ISC-2 Certified In Cybersecurity (CC)
Practice Exam Questions and Correct
Answers
Triffid Corporation has a policy that all employees must receive security awareness
instruction before using email; the company wants to make employees aware of
potential phishing attempts that the employees might receive via email. What kind
of control is this instruction?
A. Administrative
B. Finite
C. Physical
D. Technical - ANSWER A. Administrative
The Triffid Corporation publishes a strategic overview of the company's intent to
secure all the data the company possesses. This document is signed by Triffid senior
management. What kind of document is this?
A. Policy
B. Procedure
C. Standard
D. Law - ANSWER A. Policy
Chad is a security practitioner tasked with ensuring that the information on the
organization's public website is not changed by anyone outside the organization. This
task is an example of ensuring _________.
A. Confidentiality
B. Integrity
C. Availability
,D. Confirmation - ANSWER B. Integrity
The city of Grampon wants to ensure that all of its citizens are protected from
malware, so the city council creates a rule that anyone caught creating and launching
malware within the city limits will receive a fine and go to jail. What kind of rule is this?
A. Policy
B. Procedure
C. Standard
D. Law - ANSWER D. Law
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of
Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what
the test questions are like. What should Zarma do?
A. Inform (ISC)2
B. Explain the style and format of the questions, but no detail
C. Inform the colleague's supervisor
D. Nothing - ANSWER B. Explain the style and format of the questions, but no detail
Druna is a security practitioner tasked with ensuring that laptops are not stolen from
the organization's offices. Which sort of security control would probably be best for
this purpose?
A. Technical
B. Observe
C. Physical
D. Administrative - ANSWER C. Physical
For which of the following assets is integrity probably the most important
security aspect?
,A. One frame of a streaming video
B. The file that contains passwords used to authenticate users
C. The color scheme of a marketing website
D. Software that checks the spelling of product descriptions for a retail website -
ANSWER B. The file that contains passwords used to authenticate users
Jengi is setting up security for a home network. Jengi decides to configure MAC
address filtering on the router, so that only specific devices will be allowed to join the
network. This is an example of a(n)_______ control.
A. Physical
B. Administrative
C. Substantial
D. Technical - ANSWER D. Technical
Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst.
Yesterday, Siobhan got a parking ticket while shopping after work. What should
Siobhan do?
A. Inform (ISC)2
B. Pay the parking ticket
C. Inform supervisors at Triffid
D. Resign employment from Triffid - ANSWER B. Pay the parking ticket
Hoshi is an (ISC)² member who works for the Triffid Corporation as a data manager.
Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for
Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor
happens to make the best firewall available. What should Hoshi do?
A. Recommend a different vendor/product
B. Recommend the cousin's product
, C. Hoshi should ask to be recused from the task
D. Disclose the relationship, but recommend the vendor/product - ANSWER D.
Disclose the relationship, but recommend the vendor/product
Of the following, which would probably not be considered a threat?
A. Natural disaster
B. Unintentional damage to the system cause by a user
C. A laptop with sensitive data on it
D. An external attacker trying to gain unauthorized access to the environment - ANSWER
C. A laptop with sensitive data on it
Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette
wheel. This is an example of _________.
A. Acceptance
B. Avoidance
C. Mitigation
D. Transference - ANSWER A. Acceptance
In risk management concepts, a(n) ___________ is something or someone that poses
risk to an organization or asset.
A. Fear
B. Threat
C. Control
D. Asset - ANSWER B. Threat
Who approves the incident response policy?
A. (ISC)2
Practice Exam Questions and Correct
Answers
Triffid Corporation has a policy that all employees must receive security awareness
instruction before using email; the company wants to make employees aware of
potential phishing attempts that the employees might receive via email. What kind
of control is this instruction?
A. Administrative
B. Finite
C. Physical
D. Technical - ANSWER A. Administrative
The Triffid Corporation publishes a strategic overview of the company's intent to
secure all the data the company possesses. This document is signed by Triffid senior
management. What kind of document is this?
A. Policy
B. Procedure
C. Standard
D. Law - ANSWER A. Policy
Chad is a security practitioner tasked with ensuring that the information on the
organization's public website is not changed by anyone outside the organization. This
task is an example of ensuring _________.
A. Confidentiality
B. Integrity
C. Availability
,D. Confirmation - ANSWER B. Integrity
The city of Grampon wants to ensure that all of its citizens are protected from
malware, so the city council creates a rule that anyone caught creating and launching
malware within the city limits will receive a fine and go to jail. What kind of rule is this?
A. Policy
B. Procedure
C. Standard
D. Law - ANSWER D. Law
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of
Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what
the test questions are like. What should Zarma do?
A. Inform (ISC)2
B. Explain the style and format of the questions, but no detail
C. Inform the colleague's supervisor
D. Nothing - ANSWER B. Explain the style and format of the questions, but no detail
Druna is a security practitioner tasked with ensuring that laptops are not stolen from
the organization's offices. Which sort of security control would probably be best for
this purpose?
A. Technical
B. Observe
C. Physical
D. Administrative - ANSWER C. Physical
For which of the following assets is integrity probably the most important
security aspect?
,A. One frame of a streaming video
B. The file that contains passwords used to authenticate users
C. The color scheme of a marketing website
D. Software that checks the spelling of product descriptions for a retail website -
ANSWER B. The file that contains passwords used to authenticate users
Jengi is setting up security for a home network. Jengi decides to configure MAC
address filtering on the router, so that only specific devices will be allowed to join the
network. This is an example of a(n)_______ control.
A. Physical
B. Administrative
C. Substantial
D. Technical - ANSWER D. Technical
Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst.
Yesterday, Siobhan got a parking ticket while shopping after work. What should
Siobhan do?
A. Inform (ISC)2
B. Pay the parking ticket
C. Inform supervisors at Triffid
D. Resign employment from Triffid - ANSWER B. Pay the parking ticket
Hoshi is an (ISC)² member who works for the Triffid Corporation as a data manager.
Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for
Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor
happens to make the best firewall available. What should Hoshi do?
A. Recommend a different vendor/product
B. Recommend the cousin's product
, C. Hoshi should ask to be recused from the task
D. Disclose the relationship, but recommend the vendor/product - ANSWER D.
Disclose the relationship, but recommend the vendor/product
Of the following, which would probably not be considered a threat?
A. Natural disaster
B. Unintentional damage to the system cause by a user
C. A laptop with sensitive data on it
D. An external attacker trying to gain unauthorized access to the environment - ANSWER
C. A laptop with sensitive data on it
Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette
wheel. This is an example of _________.
A. Acceptance
B. Avoidance
C. Mitigation
D. Transference - ANSWER A. Acceptance
In risk management concepts, a(n) ___________ is something or someone that poses
risk to an organization or asset.
A. Fear
B. Threat
C. Control
D. Asset - ANSWER B. Threat
Who approves the incident response policy?
A. (ISC)2
