ISC2 CC Exam Questions With Correct
Answers
Triffid bCorporation bhas ba brule bthat ball bemployees bworking bwith bsensitive bhardcopy
bdocuments bmust bput bthe bdocuments binto ba bsafe bat bthe bend bof bthe bworkday,
bwhere bthey bare blocked bup buntil bthe bfollowing bworkday. bWhat bkind bof bcontrol bis
bthe bprocess bof bputting bthe bdocuments binto bthe bsafe? b(D1, bL1.3.1)
A) bAdministrative
B) bTangential
C) bPhysical
D) bTechnical b- bcorrect banswers✔✔A bis bthe bcorrect banswer. bThe bprocess bitself bis
ban badministrative bcontrol; brules band bpractices bare badministrative. bThe bsafe bitself
bis bphysical, bbut bthe bquestion basked bspecifically babout bprocess, bnot bthe bsafe, bso
bC bis bincorrect. bNeither bthe bsafe bnor bthe bprocess bis bpart bof bthe bIT benvironment,
bso bthis bis bnot ba btechnical bcontrol; bD bis bincorrect. bB bis bincorrect; b"tangential" bis
bnot ba bterm bcommonly bused bto bdescribe ba bparticular btype bof bsecurity bcontrol, band
bis bused bhere bonly bas ba bdistractor.
A bvendor bsells ba bparticular boperating bsystem b(OS). bIn border bto bdeploy bthe bOS
bsecurely bon bdifferent bplatforms, bthe bvendor bpublishes bseveral bsets bof binstructions
bon bhow bto binstall bit, bdepending bon bwhich bplatform bthe bcustomer bis busing. bThis bis
ban bexample bof ba b________. b(D1, bL1.4.2)
A)Law
B)Procedure
C)Standard
D)Policy b- bcorrect banswers✔✔B bis bcorrect. bThis bis ba bset bof binstructions bto
bperform ba bparticular btask, bso bit bis ba bprocedure b(several bprocedures, bactually—one
bfor beach bplatform). bA bis bincorrect; bthe binstructions bare bnot ba bgovernmental
bmandate. bC bis bincorrect, bbecause bthe binstructions bare bparticular bto ba bspecific
bproduct, bnot baccepted bthroughout bthe bindustry. bD bis bincorrect, bbecause bthe
binstructions bare bnot bparticular bto ba bgiven borganization.
,The bTriffid bCorporation bpublishes ba bpolicy bthat bstates ball bpersonnel bwill bact bin ba
bmanner bthat bprotects bhealth band bhuman bsafety. bThe bsecurity boffice bis btasked
bwith bwriting ba bdetailed bset bof bprocesses bon bhow bemployees bshould bwear
bprotective bgear bsuch bas bhardhats band bgloves bwhen bin bhazardous bareas. bThis
bdetailed bset bof bprocesses bis ba b_________. b(D1, bL1.4.1)
A)Policy
B)Procedure
C)Standard
D)Law b- bcorrect banswers✔✔B bis bcorrect. bA bdetailed bset bof bprocesses bused bby ba
bspecific borganization bis ba bprocedure. bA bis bincorrect; bthe bpolicy bis bthe boverarching
bdocument bthat brequires bthe bprocedure bbe bcreated band bimplemented. bC bis
bincorrect. bThe bprocedure bis bnot brecognized band bimplemented bthroughout bthe
bindustry; bit bis bused binternally. bD bis bincorrect; bthe bprocedure bwas bcreated bby
bTriffid bCorporation, bnot ba bgovernmental bbody.
Chad bis ba bsecurity bpractitioner btasked bwith bensuring bthat bthe binformation bon bthe
borganization's bpublic bwebsite bis bnot bchanged bby banyone boutside bthe borganization.
bThis btask bis ban bexample bof bensuring b_________. b(D1, bL1.1.1)
A)Confidentiality
B)Integrity
C)Availability
D)Confirmation b- bcorrect banswers✔✔B bis bcorrect. bPreventing bunauthorized
bmodification bis bthe bdefinition bof bintegrity. bA bis bincorrect bbecause bthe bwebsite bis
bnot bmeant bto bbe bsecret; bit bis bopen bto bthe bpublic. bC bis bincorrect bbecause bChad
bis bnot btasked bwith bensuring bthe bwebsite bis baccessible, bonly bthat bthe binformation
bon bit bis bnot bchanged. bD bis bincorrect bbecause b"confirmation" bis bnot ba btypical
bsecurity bterm, band bis bused bhere bonly bas ba bdistractor.
The bPayment bCard bIndustry b(PCI) bCouncil bis ba bcommittee bmade bup bof
brepresentatives bfrom bmajor bcredit bcard bproviders b(Visa, bMastercard, bAmerican
bExpress) bin bthe bUnited bStates. bThe bPCI bCouncil bissues brules bthat bmerchants
bmust bfollow bif bthe bmerchants bchoose bto baccept bpayment bvia bcredit bcard. bThese
brules bdescribe bbest bpractices bfor bsecuring bcredit bcard bprocessing btechnology,
bactivities bfor bsecuring bcredit bcard binformation, band bhow bto bprotect bcustomers'
bpersonal bdata. bThis bset bof brules bis ba b_____. b(D1, bL1.4.2)
A)Law
B)Policy
C)Standard
D)Procedure b- bcorrect banswers✔✔C bis bcorrect. bThis bset bof brules bis bknown bas bthe
bData bSecurity bStandard, band bit bis baccepted bthroughout bthe bindustry. bA bis
bincorrect, bbecause bthis bset bof brules bwas bnot bissued bby ba bgovernmental bbody. bB
bis bincorrect, bbecause bthe bset bof brules bis bnot ba bstrategic, binternal bdocument
bpublished bby bsenior bleadership bof ba bsingle borganization. bD bis bincorrect, bbecause
, bthe bset bof brules bis bnot binternal bto ba bgiven borganization band bis bnot blimited bto ba
bsingle bactivity.
Olaf bis ba bmember bof b(ISC)² band ba bsecurity banalyst bfor bTriffid bCorporation. bDuring
ban baudit, bOlaf bis basked bwhether bTriffid bis bcurrently bfollowing ba bparticular bsecurity
bpractice. bOlaf bknows bthat bTriffid bis bnot badhering bto bthat bstandard bin bthat
bparticular bsituation, bbut bthat bsaying bthis bto bthe bauditors bwill breflect bpoorly bon
bTriffid. bWhat bshould bOlaf bdo? b(D1, bL1.5.1)
A)Tell bthe bauditors bthe btruth
B)Ask bsupervisors bfor bguidance
C)Ask b(ISC)² bfor bguidance
D)Lie bto bthe bauditors b- bcorrect banswers✔✔A bis bthe bbest banswer. bThe b(ISC)²
bCode bof bEthics brequires bthat bmembers b"act bhonorably, bhonestly, bjustly,
bresponsibly" band balso b"advance band bprotect bthe bprofession." bBoth brequirements
bdictate bthat bOlaf bshould btell bthe btruth bto bthe bauditors. bWhile bthe bCode balso bsays
bthat bOlaf bshould b"provide bdiligent band bcompetent bservice bto bprincipals," band
bOlaf's bprincipal bis bTriffid bin bthis bcase, blying bdoes bnot bserve bTriffid's bbest blong-
term binterests, beven bif bthe btruth bhas bsome bnegative bimpact bin bthe bshort bterm.
Siobhan bis ban b(ISC)² bmember bwho bworks bfor bTriffid bCorporation bas ba bsecurity
banalyst. bYesterday, bSiobhan bgot ba bparking bticket bwhile bshopping bafter bwork.
bWhat bshould bSiobhan bdo? b(D1, bL1.5.1)
A)Inform b(ISC)²
B)Pay bthe bparking bticket
C)Inform bsupervisors bat bTriffid
D)Resign bemployment bfrom bTriffid b- bcorrect banswers✔✔B bis bthe bbest banswer. bA
bparking bticket bis bnot ba bsignificant bcrime, bbesmirchment bof bcharacter bor bmoral
bfailing, band bhas bnothing bto bdo bwith bSiobhan's bduties bfor bTriffid. bEven bthough bthe
b(ISC)² bCode bof bEthics brequires bthat bmembers bact b"legally," band b"protect bthe
bprofession," ba bparking bticket bdoes bnot breflect bpoorly bon bSiobhan, bTriffid, b(ISC)²,
bor bthe bsecurity bprofession. bSiobhan bshould, bhowever, bpay bthe bticket.
Kerpak bworks bin bthe bsecurity boffice bof ba bmedium-sized bentertainment bcompany.
