ISC2 Certified In Cybersecurity (CC) Practice Exam Questions
Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed. Which security solution can often identify and potentially counter this risk? A. Firewall B. Turnstile C. Anti-malware D. Badge system
A. Firewall
The output of any given hashing algorithm is always _____. A. The same length B. The same characters C. The same language D. Different for the same inputs
A. The same length
When should a business continuity plan (BCP) be activated? A. As soon as possible B. At the very beginning of a disaster C. When senior management decides D. When instructed to do so by regulators
C. When senior management decides
Within the organization, who can identify risk? A. The security manager B. Any security team member C. Senior management D. Anyone
D. Anyone
The Triffid Corporation publishes a strategic overview of the company's intent to secure all the data the company possesses. This document is signed by Triffid senior management. What kind of document is this? A. Policy B. Procedure C. Standard D. Law
A. Policy
Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove software. Which of the following could be used to describe Gelbi's account? A. Privileged B. Internal C. External D. User
A. Privileged
Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of ___________. A. Risk tolerance B. Risk inversion C. Threat D. Vulnerability
A. Risk Tolerance
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions. Which method should Handel select? A. Role-based access controls (RBAC) B. Mandatory access controls (MAC) C. Discretionary access controls (DAC) D. Logging
A. Role-based access controls (RBAC)
If two people want to use asymmetric communication to conduct a confidential conversation, how many keys do they need? A. 1 B. 4 C. 8 D. 11
B. 4
Which of the following is probably most useful at the perimeter of a property? A. A safe B. A fence C. A data center D. A centralized log storage facility
B. A fence
Preenka works at an airport. There are red lines painted on the ground next to the runway; Preenka has been instructed that nobody can step or drive across a red line unless they request, and get specific permission from, the control tower. This is an example of a(n)______ control. A. Physical B. Administrative C. Critical D. Technical
B. Administrative
A tool that monitors local devices to reduce potential threats from hostile software. A. NIDS (network-based intrusion-detection systems B. Anti-malware C. DLP (data loss prevention) D. Firewall
B. Anti-malware
True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs. A. True B. False
B. False
Bert wants to add a flashlight capability to a smartphone. Bert searches the internet for a free flashlight app, and downloads it to the phone. The app allows Bert to use the phone as a flashlight, but also steals Bert's contacts list. What kind of app is this? A. DDOS B. Trojan C. Side channel D. On-path
B. Trojan
Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an additional task necessary to ensure this control will function properly? A. Pay all employees a bonus for allowing anti-malware solutions to be run on their systems B. Update the anti-malware solution regularly C. Install a monitoring solution to check the anti-malware solution D. Alert the public that this protective measure has been taken
B. Update the anti-malware solution regularly
Which of the following would be considered a logical access control? A. An iris reader that allows an employee to enter a controlled area. B. A fingerprint reader that allows an employee to enter a controlled area. C. A fingerprint reader that allows an employee to access a laptop computer. D. A chain attached to a laptop computer that connects it to furniture so it cannot be taken.
C. A fingerprint reader that allows an employee to access a laptop computer.
Of the following, which would probably not be considered a threat? A. Natural disaster B. Unintentional damage to the system cause by a user C. A laptop with sensitive data on it D. An external attacker trying to gain unauthorized access to the environment
C. A laptop with sensitive data on it
Trina and Doug both work at Triffid, Inc. Doug is having trouble logging into the network. Trina offers to log in for Doug, using Trina's credentials, so that Doug can get some work done. What is the problem with this? A. Doug is a bad person B. If Trina logs in for Doug, then Doug will never be encouraged to remember credential without assistance C. Anything either of them do will be attributed to Trina D. It is against the law
C. Anything either of them do will be attributed to Trina
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do? A. Inform (ISC)2 B. Inform law enforcement C. Inform Triffid management D. Nothing
C. Inform Triffid management
A _____ is a record of something that has occurred. A. Biometric B. Law C. Log D. Firewall
C. Log
Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess a particular threat, and he suggests that the best way to counter this threat would be to purchase and implement a particular security solution. This is an example of _______. A. Acceptance B. Avoidance C. Mitigation D. Transference
C. Mitigation
Gary is an attacker. Gary is able to get access to the communication wire between Dauphine's machine and Linda's machine and can then surveil the traffic between the two when they're communicating. What kind of attack is this? A. Side channel B. DDOS C. On-path D. Physical
C. On-path
Druna is a security practitioner tasked with ensuring that laptops are not stolen from the organization's offices. Which sort of security control would probably be best for this purpose? A. Technical B. Observe C. Physical D. Administrative
C. Physical
Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don't collide with pedestrians. What is probably the most effective type of control for this task? A. Administrative B. Technical C. Physical D. Nuanced
C. Physical
To adequately ensure availability for a data center, it is best to plan for both resilience and _______ of the elements in the facility. A. Uniqueness B. Destruction C. Redundancy D. Hue
C. Redundancy
Barry wants to upload a series of files to a web-based storage service, so that people Barry has granted authorization can retrieve these files. Which of the following would be Barry's preferred communication protocol if he wanted this activity to be efficient and secure? A. SMTP (Simple Mail Transfer Protocol) B. FTP (File Transfer Protocol) C. SFTP (Secure File Transfer Protocol) D. SNMP (Simple Network Management Protocol)
C. SFTP (Secure File Transfer Protocol)
Who dictates policy? A. The security manager B. The Human Resource office C. Senior management D. Auditors
C. Senior management
A device typically accessed by multiple users, often intended for a single purpose, such as managing email or web pages. A. Router B. Switch C. Server D. Laptop
C. Server
(ISC)² publishes a Common Body of Knowledge (CBK) that IT security practitioners should be familiar with; this is recognized throughout the industry as a set of material that is useful for practitioners to refer to. Certifications can be issued for demonstrating expertise in this Common Body of Knowledge. What kind of document is the Common Body of Knowledge? A. Policy B. Procedure C. Standard D. Law
C. Standard
The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers' personal data. This set of rules is a _____. A. Law B. Policy C. Standard D. Procedure
C. Standard
The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.) are at all times, so the city has GPS transmitters installed in all the vehicles. What kind of control is this? A. Administrative B. Entrenched C. Physical D. Technical
D. Technical
A means to allow remote users to have secure access to the internal IT environment. A. Internet B. VLAN C. MAC D. VPN
D. VPN
______ is used to ensure that configuration management activities are effective and enforced. A. Inventory B. Baseline C. Identification D. Verification and audit
D. Verification and audit
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the database? A. The object B. The rule C. The subject D. The site
The object
If two people want to use symmetric encryption to conduct a confidential conversation, how many keys do they need? A. 1 B. 3 C. 8 D. None
A. 1
Which of the following probably poses the most risk? A. A high-likelihood, high-impact event B. A high-likelihood, low-impact event C. A low-likelihood, high-impact event D. A low-likelihood, low-impact event
A. A high-likelihood, high-impact event
Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel. This is an example of _________. A. Acceptance B. Avoidance C. Mitigation D. Transference
A. Acceptance
Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? A. Administrative B. Finite C. Physical D. Technical
A. Administrative
Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the documents into a safe at the end of the workday, where they are locked up until the following workday. What kind of control is the process of putting the documents into the safe? A. Administrative B. Tangential C. Physical D. Technical
A. Administrative
Which of the following is likely to be included in the business continuity plan? A. Alternate work areas for personnel affected by a natural disaster B. The organization's approach security approach C. Last year's budget information D. Log data from all systems
A. Alternate work areas for personnel affected by a natural disaster
Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an attack designed to affect the availability of the environment. Which of the following might be the attack Ludwig sees? A. DDOS (distributed denial of service) B. Spoofing C. Exfiltrating stolen data D. An insider sabotaging the power supply
A. DDOS (distributed denial of service)
A human guard monitoring a hidden camera could be considered a ______ control. A. Detective B. Preventive C. Deterrent D. Logical
A. Detective
Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits. The municipal code is a ______, and the Triffid checklist is a ________. A. Law, procedure B. Standard, law C. Law, standard D. Policy, standard E. Policy, law
A. Law, procedure
Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a "classification." Every person in the agency is assigned a "clearance" level, which determines the classification of data each person can access. What is the access control model being implemented in Tekila's agency? A. MAC (mandatory access control) B. DAC (discretionary access control) C. RBAC (role-based access control D. FAC (formal access control)
A. MAC (mandatory access control)
A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________. A. Non-repudiation B. Multifactor authentication C. Biometrics D. Privacy
A. Non-repudiation
A bollard is a post set securely in the ground in order to prevent a vehicle from entering an area or driving past a certain point. Bollards are an example of ______ controls. A. Physical B. Administrative C. Drastic D. Technical
A. Physical
Prina is a database manager. Prina is allowed to add new users to the database, remove current users and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself. This is an example of: A. Role-based access controls (RBAC) B. Mandatory access controls (MAC) C. Discretionary access controls (DAC) D. Alleviating threat access controls (ATAC)
A. Role-based access controls (RBAC)
Triffid, Inc., wants to host streaming video files for the company's remote users, but wants to ensure the data is protected while it's streaming. Which of the following methods are probably best for this purpose? A. Symmetric encryption B. Hashing C. Asymmetric encryption D. VLANs
A. Symmetric encryption
What is the risk associated with resuming full normal operations too soon after a DR effort? A. The danger posed by the disaster might still be present B. Investors might be upset C. Regulators might disapprove D. The organization could save money
A. The danger posed by the disaster might still be present
Guillermo logs onto a system and opens a document file. In this example, Guillermo is: A. The subject B. The object C. The process D. The software
A. The subject
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is Prachi? A. The subject B. The rule C. The file D. The object
A. The subject
The organization should keep a copy of every signed Acceptable Use Policy (AUP) on file, and issue a copy to _______. A. The user who signed it B. The regulators overseeing that industry C. Lawmakers D. The Public Relations office
A. The user who signed it
Olaf is a member of (ISC)² and a security analyst for Triffid Corporation. During an audit, Olaf is asked whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not adhering to that standard in that particular situation, but that saying this to the auditors will reflect poorly on Triffid. What should Olaf do? A. Tell the auditors the truth B. Ask supervisors for guidance C. Ask (ISC)2 for guidance D. Lie to the auditors
B. Ask supervisors for guidance
In risk management concepts, a(n) _________ is something a security practitioner might need to protect. A. Vulnerability B. Asset C. Threat D. Likelihood
B. Asset
Bluga works for Triffid, Inc. as a security analyst. Bluga wants to send a message to several people and wants the recipients to know that the message definitely came from Bluga. What type of encryption should Bluga use? A. Symmetric encryption B. Asymmetric encryption C. Small-scale encryption D. Hashing
B. Asymmetric encryption
You are reviewing log data from a router; there is an entry that shows a user sent traffic through the router at 11:45 am, local time, yesterday. This is an example of a(n) _______. A. Incident B. Event C. Attack D. Threat
B. Event
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do? A. Inform (ISC)2 B. Explain the style and format of the questions, but no detail C. Inform the colleague's supervisor D. Nothing
B. Explain the style and format of the questions, but no detail
All of the following are important ways to practice an organization disaster recovery (DR) effort; which one is the most important? A. Practice restoring data from backups B. Facility evacuation drills C. Desktop/tabletop testing of the plan D. Running the alternate operating site to determine if it could handle critical function in time of emergency
B. Facility evacuation drills
The common term for systems that ensure proper temperature and humidity in the data center. A. RBAC B. HVAC C. MAC
B. HVAC
Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)² certification exam. What should Glen do? A. Nothing B. Inform (ISC)² C. Inform law enforcement D. Inform Glen's employer
B. Inform (ISC)²
Chad is a security practitioner tasked with ensuring that the information on the organization's public website is not changed by anyone outside the organization. This task is an example of ensuring _________. A. Confidentiality B. Integrity C. Availability D. Confirmation
B. Integrity
Hashing is often used to provide _______. A. Confidentiality B. Integrity C. Availability D. Value
B. Integrity
Cyril wants to ensure all the devices on his company's internal IT environment are properly synchronized. Which of the following protocols would aid in this effort? A. FTP (File Transfer Protocol) B. NTP (Network Time Protocol) C. SMTP (Simple Mail Transfer Protocol) D. HTTP (Hypertext Transfer Protocol)
B. NTP (Network Time Protocol)
Which of the following is an example of a "something you know" authentication factor? A. User ID B. Password C. Fingerprint D. Iris scan
B. Password
Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do? A. Inform (ISC)2 B. Pay the parking ticket C. Inform supervisors at Triffid D. Resign employment from Triffid
B. Pay the parking ticket
The senior leadership of Triffid Corporation decides that the best way to minimize liability for the company is to demonstrate the company's commitment to adopting best practices recognized throughout the industry. Triffid management issues a document that explains that Triffid will follow the best practices published by SANS, an industry body that addresses computer and information security. The Triffid document is a ______, and the SANS documents are ________. A. Law, policy B. Policy, standard C. Policy, law D. Procedure, procedure
B. Policy, standard
A vendor sells a particular operating system (OS). In order to deploy the OS securely on different platforms, the vendor publishes several sets of instructions on how to install it, depending on which platform the customer is using. This is an example of ______. A. Law B. Procedure C. Standard D. Policy
B. Procedure
The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a _________. A. Policy B. Procedure C. Standard D. Law
B. Procedure
What is the goal of an incident response effort? A. No incident ever happen B. Reduce the impact of incidents on operations C. Punish wrongdoers D. Save money
B. Reduce the impact of incidents on operations
What is the overall objective of a disaster recovery (DR) effort? A. Save money B. Return to normal, full operations C. Preserve critical business functions during a disaster D. Enhance public perception of the organization
B. Return to normal, full operations
One of the benefits of computer-based training (CBT): A. Expensive B. Scalable C. Personal interaction with instructor D. Interacting with other participants
B. Scalable
Proper alignment of security policy and business goals within the organization is important because: A. Security should always be as strict as possible B. Security policy that conflicts with business goals can inhibit productivity C. Bad security policy can be illegal D. Security is more important than business
B. Security policy that conflicts with business goals can inhibit productivity
Who approves the incident response policy? A. (ISC)2 B. Senior management C. The security manager D. Investor
B. Senior management
Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do? A. Nothing B. Stop participating in the group C. Report the group to law enforcement D. Report the group to (ISC)2
B. Stop participating
In order for a biometric security to function properly, an authorized person's physiological data must be ______. A. Broadcast B. Stored C. Deleted D. Modified
B. Stored
The European Union (EU) law that grants legal protections to individual human privacy. A. The Privacy Human Rights Act B. The General Data Protection Regulation C. The Magna Carta D. The Constitution
B. The General Data Protection Regulation
For which of the following assets is integrity probably the most important security aspect? A. One frame of a streaming video B. The file that contains passwords used to authenticate users C. The color scheme of a marketing website D. Software that checks the spelling of product descriptions for a retail website
B. The file that contains passwords used to authenticate users
What is the risk associated with delaying resumption of full normal operations after a disaster? A. People might be put in danger B. The impact of running alternate operations for extended periods C. A new disaster might emerge D. Competition
B. The impact of running alternate operations for extended periods
