (D5.1, L5.1.3) A) 1 B) 3 C) 8 D) none
A) 1 In symmetric cryptography, confidential communication is achieved through the use of one, shared key. A is the correct answer. B, C and D are incorrect; symmetric encryption uses one shared key between parties for confidential communication.
Which of the following probably poses the most risk? (D1, L1.2.1) A) A high-likelihood, high-impact event B) A high-likelihood, low-impact event C) A low-likelihood, high-impact event D) A low-likelihood, low-impact event
A) A high-likelihood, high-impact event
Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel. This is an example of _________. (D1, L1.2.2) A) Acceptance B) Avoidance C) Mitigation D) Transference
A) Acceptance
Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the documents into a safe at the end of the workday, where they are locked up until the following workday. What kind of control is the process of putting the documents into the safe? (D1, L1.3.1) A) Administrative B) Tangential C) Physical D) Technical
A) Administrative
Which of the following is likely to be included in the business continuity plan? (D2, L2.2.1) A) Alternate work areas for personnel affected by a natural disaster B) The organization's strategic security approach C) Last year's budget information D) Log data from all systems
A) Alternate work areas for personnel affected by a natural disaster
A human guard monitoring a hidden camera could be considered a ______ control. (D3, L3.2.1) A) Detective B) Preventive C) Deterrent D) Logical
A) Detective A is correct. The guard monitoring the camera can identify anomalous or dangerous activity; this is a detective control. B is incorrect; neither the guard nor the camera is actually preventing any activity before it occurs. C is incorrect; because the attacker is unaware of the guard and the camera, there is no deterrent benefit. D is incorrect; the guard is a physical control.
Prina is a database manager. Prina is allowed to add new users to the database, remove current users and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself. This is an example of: (D3, L3.3.1) A) Role-based access controls (RBAC) B) Mandatory access controls (MAC) C) Discretionary access controls (DAC) D) Alleviating threat access controls (ATAC)
A) Role-based access controls (RBAC)
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the database? (D3, L3.1.1) A) The object B) The rule C) The subject D) The site
A) The object
If two people want to use asymmetric communication to conduct a confidential conversation, how many keys do they need? (D5.1, L5.1.2) A) 1 B) 4 C) 8 D) 11
B) 4 In asymmetric encryption, each party needs their own key pair (a public key and a private key) to engage in confidential communication. B is the correct answer. A, C and D are incorrect; in asymmetric encryption, each party needs their own key pair for confidential communication.
Carol is browsing the Web. Which of the following ports is she probably using? (D4, L4.1.2) A) 12 B) 80 C) 247 D) 999
B) 80
Carol is browsing the Web. Which of the following ports is she probably using? (D4, L4.1.2) A) 12 B) 80 C) 247 D) 999
B) 80 - HyperText Transfer Protocol (HTTP) is the basis of nearly all web browser traffic on the internet. 12 - N/A 247 - N/A 999 - N/A
Which of the following is probably most useful at the perimeter of a property? (D3, L3.2.1) A) A safe B) A fence C) A data center D) A centralized log storage facility
B) A fence
Which of these is an example of a physical access control mechanism? (D3, L3.2.1) A) Software-based firewall at the perimeter of the network B) A lock on a door C) Network switches that filter according to MAC addresses D) A process that requires two people to act at the same time to perform a function
B) A lock on a door
A tool that monitors local devices to reduce potential threats from hostile software. (D4.2 L4.2.3) A) NIDS (network-based intrusion-detection systems) B) Anti-malware C) DLP (data loss prevention) D) Firewall
B) Anti-malware B is correct; this is the purpose of anti-malware solutions. A, C and D are incorrect; these solutions are not typically designed to identify and counter malware.
Proper alignment of security policy and business goals within the organization is important because: (D5.3, L5.3.1) A) Security should always be as strict as possible B) Security policy that conflicts with business goals can inhibit productivity C) Bad security policy can be illegal D) Security is more important than business
B) Security policy that conflicts with business goals can inhibit productivity
"Wiring _____" is a common term meaning "a place where wires/conduits are often run, and equipment can be placed, in order to facilitate the use of local networks." (D4.3 L4.3.1) A) Shelf B) Closet C) Bracket D) House
B) Closet "Wiring closet" is the common term used to described small spaces, typically placed on each floor of a building, where IT infrastructure can be placed. A, C and D are incorrect; these are not common terms used in this manner.