bKerpak bis basked bto bassess ba bparticular bthreat, band bhe bsuggests bthat bthe bbest
bway bto bcounter bthis bthreat bwould bbe bto bpurchase band bimplement ba bparticular
bsecurity bsolution. bThis bis ban bexample bof b_______. b(D1, bL1.2.2)
A)Acceptance
B)Avoidance
C)Mitigation
D)Transference b- bcorrect banswers✔✔C bis bcorrect. bApplying ba bsecurity bsolution b(a
btype bof bcontrol) bis ban bexample bof bmitigation. bA bis bincorrect; bif bKerpak bsuggested
bacceptance, bthen bthe bthreat, band bthe bacceptance bof bthe bassociated brisk, bonly
bneeds bto bbe bdocumented—no bother baction bis bnecessary. bB bis bincorrect; bif
Answers
Triffid bCorporation bhas ba brule bthat ball bemployees bworking bwith bsensitive bhardcopy
bdocuments bmust bput bthe bdocuments binto ba bsafe bat bthe bend bof bthe bworkday,
bwhere bthey bare blocked bup buntil bthe bfollowing bworkday. bWhat bkind bof bcontrol bis
bthe bprocess bof bputting bthe bdocuments binto bthe bsafe? b(D1, bL1.3.1)
A) bAdministrative
B) bTangential
C) bPhysical
D) bTechnical b- bcorrect banswers✔✔A bis bthe bcorrect banswer. bThe bprocess bitself bis
ban badministrative bcontrol; brules band bpractices bare badministrative. bThe bsafe bitself
bis bphysical, bbut bthe bquestion basked bspecifically babout bprocess, bnot bthe bsafe, bso
bC bis bincorrect. bNeither bthe bsafe bnor bthe bprocess bis bpart bof bthe bIT benvironment,
bso bthis bis bnot ba btechnical bcontrol; bD bis bincorrect. bB bis bincorrect; b"tangential" bis
bnot ba bterm bcommonly bused bto bdescribe ba bparticular btype bof bsecurity bcontrol, band
bis bused bhere bonly bas ba bdistractor.
A bvendor bsells ba bparticular boperating bsystem b(OS). bIn border bto bdeploy bthe bOS
bsecurely bon bdifferent bplatforms, bthe bvendor bpublishes bseveral bsets bof binstructions
bon bhow bto binstall bit, bdepending bon bwhich bplatform bthe bcustomer bis busing. bThis bis
ban bexample bof ba b________. b(D1, bL1.4.2)
A)Law
B)Procedure
C)Standard
D)Policy b- bcorrect banswers✔✔B bis bcorrect. bThis bis ba bset bof binstructions bto
bperform ba bparticular btask, bso bit bis ba bprocedure b(several bprocedures, bactually—one
bfor beach bplatform). bA bis bincorrect; bthe binstructions bare bnot ba bgovernmental
bmandate. bC bis bincorrect, bbecause bthe binstructions bare bparticular bto ba bspecific
bproduct, bnot baccepted bthroughout bthe bindustry. bD bis bincorrect, bbecause bthe
binstructions bare bnot bparticular bto ba bgiven borganization.
,The bTriffid bCorporation bpublishes ba bpolicy bthat bstates ball bpersonnel bwill bact bin ba
bmanner bthat bprotects bhealth band bhuman bsafety. bThe bsecurity boffice bis btasked
bwith bwriting ba bdetailed bset bof bprocesses bon bhow bemployees bshould bwear
bprotective bgear bsuch bas bhardhats band bgloves bwhen bin bhazardous bareas. bThis
bdetailed bset bof bprocesses bis ba b_________. b(D1, bL1.4.1)
A)Policy
B)Procedure
C)Standard
D)Law b- bcorrect banswers✔✔B bis bcorrect. bA bdetailed bset bof bprocesses bused bby ba
bspecific borganization bis ba bprocedure. bA bis bincorrect; bthe bpolicy bis bthe boverarching
bdocument bthat brequires bthe bprocedure bbe bcreated band bimplemented. bC bis
bincorrect. bThe bprocedure bis bnot brecognized band bimplemented bthroughout bthe
bindustry; bit bis bused binternally. bD bis bincorrect; bthe bprocedure bwas bcreated bby
bTriffid bCorporation, bnot ba bgovernmental bbody.
Chad bis ba bsecurity bpractitioner btasked bwith bensuring bthat bthe binformation bon bthe
borganization's bpublic bwebsite bis bnot bchanged bby banyone boutside bthe borganization.
bThis btask bis ban bexample bof bensuring b_________. b(D1, bL1.1.1)
A)Confidentiality
B)Integrity
C)Availability
D)Confirmation b- bcorrect banswers✔✔B bis bcorrect. bPreventing bunauthorized
bmodification bis bthe bdefinition bof bintegrity. bA bis bincorrect bbecause bthe bwebsite bis
bnot bmeant bto bbe bsecret; bit bis bopen bto bthe bpublic. bC bis bincorrect bbecause bChad
bis bnot btasked bwith bensuring bthe bwebsite bis baccessible, bonly bthat bthe binformation
bon bit bis bnot bchanged. bD bis bincorrect bbecause b"confirmation" bis bnot ba btypical
bsecurity bterm, band bis bused bhere bonly bas ba bdistractor.
