ISC2 – CC exam questions with answers
|\ |\ |\ |\ |\ |\
Application Server - CORRECT ANSWERS ✔✔A computer |\ |\ |\ |\ |\ |\ |\
responsible for hosting applications to user workstations. NIST SP
|\ |\ |\ |\ |\ |\ |\ |\
800-82 Rev.2
|\ |\
Asymmetric Encryption - CORRECT ANSWERS ✔✔An algorithm |\ |\ |\ |\ |\ |\ |\
that uses one key to encrypt and a different key to decrypt the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
input plaintext. |\
Checksum - CORRECT ANSWERS ✔✔A digit representing the sum
|\ |\ |\ |\ |\ |\ |\ |\ |\
of the correct digits in a piece of stored or transmitted digital
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
data, against which later comparisons can be made to detect
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
errors in the data. |\ |\ |\
Ciphertext - CORRECT ANSWERS ✔✔The altered form of a |\ |\ |\ |\ |\ |\ |\ |\ |\
plaintext message so it is unreadable for anyone except the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
intended recipients. In other words, it has been turned into a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
secret.
Classification - CORRECT ANSWERS ✔✔Classification identifies |\ |\ |\ |\ |\ |\
the degree of harm to the organization, its stakeholders or others
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
that might result if an information asset is divulged to an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
unauthorized person, process or organization. In short, |\ |\ |\ |\ |\ |\ |\
classification is focused first and foremost on maintaining the |\ |\ |\ |\ |\ |\ |\ |\ |\
confidentiality of the data, based on the data sensitivity. |\ |\ |\ |\ |\ |\ |\ |\
,Configuration management - CORRECT ANSWERS ✔✔A process |\ |\ |\ |\ |\ |\ |\
and discipline used to ensure that the only changes made to a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
system are those that have been authorized and validated.
|\ |\ |\ |\ |\ |\ |\ |\
Cryptanalyst - CORRECT ANSWERS ✔✔One who performs |\ |\ |\ |\ |\ |\ |\
cryptanalysis which is the study of mathematical techniques for |\ |\ |\ |\ |\ |\ |\ |\ |\
attempting to defeat cryptographic techniques and/or information
|\ |\ |\ |\ |\ |\
systems security. This includes the process of looking for errors
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
or weaknesses in the implementation of an algorithm or of the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
algorithm itself. |\
Cryptography - CORRECT ANSWERS ✔✔The study or applications |\ |\ |\ |\ |\ |\ |\ |\
of methods to secure or protect the meaning and content of
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
messages, files, or other information, usually by disguise,
|\ |\ |\ |\ |\ |\ |\ |\
obscuration, or other transformations of that content and
|\ |\ |\ |\ |\ |\ |\ |\
meaning.
Data Loss Prevention (DLP) - CORRECT ANSWERS ✔✔System
|\ |\ |\ |\ |\ |\ |\ |\
capabilities designed to detect and prevent the unauthorized use
|\ |\ |\ |\ |\ |\ |\ |\ |\
and transmission of information.
|\ |\ |\
Decryption - CORRECT ANSWERS ✔✔The reverse process from
|\ |\ |\ |\ |\ |\ |\ |\
encryption. It is the process of converting a ciphertext message
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
back into plaintext through the use of the cryptographic
|\ |\ |\ |\ |\ |\ |\ |\ |\
algorithm and the appropriate key for decryption (which is the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
same for symmetric encryption, but different for asymmetric
|\ |\ |\ |\ |\ |\ |\ |\
encryption). This term is also used interchangeably with the
|\ |\ |\ |\ |\ |\ |\ |\
"deciphering."
|\
,Degaussing - CORRECT ANSWERS ✔✔A technique of erasing data |\ |\ |\ |\ |\ |\ |\ |\
on disk or tape (including video tapes) that, when performed
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
properly, ensures that there is insufficient magnetic remanence
|\ |\ |\ |\ |\ |\ |\ |\
to reconstruct data.