Logs should be reviewed ______. (D5.1, L5.1.2) A) Every Thursday B) Continually C) Once per calendar year D) Once per fiscal year
B) Continually
Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina's selection and determine whether to approve the purchase. This is a description of: (D3, L3.1.1) A) Two-person integrity B) Segregation of duties C) Software D) Defense in depth
B) Segregation of duties
Which of the following would be considered a logical access control? (D3, L3.3.1) A) An iris reader that allows an employee to enter a controlled area B) A fingerprint reader that allows an employee to enter a controlled area C) A fingerprint reader that allows an employee to access a laptop computer D) A chain attached to a laptop computer that connects it to furniture so it cannot be taken
C) A fingerprint reader that allows an employee to access a laptop computer. Logical access controls limit who can gain user access to a device/system. C is the correct answer. A, B and D are all physical controls, as they limit physical access to areas and assets.
Of the following, which would probably not be considered a threat? (D1, L1.2.1) A) Natural disaster B) Unintentional damage to the system caused by a user C) A laptop with sensitive data on it D) An external attacker trying to gain unauthorized access to the environment
C) A laptop with sensitive data on it
Data retention periods apply to ____ data. (D5.1, L5.1.1) A) Medical B) Sensitive C) All D) Secret
C) All
Trina and Doug both work at Triffid, Inc. Doug is having trouble logging into the network. Trina offers to log in for Doug, using Trina's credentials, so that Doug can get some work done.What is the problem with this? (D3, L3.3.1) A) Doug is a bad person B) If Trina logs in for Doug, then Doug will never be encouraged to remember credentials without assistance C) Anything either of them do will be attributed to Trina D) It is against the law
C) Anything either of them do will be attributed to Trina
A tool that inspects outbound traffic to reduce potential threats. (D4.2 L4.2.3) A) NIDS (network-based intrusion-detection systems) B) Anti-malware C) DLP (data loss prevention) D) Firewall
C) DLP (data loss prevention) Egress monitoring is used to regulate data leaving the organizations IT environemnt. The term currently used is conjunction with this effor is data loss prevention or data leak protection. The DLP solution deployed so that it can inspect all forms of data leaving the organization.
Archiving is typically done when _________. (D5.1, L5.1.1) A) Data is ready to be destroyed B) Data has lost all value C) Data is not needed for regular work purposes D) Data has become illegal
C) Data is not needed for regular work purposes Archiving is the action of moving data from the production environment to long-term storage. C is the correct answer. Archived data still has value and is not ready to be destroyed; it is just not used on a regular basis. Illegal data should not be in the environment at all.
At Parvi's place of work, the perimeter of the property is surrounded by a fence; there is a gate with a guard at the entrance. All inner doors only admit personnel with badges, and cameras monitor the hallways. Sensitive data and media are kept in safes when not in use. (D3, L3.1.1) This is an example of: A) Two-person integrity B) Segregation of duties C) Defense in depth D) Penetration testing
C) Defense in depth
All visitors to a secure facility should be _______. (D3, L3.2.1) A) Fingerprinted B) Photographed C) Escorted D) Required to wear protective equipment
C) Escorted C is correct. In a secure facility, visitors should be escorted by an authorized person. A is incorrect; it is not feasible to fingerprint every visitor to a facility. Moreover, it might not be legal, depending on the jurisdiction. B is incorrect; some facilities may be in jurisdictions that restrict the use of photographic surveillance in the workplace. D is incorrect; not all secure facilities require the use of protective equipment.
Aphrodite is a member of ISC2 and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do? (D1, L1.5.1) A) Inform ISC2 B) Inform law enforcement C) Inform Triffid management D) Nothing
C) Inform Triffid management
A _____ is a record of something that has occurred. (D3, L3.2.1) A) Biometric B) Law C) Log D) Firewall
C) Log
Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don't collide with pedestrians. What is probably the most effective type of control for this task? (D1, L1.3.1) A) Administrative B) Technical C) Physical D) Nuanced
C) Physical
Security needs to be provided to ____ data. (D5.1, L5.1.1) A) Restricted B) Illegal C) Private D) All
D) All D is the correct answer. All data needs some form of security; even data that is not sensitive (such as data intended for public view) needs protection to ensure availability. A, B and C are incorrect; all data needs some form of security protection.
Which of these is the most important reason to conduct security instruction for all employees. (D5.4, L5.4.1) A) Reduce liability B) Provide due diligence C) It is a moral imperative D) An informed user is a more secure user
D) An informed user is a more secure user
Within the organization, who can identify risk? (D1, L1.2.2) A) The security manager B) Any security team member C) Senior management D) Anyone
D) Anyone
The concept that the deployment of multiple types of controls provides better security than using a single type of control. (D4.3 L4.3.3) A) VPN B) Least privilege C) Internet D) Defense in depth
D) Defense in depth
The concept that the deployment of multiple types of controls provides better security than using a single type of control. (D4.3 L4.3.3) A) VPN B) Least privilege C) Internet D) Defense in depth
D) Defense in depth D is correct; defense in depth involves multiple types of controls to provide better security. A is incorrect; a virtual private network protects communication traffic over untrusted media, but does not involve multiple types of controls. B is incorrect; the principle of least privilege is a system of access control. C is incorrect; the internet is an untrusted medium.
A means to allow remote users to have secure access to the internal IT environment. (D4.3 L4.3.3) A) Internet B) VLAN C) MAC D) VPN
D) VPN D is correct; a virtual private network protects communication traffic over untrusted media. A is incorrect; the internet is an untrusted medium. B is incorrect; VLANs are used to segment portions of the internal environment. C is incorrect; MAC is the physical address of a given networked device.
______ is used to ensure that configuration management activities are effective and enforced. (D5.2, L5.2.1) A) Inventory B) Baseline C) Identification D) Verification and audit
D) Verification and audit Verification and audit are methods we use to review the IT environment to ensure that configuration management activities have taken place and are achieving their intended purpose. D is the correct answer. A, B and C are incorrect; while these are terms related to configuration management, the answer is verification and audit.
All of the following are typically perceived as drawbacks to biometric systems, except: (D3, L3.2.1) A) Lack of accuracy B) Potential privacy concerns C) Retention of physiological data past the point of employment D) Legality
A) Lack of accuracy
Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed. Which security solution can often identify and potentially counter this risk? (D4.2 L4.2.2) A) Firewall B) Turnstile C) Anti-malware D) Badge system
A) Firewall
Dieter wants to send a message to Lupa and wants to be sure that Lupa knows the message has not been modified in transit. What technique/tool could Dieter use to assist in this effort? (D5.1, L5.1.3) A) Hashing B) Clockwise rotation C) Symmetric encryption D) Asymmetric encryption
A) Hashing Hashing is a means to provide an integrity check. A is the correct answer. B is incorrect; this term is meaningless, and used here only as a distractor. C and D are incorrect; neither symmetric encryption nor asymmetric encryption provides message integrity.
Dieter wants to send a message to Lupa and wants to be sure that Lupa knows the message has not been modified in transit. What technique/tool could Dieter use to assist in this effort? (D5.1, L5.1.3) A) Hashing B) Clockwise rotation C) Symmetric encryption D) Asymmetric encryption
A) Hashing Hashing is a means to provide an integrity check. A is the correct answer. B is incorrect; this term is meaningless, and used here only as a distractor. C and D are incorrect; neither symmetric encryption nor asymmetric encryption provides message integrity. hashing is a process used in computing to convert data (such as text or files) into a fixed-size string of characters, typically represented as a sequence of alphanumeric characters. The output of the hashing process is called a hash value or hash code. Data Integrity; Password Storage; Data Indexing; Digital Signatures. Even a small change in the input data, such as changing "hello" to "Hello", will produce a significantly different hash value.
