ISC2 CYBERSECURITY UPDATED EXAM SCRIPT QUESTIONS
AND ANSWERS RATED A+
✔✔Which type of attack attempts to gain information by observing the device's power
consumption? - ✔✔side-channel attack
is a passive and non-invasive attack aiming to extract information from a running
system
✔✔Which of the following canons is found in the ISC2 code of ethics? - ✔✔"Provide
diligent and competent service to principals" contains the accurate text of the ISC2 code
of ethics.
✔✔Which of these is the PRIMARY objective of a Disaster Recovery Plan? -
✔✔Restore company operation to the last-known reliable operation state
✔✔Which of these is not an attack against an IP network? - ✔✔Side Channel Attacks
are non-invasive attacks that extract information from devices (typically devices running
cryptographic algorithms), and therefore do not aim at IP networks
✔✔Which of the following is NOT a type of learning activity used in Security
Awareness? - ✔✔Tutorial
is a form of training, but is not on the list of types of learning activities.
✔✔Which are the components of an incident response plan? - ✔✔Preparation->
Detection and Analysis -> Containment, Education and Recovery -> Post Incident
Activity
✔✔Which type of attack embeds malicious payload inside a reputable or trusted
software? - ✔✔Trojans
are a type of software that appears legitimate but has hidden malicious functions that
evade security mechanisms, typically by exploiting legitimate authorizations of the user
that invokes the program.
✔✔Which of these is the most efficient and effective way to test a business continuity
plan? - ✔✔Simulations
are full re-enactments of business continuity procedures and can involve most, if not all,
of your workforce.
✔✔Security posters are an element PRIMARILY employed in: - ✔✔Security Awareness
✔✔Which of these types of user is LESS likely to have a privileged account? -
✔✔External workers
should not have access to privileged accounts, due to the possibility of misuse.
, ✔✔Which of the following is less likely to be part of an incident response team? -
✔✔Human Resources
✔✔Which type of attack has the PRIMARY objective of encrypting devices and their
data, and then demanding a ransom payment for the decryption key? - ✔✔Ransomware
is malware designed to deny a user or organization access to files on their computer, by
encrypting them and demanding a ransom payment for the decryption key.
✔✔Which access control is more effective at protecting a door against unauthorized
access? - ✔✔Lock
is a device that prevents a physical structure (typically a door) from being opened,
indicating that only the authorized person (i.e. the person with the key) can open it.
✔✔The address 8be2:4382:8d84:7ce2:ec0f:3908:d29a:903a is an: - ✔✔IPv6 address
is a 128-bit address represented as a sequence of eight groups of 16-bit hexadecimal
values.
✔✔Which devices have the PRIMARY objective of collecting and analyzing security
events? - ✔✔SIEM
Security Information and Event Management system is an application that gathers
security data from information system components and presents actionable information
through a unified interface.
✔✔Which of the following properties is NOT guaranteed by Digital Signatures? -
✔✔Confidentiality
A digital signature is the result of a cryptographic transformation of data which is useful
for providing: data origin authentication, data integrity, and non-repudiation of the signe
✔✔Which of the following is NOT a feature of a cryptographic hash function? -
✔✔Reversible
✔✔Which of the following attacks take advantage of poor input validation in websites? -
✔✔Cross-Site Scripting (XSS)
is a type of attack where malicious executable scripts are injected into the code of an
otherwise benign website
✔✔In which cloud deployment model do companies share resources and infrastructure
on the cloud? - ✔✔Community cloud
A private cloud is a cloud computing model where the cloud infrastructure is dedicated
to a single organization (and never shared with others).
✔✔Which of the following is a data handling policy procedure? - ✔✔Destory
AND ANSWERS RATED A+
✔✔Which type of attack attempts to gain information by observing the device's power
consumption? - ✔✔side-channel attack
is a passive and non-invasive attack aiming to extract information from a running
system
✔✔Which of the following canons is found in the ISC2 code of ethics? - ✔✔"Provide
diligent and competent service to principals" contains the accurate text of the ISC2 code
of ethics.
✔✔Which of these is the PRIMARY objective of a Disaster Recovery Plan? -
✔✔Restore company operation to the last-known reliable operation state
✔✔Which of these is not an attack against an IP network? - ✔✔Side Channel Attacks
are non-invasive attacks that extract information from devices (typically devices running
cryptographic algorithms), and therefore do not aim at IP networks
✔✔Which of the following is NOT a type of learning activity used in Security
Awareness? - ✔✔Tutorial
is a form of training, but is not on the list of types of learning activities.
✔✔Which are the components of an incident response plan? - ✔✔Preparation->
Detection and Analysis -> Containment, Education and Recovery -> Post Incident
Activity
✔✔Which type of attack embeds malicious payload inside a reputable or trusted
software? - ✔✔Trojans
are a type of software that appears legitimate but has hidden malicious functions that
evade security mechanisms, typically by exploiting legitimate authorizations of the user
that invokes the program.
✔✔Which of these is the most efficient and effective way to test a business continuity
plan? - ✔✔Simulations
are full re-enactments of business continuity procedures and can involve most, if not all,
of your workforce.
✔✔Security posters are an element PRIMARILY employed in: - ✔✔Security Awareness
✔✔Which of these types of user is LESS likely to have a privileged account? -
✔✔External workers
should not have access to privileged accounts, due to the possibility of misuse.
, ✔✔Which of the following is less likely to be part of an incident response team? -
✔✔Human Resources
✔✔Which type of attack has the PRIMARY objective of encrypting devices and their
data, and then demanding a ransom payment for the decryption key? - ✔✔Ransomware
is malware designed to deny a user or organization access to files on their computer, by
encrypting them and demanding a ransom payment for the decryption key.
✔✔Which access control is more effective at protecting a door against unauthorized
access? - ✔✔Lock
is a device that prevents a physical structure (typically a door) from being opened,
indicating that only the authorized person (i.e. the person with the key) can open it.
✔✔The address 8be2:4382:8d84:7ce2:ec0f:3908:d29a:903a is an: - ✔✔IPv6 address
is a 128-bit address represented as a sequence of eight groups of 16-bit hexadecimal
values.
✔✔Which devices have the PRIMARY objective of collecting and analyzing security
events? - ✔✔SIEM
Security Information and Event Management system is an application that gathers
security data from information system components and presents actionable information
through a unified interface.
✔✔Which of the following properties is NOT guaranteed by Digital Signatures? -
✔✔Confidentiality
A digital signature is the result of a cryptographic transformation of data which is useful
for providing: data origin authentication, data integrity, and non-repudiation of the signe
✔✔Which of the following is NOT a feature of a cryptographic hash function? -
✔✔Reversible
✔✔Which of the following attacks take advantage of poor input validation in websites? -
✔✔Cross-Site Scripting (XSS)
is a type of attack where malicious executable scripts are injected into the code of an
otherwise benign website
✔✔In which cloud deployment model do companies share resources and infrastructure
on the cloud? - ✔✔Community cloud
A private cloud is a cloud computing model where the cloud infrastructure is dedicated
to a single organization (and never shared with others).
✔✔Which of the following is a data handling policy procedure? - ✔✔Destory