|\ |\
Digital Signature - CORRECT ANSWERS ✔✔The result of a
|\ |\ |\ |\ |\ |\ |\ |\ |\
cryptographic transformation of data which, when properly |\ |\ |\ |\ |\ |\ |\
implemented, provides the services of origin authentication, data |\ |\ |\ |\ |\ |\ |\
integrity, and signer non-repudiation. NIST SP 800-12 Rev. 1
|\ |\ |\ |\ |\ |\ |\ |\ |\
Egress Monitoring - CORRECT ANSWERS ✔✔Monitoring of
|\ |\ |\ |\ |\ |\ |\
outgoing network traffic. |\ |\
Encryption - CORRECT ANSWERS ✔✔The process and act of
|\ |\ |\ |\ |\ |\ |\ |\ |\
converting the message from its plaintext to ciphertext.
|\ |\ |\ |\ |\ |\ |\ |\
Sometimes it is also referred to as enciphering. The two terms
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
are sometimes used interchangeably in literature and have
|\ |\ |\ |\ |\ |\ |\ |\
similar meanings. |\
Encryption System - CORRECT ANSWERS ✔✔The total set of
|\ |\ |\ |\ |\ |\ |\ |\ |\
algorithms, processes, hardware, software, and procedures that
|\ |\ |\ |\ |\ |\ |\
taken together provide an encryption and decryption capability.
|\ |\ |\ |\ |\ |\ |\
Hardening - CORRECT ANSWERS ✔✔A reference to the process of
|\ |\ |\ |\ |\ |\ |\ |\ |\
applying secure configurations (to reduce the attack surface) and
|\ |\ |\ |\ |\ |\ |\ |\ |\
locking down various hardware, communications systems, and
|\ |\ |\ |\ |\ |\ |\ |\
software, including operating system, web server, application
|\ |\ |\ |\ |\ |\ |\
server, application, etc. Hardening is normally performed based
|\ |\ |\ |\ |\ |\ |\ |\
on industry guidelines and benchmarks, such as those provided
|\ |\ |\ |\ |\ |\ |\ |\ |\
by the Center for Internet Security (CIS).
|\ |\ |\ |\ |\ |\
, Hash Function - CORRECT ANSWERS ✔✔An algorithm that
|\ |\ |\ |\ |\ |\ |\ |\
computes a numerical value (called the hash value) on a data file
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
or electronic message that is used to represent that file or
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
message and depends on the entire contents of the file or
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
message. A hash function can be considered to be a fingerprint
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of the file or message. NIST SP 800-152
|\ |\ |\ |\ |\ |\ |\
Hashing - CORRECT ANSWERS ✔✔The process of using a
|\ |\ |\ |\ |\ |\ |\ |\ |\
mathematical algorithm against data to produce a numeric value |\ |\ |\ |\ |\ |\ |\ |\ |\
that is representative of that data. Source CNSSI 4009-2015
|\ |\ |\ |\ |\ |\ |\ |\
Information Sharing - CORRECT ANSWERS ✔✔The requirements |\ |\ |\ |\ |\ |\ |\
for information sharing by an IT system with one or more other IT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
systems or applications, for information sharing to support
|\ |\ |\ |\ |\ |\ |\ |\ |\
multiple internal or external organizations, missions, or public
|\ |\ |\ |\ |\ |\ |\ |\
programs. NIST SP 800-16 |\ |\ |\
Ingress Monitoring - CORRECT ANSWERS ✔✔Monitoring of
|\ |\ |\ |\ |\ |\ |\
incoming network traffic. |\ |\
Message Digest - CORRECT ANSWERS ✔✔A digital signature that
|\ |\ |\ |\ |\ |\ |\ |\ |\
uniquely identifies data and has the property such that changing
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
a single bit in the data will cause a completely different message
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
digest to be generated. NISTIR-8011 Vol.3
|\ |\ |\ |\ |\
Operating System - CORRECT ANSWERS ✔✔The software "master|\ |\ |\ |\ |\ |\ |\
control application" that runs the computer. It is the first
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
program loaded when the computer is turned on, and its main
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
component, the kernel, resides in memory at all times. The |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
|\ |\ |\ |\ |\ |\
Application Server - CORRECT ANSWERS ✔✔A computer |\ |\ |\ |\ |\ |\ |\
responsible for hosting applications to user workstations. NIST SP
|\ |\ |\ |\ |\ |\ |\ |\
800-82 Rev.2
|\ |\
Asymmetric Encryption - CORRECT ANSWERS ✔✔An algorithm |\ |\ |\ |\ |\ |\ |\
that uses one key to encrypt and a different key to decrypt the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
input plaintext. |\
Checksum - CORRECT ANSWERS ✔✔A digit representing the sum
|\ |\ |\ |\ |\ |\ |\ |\ |\
of the correct digits in a piece of stored or transmitted digital
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
data, against which later comparisons can be made to detect
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
errors in the data. |\ |\ |\
Ciphertext - CORRECT ANSWERS ✔✔The altered form of a |\ |\ |\ |\ |\ |\ |\ |\ |\
plaintext message so it is unreadable for anyone except the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
intended recipients. In other words, it has been turned into a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
secret.