All of the following are typically perceived as drawbacks to biometric systems, except: (D3, L3.2.1) A) Lack of accuracy B) Potential privacy concerns C) Retention of physiological data past the point of employment D) Legality
A) Lack of accuracy A is correct. Biometric systems can be extremely accurate, especially when compared with other types of access controls. B, C and D are all potential concerns when using biometric data, so those answers are incorrect in this context.
Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits. The municipal code is a ______, and the Triffid checklist is a ________. (D1, L1.4.2) A) Law, procedure B) Standard, law C) Law, standard D) Policy, law
A) Law, procedure
Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a "classification." Every person in the agency is assigned a "clearance" level, which determines the classification of data each person can access. What is the access control model being implemented in Tekila's agency? (D3, L3.3.1) A) MAC (mandatory access control) B) DAC (discretionary access control) C) RBAC (role-based access control) D) FAC (formal access control)
A) MAC (mandatory access control)
Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove software. Which of the following could be used to describe Gelbi's account? (D3, L3.1.1) A) Privileged B) Internal C) External D) User
A) Privileged A is Correct. This is the description of a privileged account; an account that typically needs greater permissions than a basic user. B and C are incorrect; the question does not specify whether Gelbi connects to the environment from within the network, or from outside. D is incorrect; this is too vague—Gelbi is a user, but has permissions that are typically greater than what basic users have.
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions. Which method should Handel select? (D3, L3.3.1) A) Role-based access controls (RBAC) B) Mandatory access controls (MAC) C) Discretionary access controls (DAC) D) Logging
A) Role-based access controls (RBAC)
Triffid, Inc., wants to host streaming video files for the company's remote users, but wants to ensure the data is protected while it's streaming. Which of the following methods are probably best for this purpose? (D5.1, L5.1.3) A) Symmetric encryption B) Hashing C) Asymmetric encryption D) VLANs
A) Symmetric encryption A is the correct answer; symmetric encryption offers confidentiality of data with the least amount of processing overhead, which makes it the preferred means of protecting streaming data. B is incorrect; hashing would not provide confidentiality of the data. C is incorrect; asymmetric encryption requires more processing overhead than symmetric encryption, and is therefore not preferable for streaming purposes. D is incorrect; VLANs are useful for logical segmentation of networks, but do not serve a purpose for streaming data to remote users.
The output of any given hashing algorithm is always _____. (D5.1, L5.1.3) A) The same length B) The same characters C) The same language D) Different for the same inputs
A) The same length The output of any given hashing algorithm is always the same length regardless of the input data size. Hashing algorithms produce a fixed-size output, often represented as a sequence of characters or bytes. This fixed-length output is characteristic of hashing and ensures consistency in the representation of hashed data. Regardless of the size or complexity of the input data, the resulting hash value will always have the same length.
Guillermo logs onto a system and opens a document file. In this example, Guillermo is: (D3, L3.1.1) A) The subject B) The object C) The process D) The software
A) The subject
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is Prachi? (D3, L3.1.1) A) The subject B) The rule C) The file D) The object
A) The subject
The organization should keep a copy of every signed Acceptable Use Policy (AUP) on file, and issue a copy to _______. (D5.3, L5.3.1) A) The user who signed it B) The regulators overseeing that industry C) Lawmakers D) The Public Relations office
A) The user who signed it
Which type of fire-suppression system is typically the safest for humans? (D4.3 L4.3.1) A) Water B) Dirt C) Oxygen-depletion D) Gaseous
A) Water
Which type of fire-suppression system is typically the least expensive? (D4.3 L4.3.1) A) Water B) Dirt C) Oxygen-depletion D) Gaseous
A) Water Water is typically the least expensive type of fire-suppression system, as water is one of the most common chemicals on the planet. A is correct. B is incorrect; dirt is usually only used in the suppression of forest fires. C and D are incorrect; gaseous/oxygen depletion systems are typically much, much more expensive than water-based systems.
When Pritha started working for Triffid, Inc., Pritha had to sign a policy that described how Pritha would be allowed to use Triffid's IT equipment. What policy was this? (D5.3, L5.3.1) A) The organizational security policy B) The acceptable use policy (AUP) C) The bring-your-own-device (BYOD) policy D) The workplace attire policy
B) The acceptable use policy (AUP) The AUP describes how users will be permitted to use the organization's IT assets.
A tool that monitors local devices to reduce potential threats from hostile software. (D4.2 L4.2.3) A) NIDS (network-based intrusion-detection systems) B) Anti-malware C) DLP (data loss prevention) D) Firewall
B) Anti-malware NIDS (Network-based Intrusion Detection Systems) are security tools that monitor network traffic for signs of suspicious activity or potential security threats. NIDS focuses on analyzing network packets and traffic patterns to detect anomalies or known attack signatures. However, NIDS operates at the network level and is primarily concerned with monitoring and analyzing traffic passing through the network. It typically does not have direct visibility into individual devices or endpoints on the network.
Which of the following will have the most impact on determining the duration of log retention? (D3, L3.2.1) A) Personal preference B) Applicable laws C) Industry standards D) Type of storage media
B) Applicable laws B is correct. Laws will have the most impact on policies, including log retention periods, because laws cannot be contravened. All the other answers may have some impact on retention periods, but they will never have as much impact as applicable laws.
What is the risk associated with delaying resumption of full normal operations after a disaster? (D2, L2.3.1) A) People might be put in danger B) The impact of running alternate operations for extended periods C) A new disaster might emerge D) Competition
B) The impact of running alternate operations for extended periods
Bluga works for Triffid, Inc. as a security analyst. Bluga wants to send a message to several people and wants the recipients to know that the message definitely came from Bluga. What type of encryption should Bluga use? (D5.1, L5.1.3) A) Symmetric encryption B) Asymmetric encryption C) Small-scale encryption D) Hashing
B) Asymmetric encryption With asymmetric encryption, Bluga can provide proof-of-origin for the message, for multiple recipients. B is the correct answer. A is incorrect; symmetric encryption does not provide a capability for proof of origin. C is incorrect; this term is meaningless, and used here only as a distractor. D is incorrect; hashing is not encryption, and does not provide proof of origin. Hashing is not suitable for Bluga's requirement because it is not reversible. Once a message is hashed, it cannot be decrypted to reveal the original message. Additionally, hashing alone does not provide a way to ensure that the message came from a specific sender.
Which of the following roles does not typically require privileged account access? (D3, L3.1.1) A) Security administrator B) Data entry professional C) System administrator D) Help Desk technician
B) Data entry professional
Zarma is an ISC2 member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an ISC2 certification and asks Zarma what the test questions are like. What should Zarma do? (D1, L1.5.1) A) Inform ISC2 B) Explain the style and format of the questions, but no detail C) Inform the colleague's supervisor D) Nothing
B) Explain the style and format of the questions, but no detail
The common term for systems that ensure proper temperature and humidity in the data center. (D4.3 L4.3.1) A) RBAC B) HVAC C) MAC
B) HVAC
The common term for systems that ensure proper temperature and humidity in the data center. (D4.3 L4.3.1) A) RBAC B) HVAC C) MAC
B) HVAC HVAC stands for "heating, ventilation and air conditioning," and is a common industry term. B is correct.
The logical address of a device connected to the network or Internet. (D4.1 L4.1.1) A) Media access control (MAC) address B) Internet Protocol (IP) address C) Geophysical address D) Terminal address
B) Internet Protocol (IP) address MAC is physical address
The logical address of a device connected to the network or Internet. (D4.1 L4.1.1) A) Media access control (MAC) address B) Internet Protocol (IP) address C) Geophysical address D) Terminal address
B) Internet Protocol (IP) address The IP address is the logical address assigned to a device connected to a network or the Internet. B is the correct answer. A is incorrect; the MAC address of a device is its physical address.