In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset. A. Fear B. Threat C. Control D. Asset
B. Threat
Which of the following is a biometric access control mechanism? A. A badge reader B. A copper key C. A fence with razor on it D. A door locked by a voiceprint identifier
D. A door locked by a voiceprint identifier
Which of the following is an example of a "something you are" authentication factor? A. A credit card presented to a cash machine B. Your password and PIN C. A user ID D. A photograph of your face
D. A photograph of your face
Which of these is the most important reason to conduct security instruction for all employees. A. Reduce liability B. Provide due diligence C. It is a moral imperative D. An informed user is a more secure user
D. An informed user is a more secure user
Hoshi is an (ISC)² member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do? A. Recommend a different vendor/product B. Recommend the cousin's product C. Hoshi should ask to be recused from the task D. Disclose the relationship, but recommend the vendor/product
D. Disclose the relationship, but recommend the vendor/product
Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens. Which security concept is being applied in this situation? A. Defense in depth B. Segregation of duties C. Least privilege D. Dual control
D. Dual control
Which of the following is probably the main purpose of configuration management? A. Keeping out intruders B. Ensuring the organization adheres to privacy laws C. Keeping secret material protected D. Ensuring only authorized are made to the IT environment
D. Ensuring only authorized are made to the IT environment
A device that filters network traffic in order to enhance overall security/performance. A. Endpoint B. Laptop C. MAC (media access control) D. Firewall
D. Firewall
A device that is commonly useful to have on the perimeter between two networks. A. User laptop B. IoT C. Camera D. Firewall
D. Firewall
A tool that filters inbound traffic to reduce potential threats. A. NIDS (network-based intrusions-detection systems) B. Anti-malware C. DLP (data loss prevention) D. Firewall
D. Firewall
Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why? A. Gary is being punished B. The network is tired C. Users remember their credentials if they are given time to think about it D. Gary's actions look like an attack
D. Gary's actions look like an attack
Which of the following statements is true? A. Logical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls. B. Physical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls. C. Administrative access controls can protect the IT environment perfectly; there is no reason to deploy any other controls. D. It is best to use a blend of controls in order to provide optimum security.
D. It is best to use a blend of controls in order to provide optimum security.
The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this? A. Policy B. Procedure C. Standard D. Law
D. Law
A VLAN is a _____ method of segmenting networks. A. Secret B. Physical C. Regulated D. Logical
D. Logical
For which of the following systems would the security concept of availability probably be most important? A. Medical systems that store patient data B. Retail records of past transactions C. Online streaming of camera feeds that display historical works of art in museums around the world. D. Medical systems that monitor patient condition in an intensive care unit
D. Medical systems that monitor patient condition in an intensive care unit
What is the most important goal of a business continuity effort? A. Ensure all IT systems function during a potential interruption B. Ensure all business activities are preserved during a potential disaster C. Ensure the organization survives a disaster D. Preserve health and human safety
D. Preserve health and human safety
Which of the following are not typically involved in incident detection? A. Users B. Security analysts C. Automated tools D. Regulators
D. Regulators
Which common cloud service model only offers the customer access to a given application? A. Lunch as a service (LaaS) B. Infrastructure as a service (IaaS) C. Platform as a service (PaaS) D. Software as a service (SaaS)
D. Software as a service (SaaS)
A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. A. Physical B. Administrative C. Passive D. Technical
D. Technical
Jengi is setting up security for a home network. Jengi decides to configure MAC address filtering on the router, so that only specific devices will be allowed to join the network. This is an example of a(n)_______ control. A. Physical B. Administrative C. Substantial D. Technical
D. Technical
Which of the following is one of the common ways potential attacks are often identified? A. The attackers contact the target prior to the attack, in order to threaten and frighten the target B. Victims notice excessive heat coming from their systems C. The power utility company warns customers that the grid will be down and the internet won't be accessible D. Users report unusual systems activity/response to Help Desk or the security office
D. Users report unusual systems activity/response to Help Desk or the security office
