2
ISC2 Certified In Cybersecurity Exam with precise detailed
|| || || || || || || ||
solutions
Which of the following involves a sophisticated attack in which a hacker maintains a stealthy long
|| || || || || || || || || || || || || || ||
term presence in the victim's network? - ✔✔Advanced Persistent Threat
|| || || || || || || || || ||
Which of the following is an example of a technical control? - ✔✔Antivirus
|| || || || || || || || || || || ||
Which of the following is not an example of protecting data-in-transit? - ✔✔Database Encryption
|| || || || || || || || || || || || ||
A data center technician needs to securely dispose of several hard drives for systems that are
|| || || || || || || || || || || || || || || ||
being decommissioned. What technique is not sufficient to ensue the data is not recoverable? -
|| || || || || || || || || || || || || || ||
✔✔Erasure
A security engineer is trying to decide on the best course of action to take to block internet traffic
|| || || || || || || || || || || || || || || || || || ||
from specific IP addresses at the perimeter of the company network. which of the following
|| || || || || || || || || || || || || || ||
controls would allow the security engineer to configure such rules? - ✔✔Network Firewall
|| || || || || || || || || || || ||
Which access control is common used in military and government environments to protect
|| || || || || || || || || || || || ||
classified information? - ✔✔Mandatory Access Control (MAC)
|| || || || || ||
Which method of authentication provides the strongest security? - ✔✔Dual-Factor
|| || || || || || || || ||
Mary is conducting a risk analysis for her organization. Her boss, the CISO, feels strongly that the
|| || || || || || || || || || || || || || || ||
organization's biggest risk is from hackers trying to steal intellectual property from their
|| || || || || || || || || || || || || ||
engineering database server so that is where their defensive focus should lie. this is an example of
|| || || || || || || || || || || || || || || || ||
what kind of analysis? - ✔✔Qualitative Risk Analysis
|| || || || || || ||
Which of the following best represents the process for security risk management? - ✔✔Risk
|| || || || || || || || || || || || || ||
Identification, assessment, treatment || ||
, 2
Of the job titles listed, which is most likely to be responsible for risk management if the
|| || || || || || || || || || || || || || || || ||
organization does not have a CISOL or Risk Officer? - ✔✔Chief Financial Officer || || || || || || || || || || || ||
Which of the following terms describes the output of information that is run through a hash
|| || || || || || || || || || || || || || || ||
function? - ✔✔Message Digest || || ||
Which cloud service model gives customers access to platforms where they can develop, test, and
|| || || || || || || || || || || || || || ||
run code for applications in various programming languages? - ✔✔Platform as a Service (PaaS)
|| || || || || || || || || || || || ||
Which of the following cryptographic techniques cannot be used to provide confidentiality
|| || || || || || || || || || || ||
protection to a message? - ✔✔Hasing || || || || ||
Which of the following items best describes the principle of confidentiality? - ✔✔Confidentiality
|| || || || || || || || || || || || ||
ensures data is kept secret and not disclosed to unauthorized parties.
