ISC2 CC (Certified in Cyber Security)
Practice Questions: Certification
Success - Unofficial By Certification
Terminal (Part 1) Exam Q&A Verified &
Approved
4.1 In the realm of information security, what constitutes the utmost crucial
element of privacy?
A. Protecting personal information from unauthorized access or disclosure
B. Ensuring data is accurate and unchanged
C. Making sure data is always accessible when needed
D. All of the above - ✔✔A. Protecting personal information from
unauthorized access or disclosure
4.2 Choose the BEST example for a preventive control from the following:
A. A firewall
B. A backup generator
1
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
,C. An intrusion detection system
D. An antivirus software - ✔✔A. A firewall
4.3 What distinguishes a private cloud from a public cloud?
A. A public cloud is less secure than a private cloud
B. A private cloud is more expensive than a public cloud
C. A public cloud is hosted by a third-party provider, while a private cloud is
dedicated to a single organization
D. A private cloud is only accessible from a single location - ✔✔C. A public
cloud is hosted by a third-party provider, while a private cloud is dedicated
to a single organization
4.4 What security principle asserts that a user should possess only the
requisite permissions to perform a task?
A. Separation of Duties
B. Defense in Depth
C. Least Privilege
D. Privileged Accounts - ✔✔C. Least Privilege
4.5 What is the objective of implementing a security awareness and training
initiative?
A. To develop technical specifications for security controls
B. To educate employees about security policies and procedures
2
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
,C. To investigate and respond to security incidents
D. To enforce disciplinary actions for security violations - ✔✔B. To educate
employees about security policies and procedures
4.6 In your roles as a cybersecurity analyst, your supervisor tasks you with
producing a document that delineates the sequential procedure for setting
up firewall rules within the organization's network infrastructure. What
specific type of document are you creating?
A. Guideline
B. Policy
C. Procedure
D. Standard - ✔✔C. Procedure
4.7 What is the term used to denote the process of eliminating or
neutralizing malicious software (malware) from a computer?
A. Firewall configuration
B. Decryption
C. Encryption
D. Malware Removal - ✔✔D. Malware Removal
4.8 What distinguishes an incident response plan from a disaster recovery
plan?
3
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
, A. An incident response plan focuses on recovering from security incidents,
while a disaster recovery plan focuses on recovering from natural disasters.
B. An incident response plan focuses on preventing security incidents,
while a disaster recovery plan focuses on mitigating the impact of natural
disasters
C. An incident response plan focuses on detecting and responding to
security incidents, while a disaster recovery plan focuses on restoring IT
systems and infrastructure
D. An incident response plan focuses on restoring critical systems and
data, while a disaster recovery plan focuses on restoring business
operations. - ✔✔C. An incident response plan focuses on detecting and
responding to security incidents, while a disaster recovery plan focuses on
restoring IT systems and infrastructure
4.9 What is the main objective of Business Continuity (BC)?
A. To minimize expenses during unexpected events
B. To maintain operations during unexpected events
C. To maximize profits during unexpected events
D. To maintain the status quo during unexpected events - ✔✔B. To
maintain operations during unexpected even
4
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
Practice Questions: Certification
Success - Unofficial By Certification
Terminal (Part 1) Exam Q&A Verified &
Approved
4.1 In the realm of information security, what constitutes the utmost crucial
element of privacy?
A. Protecting personal information from unauthorized access or disclosure
B. Ensuring data is accurate and unchanged
C. Making sure data is always accessible when needed
D. All of the above - ✔✔A. Protecting personal information from
unauthorized access or disclosure
4.2 Choose the BEST example for a preventive control from the following:
A. A firewall
B. A backup generator
1
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
,C. An intrusion detection system
D. An antivirus software - ✔✔A. A firewall
4.3 What distinguishes a private cloud from a public cloud?
A. A public cloud is less secure than a private cloud
B. A private cloud is more expensive than a public cloud
C. A public cloud is hosted by a third-party provider, while a private cloud is
dedicated to a single organization
D. A private cloud is only accessible from a single location - ✔✔C. A public
cloud is hosted by a third-party provider, while a private cloud is dedicated
to a single organization
4.4 What security principle asserts that a user should possess only the
requisite permissions to perform a task?
A. Separation of Duties
B. Defense in Depth
C. Least Privilege
D. Privileged Accounts - ✔✔C. Least Privilege
4.5 What is the objective of implementing a security awareness and training
initiative?
A. To develop technical specifications for security controls
B. To educate employees about security policies and procedures
2
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
,C. To investigate and respond to security incidents
D. To enforce disciplinary actions for security violations - ✔✔B. To educate
employees about security policies and procedures
4.6 In your roles as a cybersecurity analyst, your supervisor tasks you with
producing a document that delineates the sequential procedure for setting
up firewall rules within the organization's network infrastructure. What
specific type of document are you creating?
A. Guideline
B. Policy
C. Procedure
D. Standard - ✔✔C. Procedure
4.7 What is the term used to denote the process of eliminating or
neutralizing malicious software (malware) from a computer?
A. Firewall configuration
B. Decryption
C. Encryption
D. Malware Removal - ✔✔D. Malware Removal
4.8 What distinguishes an incident response plan from a disaster recovery
plan?
3
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
, A. An incident response plan focuses on recovering from security incidents,
while a disaster recovery plan focuses on recovering from natural disasters.
B. An incident response plan focuses on preventing security incidents,
while a disaster recovery plan focuses on mitigating the impact of natural
disasters
C. An incident response plan focuses on detecting and responding to
security incidents, while a disaster recovery plan focuses on restoring IT
systems and infrastructure
D. An incident response plan focuses on restoring critical systems and
data, while a disaster recovery plan focuses on restoring business
operations. - ✔✔C. An incident response plan focuses on detecting and
responding to security incidents, while a disaster recovery plan focuses on
restoring IT systems and infrastructure
4.9 What is the main objective of Business Continuity (BC)?
A. To minimize expenses during unexpected events
B. To maintain operations during unexpected events
C. To maximize profits during unexpected events
D. To maintain the status quo during unexpected events - ✔✔B. To
maintain operations during unexpected even
4
©JOSHCLAY 2024/2025. YEAR PUBLISHED 2024.