The bPayment bCard bIndustry b(PCI) bCouncil bis ba bcommittee bmade bup bof
brepresentatives bfrom bmajor bcredit bcard bproviders b(Visa, bMastercard, bAmerican
bExpress) bin bthe bUnited bStates. bThe bPCI bCouncil bissues brules bthat bmerchants
bmust bfollow bif bthe bmerchants bchoose bto baccept bpayment bvia bcredit bcard. bThese
brules bdescribe bbest bpractices bfor bsecuring bcredit bcard bprocessing btechnology,
bactivities bfor bsecuring bcredit bcard binformation, band bhow bto bprotect bcustomers'
bpersonal bdata. bThis bset bof brules bis ba b_____. b(D1, bL1.4.2)
A)Law
B)Policy
C)Standard
D)Procedure b- bcorrect banswers✔✔C bis bcorrect. bThis bset bof brules bis bknown bas bthe
bData bSecurity bStandard, band bit bis baccepted bthroughout bthe bindustry. bA bis
bincorrect, bbecause bthis bset bof brules bwas bnot bissued bby ba bgovernmental bbody. bB
bis bincorrect, bbecause bthe bset bof brules bis bnot ba bstrategic, binternal bdocument
bpublished bby bsenior bleadership bof ba bsingle borganization. bD bis bincorrect, bbecause
, bthe bset bof brules bis bnot binternal bto ba bgiven borganization band bis bnot blimited bto ba
bsingle bactivity.
Olaf bis ba bmember bof b(ISC)² band ba bsecurity banalyst bfor bTriffid bCorporation. bDuring
ban baudit, bOlaf bis basked bwhether bTriffid bis bcurrently bfollowing ba bparticular bsecurity
bpractice. bOlaf bknows bthat bTriffid bis bnot badhering bto bthat bstandard bin bthat
bparticular bsituation, bbut bthat bsaying bthis bto bthe bauditors bwill breflect bpoorly bon
bTriffid. bWhat bshould bOlaf bdo? b(D1, bL1.5.1)
A)Tell bthe bauditors bthe btruth
B)Ask bsupervisors bfor bguidance
C)Ask b(ISC)² bfor bguidance
D)Lie bto bthe bauditors b- bcorrect banswers✔✔A bis bthe bbest banswer. bThe b(ISC)²
bCode bof bEthics brequires bthat bmembers b"act bhonorably, bhonestly, bjustly,
bresponsibly" band balso b"advance band bprotect bthe bprofession." bBoth brequirements
bdictate bthat bOlaf bshould btell bthe btruth bto bthe bauditors. bWhile bthe bCode balso bsays
bthat bOlaf bshould b"provide bdiligent band bcompetent bservice bto bprincipals," band
bOlaf's bprincipal bis bTriffid bin bthis bcase, blying bdoes bnot bserve bTriffid's bbest blong-
term binterests, beven bif bthe btruth bhas bsome bnegative bimpact bin bthe bshort bterm.
Siobhan bis ban b(ISC)² bmember bwho bworks bfor bTriffid bCorporation bas ba bsecurity
banalyst. bYesterday, bSiobhan bgot ba bparking bticket bwhile bshopping bafter bwork.
bWhat bshould bSiobhan bdo? b(D1, bL1.5.1)
A)Inform b(ISC)²
B)Pay bthe bparking bticket
C)Inform bsupervisors bat bTriffid
D)Resign bemployment bfrom bTriffid b- bcorrect banswers✔✔B bis bthe bbest banswer. bA
bparking bticket bis bnot ba bsignificant bcrime, bbesmirchment bof bcharacter bor bmoral
bfailing, band bhas bnothing bto bdo bwith bSiobhan's bduties bfor bTriffid. bEven bthough bthe
b(ISC)² bCode bof bEthics brequires bthat bmembers bact b"legally," band b"protect bthe
bprofession," ba bparking bticket bdoes bnot breflect bpoorly bon bSiobhan, bTriffid, b(ISC)²,
bor bthe bsecurity bprofession. bSiobhan bshould, bhowever, bpay bthe bticket.
Kerpak bworks bin bthe bsecurity boffice bof ba bmedium-sized bentertainment bcompany.
bKerpak bis basked bto bassess ba bparticular bthreat, band bhe bsuggests bthat bthe bbest
bway bto bcounter bthis bthreat bwould bbe bto bpurchase band bimplement ba bparticular
bsecurity bsolution. bThis bis ban bexample bof b_______. b(D1, bL1.2.2)
A)Acceptance
B)Avoidance
C)Mitigation
D)Transference b- bcorrect banswers✔✔C bis bcorrect. bApplying ba bsecurity bsolution b(a
btype bof bcontrol) bis ban bexample bof bmitigation. bA bis bincorrect; bif bKerpak bsuggested
bacceptance, bthen bthe bthreat, band bthe bacceptance bof bthe bassociated brisk, bonly
bneeds bto bbe bdocumented—no bother baction bis bnecessary. bB bis bincorrect; bif