|| || || || || || || || || ||
Stealing data (exfiltration) is an example of a breach of what property? - ✔✔Confidentiality
|| || || || || || || || || || || || ||
When it comes to physical security, what is the most important consideration? - ✔✔Ensure the
|| || || || || || || || || || || || || || ||
safety of personnel from harm
|| || || ||
Which phase of the incident response process involves bringing systems and data back to normal
|| || || || || || || || || || || || || || ||
operation? - ✔✔Containment, Eradication, and Recovery || || || || ||
Which of the following best represents activities typically included in the patch management
|| || || || || || || || || || || || ||
lifecycle? - ✔✔Asset discovery, Vulnerability discovery, Patch acquisition, Patch Validation,
|| || || || || || || || || ||
Patch deployment, reporting
|| ||
Bob and Alice share a job. To prevent fraud, Bob performs part A and Alice performs part B, but
|| || || || || || || || || || || || || || || || || || ||
because of their account privileges, neither Bob nor Alice can perform the other's part. This is an
|| || || || || || || || || || || || || || || || ||
example of what concept? - ✔✔Segregation of duties || || || || || || ||
ISC2 Certified In Cybersecurity Exam with precise detailed
|| || || || || || || ||
solutions
Which of the following involves a sophisticated attack in which a hacker maintains a stealthy long
|| || || || || || || || || || || || || || ||
term presence in the victim's network? - ✔✔Advanced Persistent Threat
|| || || || || || || || || ||
Which of the following is an example of a technical control? - ✔✔Antivirus
|| || || || || || || || || || || ||
Which of the following is not an example of protecting data-in-transit? - ✔✔Database Encryption
|| || || || || || || || || || || || ||
A data center technician needs to securely dispose of several hard drives for systems that are
|| || || || || || || || || || || || || || || ||
being decommissioned. What technique is not sufficient to ensue the data is not recoverable? -
|| || || || || || || || || || || || || || ||
✔✔Erasure
A security engineer is trying to decide on the best course of action to take to block internet traffic
|| || || || || || || || || || || || || || || || || || ||
from specific IP addresses at the perimeter of the company network. which of the following
|| || || || || || || || || || || || || || ||
controls would allow the security engineer to configure such rules? - ✔✔Network Firewall
|| || || || || || || || || || || ||
Which access control is common used in military and government environments to protect
|| || || || || || || || || || || || ||
classified information? - ✔✔Mandatory Access Control (MAC)
|| || || || || ||
Which method of authentication provides the strongest security? - ✔✔Dual-Factor
|| || || || || || || || ||
Mary is conducting a risk analysis for her organization. Her boss, the CISO, feels strongly that the
|| || || || || || || || || || || || || || || ||
organization's biggest risk is from hackers trying to steal intellectual property from their
|| || || || || || || || || || || || || ||
engineering database server so that is where their defensive focus should lie. this is an example of
|| || || || || || || || || || || || || || || || ||
what kind of analysis? - ✔✔Qualitative Risk Analysis
|| || || || || || ||
Which of the following best represents the process for security risk management? - ✔✔Risk
|| || || || || || || || || || || || || ||
Identification, assessment, treatment || ||
, 2
Of the job titles listed, which is most likely to be responsible for risk management if the
|| || || || || || || || || || || || || || || || ||
organization does not have a CISOL or Risk Officer? - ✔✔Chief Financial Officer || || || || || || || || || || || ||
Which of the following terms describes the output of information that is run through a hash
|| || || || || || || || || || || || || || || ||
function? - ✔✔Message Digest || || ||
Which cloud service model gives customers access to platforms where they can develop, test, and
|| || || || || || || || || || || || || || ||
run code for applications in various programming languages? - ✔✔Platform as a Service (PaaS)
|| || || || || || || || || || || || ||
Which of the following cryptographic techniques cannot be used to provide confidentiality
|| || || || || || || || || || || ||
protection to a message? - ✔✔Hasing || || || || ||
Which of the following items best describes the principle of confidentiality? - ✔✔Confidentiality
|| || || || || || || || || || || || ||
ensures data is kept secret and not disclosed to unauthorized parties.
|| || || || || || || || || ||
Stealing data (exfiltration) is an example of a breach of what property? - ✔✔Confidentiality
|| || || || || || || || || || || || ||
When it comes to physical security, what is the most important consideration? - ✔✔Ensure the
|| || || || || || || || || || || || || || ||
safety of personnel from harm
|| || || ||
Which phase of the incident response process involves bringing systems and data back to normal
|| || || || || || || || || || || || || || ||
operation? - ✔✔Containment, Eradication, and Recovery || || || || ||
Which of the following best represents activities typically included in the patch management
|| || || || || || || || || || || || ||
lifecycle? - ✔✔Asset discovery, Vulnerability discovery, Patch acquisition, Patch Validation,
|| || || || || || || || || ||
Patch deployment, reporting
|| ||
Bob and Alice share a job. To prevent fraud, Bob performs part A and Alice performs part B, but
|| || || || || || || || || || || || || || || || || || ||
because of their account privileges, neither Bob nor Alice can perform the other's part. This is an
|| || || || || || || || || || || || || || || || ||
example of what concept? - ✔✔Segregation of duties || || || || || || ||
