Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

CC Course Pre-Assessment & Post-Assessment Examination (2026) Verified Questions with Correct Answers| Genuine Latest Update.

Rating
-
Sold
-
Pages
17
Grade
A+
Uploaded on
02-02-2026
Written in
2025/2026

CC Course Pre-Assessment & Post-Assessment Examination (2026) Verified Questions with Correct Answers| Genuine Latest Update. C. Physical CORRECT ANS Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don't collide with pedestrians. What is probably the most effective type of control for this task? A. Administrative B. Nuanced C. Physical D. Technical D. Integrity CORRECT ANS Chad is a security practitioner tasked with ensuring that the information on the organization's public website is not changed by anyone outside the organization. This task is an example of ensuring . A. Availability B. Confirmation C. Confidentiality D. Integrity C. Password CORRECT ANS Which of the following is an example of a "Something you know" authentication factor? A. Fingerprint B. Iris scan C. Password D. User ID A. A photograph of your face CORRECT ANS Which of the following is an example of a "Something you are" authentication factor? A. A photograph of your face B. A credit card presented to a cash machine C. A user ID D. Your password and PIN C. non-repudiation CORRECT ANS A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing . A. Multifactor authentication B. Biometrics C. non-repudiation D. Privacy C. The General Data Protection Regulation CORRECT ANS What is the European Union (EU) law that grants legal protections to individual human privacy? A. The Magna Carta B. The Privacy Human Rights Act C. The General Data Protection Regulation D. The Constitution B. Medical systems that monitor patient condition in an intensive-care unit CORRECT ANS For which of the following systems would the security concept of availability probably be most important? A. Online streaming of camera feeds that display historical works of art in museums around the world B. Medical systems that monitor patient condition in an intensive-care unit C. Retail records of past transactions D. Medical systems that store patient data A. The file that contains passwords used to authenticate users CORRECT ANS For which of the following assets is integrity probably the most important security aspect? A. The file that contains passwords used to authenticate users B. The color scheme of a marketing website C. Software that checks the spelling of product descriptions for a retail website D. One frame of a streaming video A. Asset CORRECT ANS Fill in the missing word: In risk management concepts, a(n) is something a security practitioner might need to protect. A. Asset B. Likelihood C. Vulnerability D. Threat A. Threat CORRECT ANS Fill in the missing word: In risk management concepts, a(n) is something or someone that poses risk to an organization or asset. A. Threat B. Control C. Fear D. Asset D. A laptop with sensitive data on it CORRECT ANS Of the following, which would probably not be considered a threat? A. Unintentional damage to the system caused by a user B. Natural disaster C. An external attacker trying to gain unauthorized access to the environment D. A laptop with sensitive data on it A. A high-likelihood, high-impact event CORRECT ANS Which of the following probably poses the most risk? You can select one or more answers. A. A high-likelihood, high-impact event B. A low-likelihood, high-impact event C. A low-likelihood, low-impact event D. A high-likelihood, low-impact event C. Anyone CORRECT ANS Within the organization, who can identify risk? A. The security manager B. Senior management C. Anyone D. Any security team member B. Mitigation CORRECT ANS Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess a particular threat, and he suggests that the best way to counter this threat would be to purchase and implement a particular security solution. This is an example of . A. Avoidance B. Mitigation C. Acceptance D. Transference C. Acceptance CORRECT ANS Fill in the missing word: Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel. This is an example of . A. Avoidance B. Mitigation C. Acceptance D. Transference D. Risk tolerance CORRECT ANS Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of . A. Risk inversion B. Threat C. Vulnerability D. Risk tolerance C. Technical CORRECT ANS A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of control. A. Passive B. Administrative C. Technical D. Physical D. Physical CORRECT ANS At the airport, there are red lines painted on the ground next to the runway, which prohibits traffic from crossing it. This is an example of a(n) control. A. Critical B. Technical C. Administrative D. Physical A. Physical CORRECT ANS A bollard is a post set securely in the ground in order to prevent a vehicle from entering an area or driving past a certain point. Bollards are an example of controls. A. Physical B. Technical C. Critical D. Administrative C. Physical CORRECT ANS Druna is a security practitioner tasked with ensuring that laptops are not stolen from the organization's offices. Which sort of security control would probably be best for this purpose? A. Administrative B. Obverse C. Physical D. Technical C. Administrative CORRECT ANS Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? A. Physical B. Finite C. Administrative D. Technical B. Standard CORRECT ANS ISC2 publishes a Common Body of Knowledge (CBK) that IT security practitioners should be familiar with; this is recognized throughout the industry as a set of material that is useful for practitioners to refer to. Certifications can be issued for demonstrating expertise in this Common Body of Knowledge. What kind of document is the Common Body of Knowledge? A. Procedure B. Standard C. Policy D. Law C. Law CORRECT ANS The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this? A. Standard B. Procedure C. Law D. Policy D. Policy CORRECT ANS The Triffid Corporation publishes a strategic overview of the company's intent to secure all the data the company possesses. This document is signed by Triffid's senior management. What kind of document is this? A. Law B. Procedure C. Standard D. Policy D. Law, procedure CORRECT ANS Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits. The municipal code is a , and the Triffid checklist is a . A. Policy, law B. Standard, law C. Law, standard D. Law, procedure A. Standard CORRECT ANS The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers' personal data. This set of rules is a . A. Standard B. Procedure C. Law D. Policy C. Disclose the relationship, but recommend the vendor/product CORRECT ANS Hoshi is an ISC2 member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do? A. Recommend a different vendor/product B. Hoshi should ask to be recused from the task C. Disclose the relationship, but recommend the vendor/product D. Recommend the cousin's product D. Tell the auditors the truth CORRECT ANS Olaf is a member of ISC2 and a security analyst for Triffid Corporation. During an audit, Olaf is asked whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not adhering to that standard in that particular situation, but that saying this to the auditors will reflect poorly on Triffid. What should Olaf do? A. Ask supervisors for guidance B. Ask ISC2 for guidance C. Lie to the auditors D. Tell the auditors the truth A. Inform Triffid management CORRECT ANS Aphrodite is a member of ISC2 and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do? A. Inform Triffid management B. Inform law enforcement C. Inform ISC2 D. Nothing A. Inform ISC2 CORRECT ANS Glena is an ISC2 member. Glena receives an email from a company offering a set of answers for an ISC2 certification exam. What should Glena do? A. Inform ISC2 B. Nothing C. Inform Glena's employer D. Inform law enforcement