Cyril wants to ensure all the devices on his company's internal IT environment are properly synchronized. Which of the following protocols would aid in this effort? (D4, L4.1.2) A) FTP (File Transfer Protocol) B) NTP (Network Time Protocol) C) SMTP (Simple Mail Transfer Protocol) D) HTTP (Hypertext Transfer Protocol)
B) NTP (Network Time Protocol)
Cyril wants to ensure all the devices on his company's internal IT environment are properly synchronized. Which of the following protocols would aid in this effort? (D4, L4.1.2) A) FTP (File Transfer Protocol) B) NTP (Network Time Protocol) C) SMTP (Simple Mail Transfer Protocol) D) HTTP (Hypertext Transfer Protocol)
B) NTP (Network Time Protocol) (NTP (Network Time Protocol) is specifically designed for synchronizing the clocks of computer systems over a network. It is commonly used to ensure that all devices within an IT environment are accurately synchronized with a reference time source, such as an atomic clock or a time server.) FTP is a protocol used for transferring files between computers over a network. SMTP is a protocol used for sending and receiving email messages. HTTP is a protocol used for transmitting and receiving web page data on the internet.
Which of the following is an example of a "something you know" authentication factor? (D1, L1.1.1) A) User ID B) Password C) Fingerprint D) Iris scan
B) Password
Siobhan is an ISC2 member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do? (D1, L1.5.1) A) Inform ISC2 B) Pay the parking ticket C) Inform supervisors at Triffid D) Resign employment from Triffid
B) Pay the parking ticket
Which common cloud deployment model typically features only a single customer's data/functionality stored on specific systems/hardware? (D4.3 L4.3.2) A) Public B) Private C) Community D) Hybrid
B) Private B is correct; this is the defining feature of private cloud. A is incorrect; in public cloud, multiple customers (or "tenants") typically share the underlying systems. C is incorrect; in community cloud, multiple customers from a shared affinity group/industry typically share access to the underlying infrastructure. D is incorrect; in hybrid cloud, more than one customer may use underlying infrastructure.
The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a _________. (D1, L1.4.1) A) Policy B) Procedure C) Standard D) Law
B) Procedure
Tina is an ISC2 member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do? (D1, L1.5.1) A) Nothing B) Stop participating in the group C) Report the group to law enforcement D) Report the group to ISC2
B) Stop participating in the group
Suvid works at Triffid, Inc. When Suvid attempts to log in to the production environment, a message appears stating that Suvid has to reset the password. What may have occurred to cause this? (D3, L3.3.1) A) Suvid broke the law B) Suvid's password has expired C) Suvid made the manager angry D) Someone hacked Suvid's machine
B) Suvid's password has expired
The European Union (EU) law that grants legal protections to individual human privacy. (D1, L1.1.1) A) The Privacy Human Rights Act B) The General Data Protection Regulation C) The Magna Carta D) The Constitution
B) The General Data Protection Regulation
Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an additional task necessary to ensure this control will function properly? (D4.2 L4.2.3) A) Pay all employees a bonus for allowing anti-malware solutions to be run on their systems B) Update the anti-malware solution regularly C) Install a monitoring solution to check the anti-malware solution D) Alert the public that this protective measure has been taken
B) Update the anti-malware solution regularly B is the correct answer. Anti-malware solutions typically work with signatures for known malware; without continual updates, these tools lose their efficacy. A, C and D are incorrect; these measures will not aid in the effectiveness of anti-malware solutions.
What is the most important goal of a business continuity effort? (D2, L2.2.1) A) Ensure all IT systems function during a potential interruption B) Ensure all business activities are preserved during a potential disaster C) Ensure the organization survives a disaster D) Preserve health and human safety
C) Ensure the organization survives a disaster
Gary is an attacker. Gary is able to get access to the communication wire between Dauphine's machine and Linda's machine and can then surveil the traffic between the two when they're communicating. What kind of attack is this? (D4.2 L4.2.1) A) Side channel B) DDOS C) On-path D) Physical
C) On-path = man-in-the-middle (In an on-path attack, the attacker gains access to the communication path between two parties and can intercept, monitor, or manipulate the traffic passing between them. This allows the attacker to eavesdrop on the communication, potentially steal sensitive information, or tamper with the data being transmitted.) Side channel - Side channel attacks typically exploit unintended channels or mechanisms in a system, such as electromagnetic emissions, power consumption, or timing variations, to gain information about the system's operation or cryptographic keys. DDOS - DDoS attacks involve flooding a target system or network with an overwhelming amount of traffic or requests, causing it to become unavailable to legitimate users.
To adequately ensure availability for a data center, it is best to plan for both resilience and _______ of the elements in the facility. (D4.3 L4.3.1) A) Uniqueness B) Destruction C) Redundancy D) Hue
C) Redundancy
Data _____ is data left behind on systems/media after normal deletion procedures have been attempted. (D5.1, L5.1.1) A) Fragments B) Packets C) Remanence D) Residue
C) Remanence C is correct. Data remanence is the term used to describe data left behind on systems/media after normal deletion procedures have been attempted.
Barry wants to upload a series of files to a web-based storage service, so that people Barry has granted authorization can retrieve these files. Which of the following would be Barry's preferred communication protocol if he wanted this activity to be efficient and secure? (D4, L4.1.2) A) SMTP (Simple Mail Transfer Protocol) B) FTP (File Transfer Protocol) C) SFTP (Secure File Transfer Protocol) D) SNMP (Simple Network Management Protocol)
C) SFTP (Secure File Transfer Protocol) C is the correct answer; SFTP is designed specifically for this purpose. A, B and D are incorrect; these protocols are either not efficient or not secure in Barry's intended use.
A device typically accessed by multiple users, often intended for a single purpose, such as managing email or web pages. (D4.1 L4.1.1) A) Router B) Switch C) Server D) Laptop
C) Server A server typically offers a specific service, such as hosting web pages or managing email, and is often accessed by multiple users. C is the correct answer. A and B are incorrect; routers and switches are used to vector network traffic, not to provide specific services. D is incorrect; a laptop is typically only assigned to a single user.
A device typically accessed by multiple users, often intended for a single purpose, such as managing email or web pages. (D4.1 L4.1.1) A) Router B) Switch C) Server D) Laptop
C) Server (A server is a device typically accessed by multiple users and often intended for a single purpose, such as managing email, hosting web pages, providing file storage, running applications, or serving as a central repository for data and resources.)
Which of the following activities is usually part of the configuration management process, but is also extremely helpful in countering potential attacks? (D4.2 L4.2.3) A) Annual budgeting B) Conferences with senior leadership C) Updating and patching systems D) The annual shareholders' meeting
C) Updating and patching systems C is the correct answer. Keeping systems up to date is typically part of both the configuration management process and enacting best security practices. A, B and D are incorrect; these activities are neither part of the configuration management process nor a best security practice.
Hoshi is an ISC2 member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do? (D1, L1.5.1) A) Recommend a different vendor/product B) Recommend the cousin's product C) Hoshi should ask to be recused from the task D) Disclose the relationship, but recommend the vendor/product
D) Disclose the relationship, but recommend the vendor/product
Which of the following is probably the main purpose of configuration management? (D5.2, L5.2.1) A) Keeping out intruders B) Ensuring the organization adheres to privacy laws C) Keeping secret material protected D) Ensuring only authorized modifications are made to the IT environment
D) Ensuring only authorized modifications are made to the IT environment The main purpose of configuration management is to ensure that there is uniformity throughout the IT environment, and that only authorized modifications are made. D is the correct answer. A, B and C are incorrect; these may be overall security goals, and configuration management may assist for these purposes, but these are not the main goal of configuration management.
A device that is commonly useful to have on the perimeter between two networks. (D4.3 L4.3.3) A) User laptop B) IoT C) Camera D) Firewall
D) Firewall
Cheryl is browsing the Web. Which of the following protocols is she probably using? (D4, L4.1.2) A) SNMP (Simple Network Management Protocol) B) FTP (File Transfer Protocol) C) TFTP (Trivial File Transfer Protocol) D) HTTP (Hypertext Transfer Protocol)
D) HTTP (Hypertext Transfer Protocol) D is correct; HTTP is designed for Web browsing. A, B and C are incorrect; these are not protocols designed to handle Web browsing.
Which of the following statements is true? (D3, L3.3.1) A) Logical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls B) Physical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls C) Administrative access controls can protect the IT environment perfectly; there is no reason to deploy any other controls D) It is best to use a blend of controls in order to provide optimum security
D) It is best to use a blend of controls in order to provide optimum security
What is the goal of Business Continuity efforts? (D2, L2.2.1) A) Save money B) Impress customers C) Ensure all IT systems continue to operate D) Keep critical business functions operational
D) Keep critical business functions operational
Every document owned by Triffid, Inc., whether hardcopy or electronic, has a clear, 24-point word at the top and bottom. Only three words can be used: "Sensitive," "Proprietary" and "Public." This is an example of _____. (D5.1, L5.1.1) A) Secrecy B) Privacy C) Inverting D) Labeling
D) Labeling
The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1) A) Policy B) Procedure C) Standard D) Law
D) Law
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachis logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. Which security concept is being applied in this situation? (D3, L3.1.1) A) Defense in depth B) Layered defense C) Two-person integrity D) Least privilege
D) Least privilege
A VLAN is a _____ method of segmenting networks. (D4.3 L4.3.3) A) Secret B) Physical C) Regulated D) Logical
D) Logical
An organization must always be prepared to ______ when applying a patch. (D5.2, L5.2.1) A) Pay for the updated content B) Buy a new system C) Settle lawsuits D) Rollback
D) Rollback Patches can sometimes cause unintended problems in the environment, so an organization must always be prepared to rollback the environment to the last known good state prior to when the patch was applied. D is the correct answer. A is incorrect; typically, vendors offer patches as part of long-term support for their products, at no extra cost. B is incorrect; we patch systems so that we do not have to replace them with new ones. C is incorrect; patching does not often lead to lawsuits.
A tool that aggregates log data from multiple sources, and typically analyzes it and reports potential threats. (D4.2 L4.2.2) A) HIDS B) Anti-malware C) Router D) SIEM
D) SIEM (SIEM (Security Information and Event Management) is a tool that aggregates log data from multiple sources, such as network devices, servers, applications, and security systems. It typically analyzes this data and reports potential threats by correlating events and identifying patterns indicative of security incidents. SIEM platforms provide features for log management, event correlation, threat detection, incident response, and reporting, making them valuable tools for security monitoring and management.) HIDS - monitors activity on a single computer (While HIDS can analyze log data generated by the host itself, it typically does not aggregate log data from multiple sources across a network.) Anti-malware - Seeks to identify malicious software or porcesses. (While anti-malware tools may generate logs of their activity, they are not typically used to aggregate log data from multiple sources across a network.)
Which of the following is not an appropriate control to add to privileged accounts? (D3, L3.1.1) A) Increased logging B) Multifactor authentication C) Increased auditing D) Security deposit
D) Security deposit
Which common cloud service model only offers the customer access to a given application? (D4.3 L4.3.2) A) Lunch as a service (LaaS) B) Infrastructure as a service (IaaS) C) Platform as a service (PaaS) D) Software as a service (SaaS)
D) Software as a service (SaaS)
A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. (D1, L1.3.1) A) Physical B) Administrative C) Passive D) Technical
D) Technical
Jengi is setting up security for a home network. Jengi decides to configure MAC address filtering on the router, so that only specific devices will be allowed to join the network. This is an example of a(n)_______ control. (D1, L1.3.1) A) Physical B) Administrative C) Substantial D) Technical
D) Technical
Garfield is a security analyst at Triffid, Inc. Garfield notices that a particular application in the production environment is being copied very quickly, across systems and devices utilized by many users. What kind of attack could this be? (D4.2 L4.2.1) A) Spoofing B) Side channel C) Trojan D) Worm
D) Worm Activity of this type, where an application or file is replicating rapidly across an entire environment, is often indicative of a worm. D is correct. A is incorrect; spoofing uses captured credentials for the attack, not replication of apps. B is incorrect; a side channel attack is typically entirely passive. C is incorrect; while a Trojan horse method might be used to introduce a worm to the environment, not all Trojans are worms.