Classification - CORRECT ANSWERS ✔✔Classification identifies |\ |\ |\ |\ |\ |\
the degree of harm to the organization, its stakeholders or others
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
that might result if an information asset is divulged to an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
unauthorized person, process or organization. In short, |\ |\ |\ |\ |\ |\ |\
classification is focused first and foremost on maintaining the |\ |\ |\ |\ |\ |\ |\ |\ |\
confidentiality of the data, based on the data sensitivity. |\ |\ |\ |\ |\ |\ |\ |\
,Configuration management - CORRECT ANSWERS ✔✔A process |\ |\ |\ |\ |\ |\ |\
and discipline used to ensure that the only changes made to a
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
system are those that have been authorized and validated.
|\ |\ |\ |\ |\ |\ |\ |\
Cryptanalyst - CORRECT ANSWERS ✔✔One who performs |\ |\ |\ |\ |\ |\ |\
cryptanalysis which is the study of mathematical techniques for |\ |\ |\ |\ |\ |\ |\ |\ |\
attempting to defeat cryptographic techniques and/or information
|\ |\ |\ |\ |\ |\
systems security. This includes the process of looking for errors
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
or weaknesses in the implementation of an algorithm or of the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
algorithm itself. |\
Cryptography - CORRECT ANSWERS ✔✔The study or applications |\ |\ |\ |\ |\ |\ |\ |\
of methods to secure or protect the meaning and content of
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
messages, files, or other information, usually by disguise,
|\ |\ |\ |\ |\ |\ |\ |\
obscuration, or other transformations of that content and
|\ |\ |\ |\ |\ |\ |\ |\
meaning.
Data Loss Prevention (DLP) - CORRECT ANSWERS ✔✔System
|\ |\ |\ |\ |\ |\ |\ |\
capabilities designed to detect and prevent the unauthorized use
|\ |\ |\ |\ |\ |\ |\ |\ |\
and transmission of information.
|\ |\ |\
Decryption - CORRECT ANSWERS ✔✔The reverse process from
|\ |\ |\ |\ |\ |\ |\ |\
encryption. It is the process of converting a ciphertext message
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
back into plaintext through the use of the cryptographic
|\ |\ |\ |\ |\ |\ |\ |\ |\
algorithm and the appropriate key for decryption (which is the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
same for symmetric encryption, but different for asymmetric
|\ |\ |\ |\ |\ |\ |\ |\
encryption). This term is also used interchangeably with the
|\ |\ |\ |\ |\ |\ |\ |\
"deciphering."
|\
,Degaussing - CORRECT ANSWERS ✔✔A technique of erasing data |\ |\ |\ |\ |\ |\ |\ |\
on disk or tape (including video tapes) that, when performed
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
properly, ensures that there is insufficient magnetic remanence
|\ |\ |\ |\ |\ |\ |\ |\
to reconstruct data.