Show more Read less
Institution
CC Course
Course
CC Course

Content preview

CC Course Pre-Assessment & Post-
Assessment Examination (2026) Verified
Questions with Correct Answers| Genuine
Latest Update.

C. Physical <<CORRECT ANS <<Steve is a security practitioner assigned to come up with a
protective measure for ensuring cars don't collide with pedestrians.
What is probably the most effective type of control for this task?
A. Administrative
B. Nuanced
C. Physical
D. Technical


D. Integrity <<CORRECT ANS <<Chad is a security practitioner tasked with ensuring that the
information on the organization's public website is not changed by anyone outside the
organization. This task is an example of ensuring .
A. Availability
B. Confirmation
C. Confidentiality
D. Integrity


C. Password <<CORRECT ANS <<Which of the following is an example of a "Something you
know" authentication factor?
A. Fingerprint
B. Iris scan
C. Password
D. User ID


A. A photograph of your face <<CORRECT ANS <<Which of the following is an example of a
"Something you are" authentication factor?
A. A photograph of your face
B. A credit card presented to a cash machine
C. A user ID
D. Your password and PIN


C. non-repudiation <<CORRECT ANS <<A system that collects transactional information and
stores it in a record in order to show which users performed which actions is an example of
providing .
A. Multifactor authentication
B. Biometrics
C. non-repudiation
D. Privacy


C. The General Data Protection Regulation <<CORRECT ANS <<What is the European Union

,(EU) law that grants legal protections to individual human privacy?
A. The Magna Carta
B. The Privacy Human Rights Act
C. The General Data Protection Regulation
D. The Constitution


B. Medical systems that monitor patient condition in an intensive-care unit <<CORRECT ANS
<<For which of the following systems would the security concept of availability probably be most
important?
A. Online streaming of camera feeds that display historical works of art in museums around the
world
B. Medical systems that monitor patient condition in an intensive-care unit
C. Retail records of past transactions
D. Medical systems that store patient data


A. The file that contains passwords used to authenticate users <<CORRECT ANS <<For which
of the following assets is integrity probably the most important security aspect?
A. The file that contains passwords used to authenticate users
B. The color scheme of a marketing website
C. Software that checks the spelling of product descriptions for a retail website
D. One frame of a streaming video


A. Asset <<CORRECT ANS <<Fill in the missing word:
In risk management concepts, a(n) is something a security practitioner might need to protect.
A. Asset
B. Likelihood
C. Vulnerability
D. Threat


A. Threat <<CORRECT ANS <<Fill in the missing word:
In risk management concepts, a(n) is something or someone that poses risk to an organization
or asset.
A. Threat
B. Control
C. Fear
D. Asset


D. A laptop with sensitive data on it <<CORRECT ANS <<Of the following, which would
probably not be considered a threat?
A. Unintentional damage to the system caused by a user
B. Natural disaster
C. An external attacker trying to gain unauthorized access to the environment
D. A laptop with sensitive data on it


A. A high-likelihood, high-impact event <<CORRECT ANS <<Which of the following probably
poses the most risk?
You can select one or more answers.

A. A high-likelihood, high-impact event
B. A low-likelihood, high-impact event

, C. A low-likelihood, low-impact event
D. A high-likelihood, low-impact event


C. Anyone <<CORRECT ANS <<Within the organization, who can identify risk?
A. The security manager
B. Senior management
C. Anyone
D. Any security team member
B. Mitigation <<CORRECT ANS <<Kerpak works in the security office of a medium-sized
entertainment company. Kerpak is asked to assess a particular threat, and he suggests that the
best way to counter this threat would be to purchase and implement a particular security
solution.
This is an example of .
A. Avoidance
B. Mitigation
C. Acceptance
D. Transference


C. Acceptance <<CORRECT ANS <<Fill in the missing word:
Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette
wheel.
This is an example of .
A. Avoidance
B. Mitigation
C. Acceptance
D. Transference


D. Risk tolerance <<CORRECT ANS <<Phrenal is selling a used laptop in an online auction.
Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar
type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will
sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an
example of .
A. Risk inversion
B. Threat
C. Vulnerability
D. Risk tolerance


C. Technical <<CORRECT ANS <<A software firewall is an application that runs on a device
and prevents specific types of traffic from entering that device.
This is a type of control.
A. Passive
B. Administrative
C. Technical
D. Physical


D. Physical <<CORRECT ANS <<At the airport, there are red lines painted on the ground next
to the runway, which prohibits traffic from crossing it.
This is an example of a(n) control.
A. Critical
B. Technical
C. Administrative

Written for

Institution
CC Course
Course
CC Course

Document information

Uploaded on
February 2, 2026
Number of pages
17
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$13.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
Nurslink Chamberlain College Of Nursing
View profile
Follow You need to be logged in order to follow users or courses
Sold
235
Member since
3 year
Number of followers
72
Documents
1693
Last sold
1 month ago
Nurslink.

Pre-eminent study guidance.

3.5

27 reviews

5
10
4
7
3
3
2
0
1
7

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions