ISC2 CC Exam 2025/2026 Exam
Questions with 100% Correct Answers |
Latest Update
Triffid Corporation has a rule that all employees working with sensitive
hardcopy documents must put the documents into a safe at the end of the
workday, where they are locked up until the following workday. What kind
of control is the process of putting the documents into the safe? (D1,
L1.3.1)
A) Administrative
B) Tangential
C) Physical
D) Technical - 🧠ANSWER ✔✔A is the correct answer. The process itself is
an administrative control; rules and practices are administrative. The safe
itself is physical, but the question asked specifically about process, not the
safe, so C is incorrect. Neither the safe nor the process is part of the IT
environment, so this is not a technical control; D is incorrect. B is incorrect;
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
1
STATEMENT. ALL RIGHTS RESERVED
,"tangential" is not a term commonly used to describe a particular type of
security control, and is used here only as a distractor.
A vendor sells a particular operating system (OS). In order to deploy the
OS securely on different platforms, the vendor publishes several sets of
instructions on how to install it, depending on which platform the customer
is using. This is an example of a ________. (D1, L1.4.2)
A)Law
B)Procedure
C)Standard
D)Policy - 🧠ANSWER ✔✔B is correct. This is a set of instructions to
perform a particular task, so it is a procedure (several procedures,
actually—one for each platform). A is incorrect; the instructions are not a
governmental mandate. C is incorrect, because the instructions are
particular to a specific product, not accepted throughout the industry. D is
incorrect, because the instructions are not particular to a given
organization.
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
2
STATEMENT. ALL RIGHTS RESERVED
,The Triffid Corporation publishes a policy that states all personnel will act in
a manner that protects health and human safety. The security office is
tasked with writing a detailed set of processes on how employees should
wear protective gear such as hardhats and gloves when in hazardous
areas. This detailed set of processes is a _________. (D1, L1.4.1)
A)Policy
B)Procedure
C)Standard
D)Law - 🧠ANSWER ✔✔B is correct. A detailed set of processes used by a
specific organization is a procedure. A is incorrect; the policy is the
overarching document that requires the procedure be created and
implemented. C is incorrect. The procedure is not recognized and
implemented throughout the industry; it is used internally. D is incorrect; the
procedure was created by Triffid Corporation, not a governmental body.
Chad is a security practitioner tasked with ensuring that the information on
the organization's public website is not changed by anyone outside the
organization. This task is an example of ensuring _________. (D1, L1.1.1)
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
3
STATEMENT. ALL RIGHTS RESERVED
, A)Confidentiality
B)Integrity
C)Availability
D)Confirmation - 🧠ANSWER ✔✔B is correct. Preventing unauthorized
modification is the definition of integrity. A is incorrect because the website
is not meant to be secret; it is open to the public. C is incorrect because
Chad is not tasked with ensuring the website is accessible, only that the
information on it is not changed. D is incorrect because "confirmation" is
not a typical security term, and is used here only as a distractor.
The Payment Card Industry (PCI) Council is a committee made up of
representatives from major credit card providers (Visa, Mastercard,
American Express) in the United States. The PCI Council issues rules that
merchants must follow if the merchants choose to accept payment via
credit card. These rules describe best practices for securing credit card
processing technology, activities for securing credit card information, and
how to protect customers' personal data. This set of rules is a _____. (D1,
L1.4.2)
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
4
STATEMENT. ALL RIGHTS RESERVED
Questions with 100% Correct Answers |
Latest Update
Triffid Corporation has a rule that all employees working with sensitive
hardcopy documents must put the documents into a safe at the end of the
workday, where they are locked up until the following workday. What kind
of control is the process of putting the documents into the safe? (D1,
L1.3.1)
A) Administrative
B) Tangential
C) Physical
D) Technical - 🧠ANSWER ✔✔A is the correct answer. The process itself is
an administrative control; rules and practices are administrative. The safe
itself is physical, but the question asked specifically about process, not the
safe, so C is incorrect. Neither the safe nor the process is part of the IT
environment, so this is not a technical control; D is incorrect. B is incorrect;
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
1
STATEMENT. ALL RIGHTS RESERVED
,"tangential" is not a term commonly used to describe a particular type of
security control, and is used here only as a distractor.
A vendor sells a particular operating system (OS). In order to deploy the
OS securely on different platforms, the vendor publishes several sets of
instructions on how to install it, depending on which platform the customer
is using. This is an example of a ________. (D1, L1.4.2)
A)Law
B)Procedure
C)Standard
D)Policy - 🧠ANSWER ✔✔B is correct. This is a set of instructions to
perform a particular task, so it is a procedure (several procedures,
actually—one for each platform). A is incorrect; the instructions are not a
governmental mandate. C is incorrect, because the instructions are
particular to a specific product, not accepted throughout the industry. D is
incorrect, because the instructions are not particular to a given
organization.
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
2
STATEMENT. ALL RIGHTS RESERVED
,The Triffid Corporation publishes a policy that states all personnel will act in
a manner that protects health and human safety. The security office is
tasked with writing a detailed set of processes on how employees should
wear protective gear such as hardhats and gloves when in hazardous
areas. This detailed set of processes is a _________. (D1, L1.4.1)
A)Policy
B)Procedure
C)Standard
D)Law - 🧠ANSWER ✔✔B is correct. A detailed set of processes used by a
specific organization is a procedure. A is incorrect; the policy is the
overarching document that requires the procedure be created and
implemented. C is incorrect. The procedure is not recognized and
implemented throughout the industry; it is used internally. D is incorrect; the
procedure was created by Triffid Corporation, not a governmental body.
Chad is a security practitioner tasked with ensuring that the information on
the organization's public website is not changed by anyone outside the
organization. This task is an example of ensuring _________. (D1, L1.1.1)
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
3
STATEMENT. ALL RIGHTS RESERVED
, A)Confidentiality
B)Integrity
C)Availability
D)Confirmation - 🧠ANSWER ✔✔B is correct. Preventing unauthorized
modification is the definition of integrity. A is incorrect because the website
is not meant to be secret; it is open to the public. C is incorrect because
Chad is not tasked with ensuring the website is accessible, only that the
information on it is not changed. D is incorrect because "confirmation" is
not a typical security term, and is used here only as a distractor.
The Payment Card Industry (PCI) Council is a committee made up of
representatives from major credit card providers (Visa, Mastercard,
American Express) in the United States. The PCI Council issues rules that
merchants must follow if the merchants choose to accept payment via
credit card. These rules describe best practices for securing credit card
processing technology, activities for securing credit card information, and
how to protect customers' personal data. This set of rules is a _____. (D1,
L1.4.2)
COPYRIGHT©JOSHCLAY 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE. PRIVACY
4
STATEMENT. ALL RIGHTS RESERVED