|\ |\
Digital Signature - CORRECT ANSWERS ✔✔The result of a
|\ |\ |\ |\ |\ |\ |\ |\ |\
cryptographic transformation of data which, when properly |\ |\ |\ |\ |\ |\ |\
implemented, provides the services of origin authentication, data |\ |\ |\ |\ |\ |\ |\
integrity, and signer non-repudiation. NIST SP 800-12 Rev. 1
|\ |\ |\ |\ |\ |\ |\ |\ |\
Egress Monitoring - CORRECT ANSWERS ✔✔Monitoring of
|\ |\ |\ |\ |\ |\ |\
outgoing network traffic. |\ |\
Encryption - CORRECT ANSWERS ✔✔The process and act of
|\ |\ |\ |\ |\ |\ |\ |\ |\
converting the message from its plaintext to ciphertext.
|\ |\ |\ |\ |\ |\ |\ |\
Sometimes it is also referred to as enciphering. The two terms
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
are sometimes used interchangeably in literature and have
|\ |\ |\ |\ |\ |\ |\ |\
similar meanings. |\
Encryption System - CORRECT ANSWERS ✔✔The total set of
|\ |\ |\ |\ |\ |\ |\ |\ |\
algorithms, processes, hardware, software, and procedures that
|\ |\ |\ |\ |\ |\ |\
taken together provide an encryption and decryption capability.
|\ |\ |\ |\ |\ |\ |\
Hardening - CORRECT ANSWERS ✔✔A reference to the process of
|\ |\ |\ |\ |\ |\ |\ |\ |\
applying secure configurations (to reduce the attack surface) and
|\ |\ |\ |\ |\ |\ |\ |\ |\
locking down various hardware, communications systems, and
|\ |\ |\ |\ |\ |\ |\ |\
software, including operating system, web server, application
|\ |\ |\ |\ |\ |\ |\
server, application, etc. Hardening is normally performed based
|\ |\ |\ |\ |\ |\ |\ |\
on industry guidelines and benchmarks, such as those provided
|\ |\ |\ |\ |\ |\ |\ |\ |\
by the Center for Internet Security (CIS).
|\ |\ |\ |\ |\ |\
, Hash Function - CORRECT ANSWERS ✔✔An algorithm that
|\ |\ |\ |\ |\ |\ |\ |\
computes a numerical value (called the hash value) on a data file
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
or electronic message that is used to represent that file or
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
message and depends on the entire contents of the file or
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
message. A hash function can be considered to be a fingerprint
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
of the file or message. NIST SP 800-152
|\ |\ |\ |\ |\ |\ |\
Hashing - CORRECT ANSWERS ✔✔The process of using a
|\ |\ |\ |\ |\ |\ |\ |\ |\
mathematical algorithm against data to produce a numeric value |\ |\ |\ |\ |\ |\ |\ |\ |\
that is representative of that data. Source CNSSI 4009-2015
|\ |\ |\ |\ |\ |\ |\ |\
Information Sharing - CORRECT ANSWERS ✔✔The requirements |\ |\ |\ |\ |\ |\ |\
for information sharing by an IT system with one or more other IT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
systems or applications, for information sharing to support
|\ |\ |\ |\ |\ |\ |\ |\ |\
multiple internal or external organizations, missions, or public
|\ |\ |\ |\ |\ |\ |\ |\
programs. NIST SP 800-16 |\ |\ |\
Ingress Monitoring - CORRECT ANSWERS ✔✔Monitoring of
|\ |\ |\ |\ |\ |\ |\
incoming network traffic. |\ |\
Message Digest - CORRECT ANSWERS ✔✔A digital signature that
|\ |\ |\ |\ |\ |\ |\ |\ |\
uniquely identifies data and has the property such that changing
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
a single bit in the data will cause a completely different message
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
digest to be generated. NISTIR-8011 Vol.3
|\ |\ |\ |\ |\
Operating System - CORRECT ANSWERS ✔✔The software "master|\ |\ |\ |\ |\ |\ |\
control application" that runs the computer. It is the first
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
program loaded when the computer is turned on, and its main
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
component, the kernel, resides in memory at all times. The |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
