1|Page
ISC2 CERTIFIED IN CYBERSECURITY (CC) EXAM
NEWEST 2025 ACTUAL EXAM| ALL 150 REAL EXAM
QUESTIONS AND CORRECT ANSWERS (VERIFIED
ANSWERS) ALREADY GRADED A+| ACTUAL EXAM
LATEST VERSION
Of the following, which would probably not be considered a threat?
A. Natural disaster
B. Unintentional damage to the system cause by a user
C. A laptop with sensitive data on it
D. An external attacker trying to gain unauthorized access to the
environment - Correct Answer - C. A laptop with sensitive data on it
Sophia is visiting Las Vegas and decides to put a bet on a particular
number on a roulette wheel. This is an example of _________.
A. Acceptance
B. Avoidance
C. Mitigation
D. Transference - Correct Answer - A. Acceptance
In risk management concepts, a(n) ___________ is something or
someone that poses risk to an organization or asset.
A. Fear
B. Threat
C. Control
pg. 1
,2|Page
D. Asset - Correct Answer - B. Threat
Who approves the incident response policy?
A. (ISC)2
B. Senior management
C. The security manager
D. Investor - Correct Answer - B. Senior management
When should a business continuity plan (BCP) be activated?
A. As soon as possible
B. At the very beginning of a disaster
C. When senior management decides
D. When instructed to do so by regulators - Correct Answer - C. When
senior management decides
You are reviewing log data from a router; there is an entry that shows a
user sent traffic through the router at 11:45 am, local time, yesterday.
This is an example of a(n) _______.
A. Incident
B. Event
C. Attack
D. Threat - Correct Answer - B. Event
Which of the following are not typically involved in incident detection?
pg. 2
,3|Page
A. Users
B. Security analysts
C. Automated tools
D. Regulators - Correct Answer - D. Regulators
Prachi works as a database administrator for Triffid, Inc. Prachi is
allowed to add or delete users, but is not allowed to read or modify the
data in the database itself. When Prachi logs onto the system, an access
control list (ACL) checks to determine which permissions Prachi has.
In this situation, what is the database?
A. The object
B. The rule
C. The subject
D. The site - Correct Answer - The object
Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is
required to install or remove software. Which of the following could be
used to describe Gelbi's account?
A. Privileged
B. Internal
C. External
D. User - Correct Answer - A. Privileged
A human guard monitoring a hidden camera could be considered a
______ control.
pg. 3
, 4|Page
A. Detective
B. Preventive
C. Deterrent
D. Logical - Correct Answer - A. Detective
In order for a biometric security to function properly, an authorized
person's physiological data must be ______.
A. Broadcast
B. Stored
C. Deleted
D. Modified - Correct Answer - B. Stored
A _____ is a record of something that has occurred.
A. Biometric
B. Law
C. Log
D. Firewall - Correct Answer - C. Log
Guillermo logs onto a system and opens a document file. In this
example, Guillermo is:
A. The subject
B. The object
C. The process
D. The software - Correct Answer - A. The subject
pg. 4
ISC2 CERTIFIED IN CYBERSECURITY (CC) EXAM
NEWEST 2025 ACTUAL EXAM| ALL 150 REAL EXAM
QUESTIONS AND CORRECT ANSWERS (VERIFIED
ANSWERS) ALREADY GRADED A+| ACTUAL EXAM
LATEST VERSION
Of the following, which would probably not be considered a threat?
A. Natural disaster
B. Unintentional damage to the system cause by a user
C. A laptop with sensitive data on it
D. An external attacker trying to gain unauthorized access to the
environment - Correct Answer - C. A laptop with sensitive data on it
Sophia is visiting Las Vegas and decides to put a bet on a particular
number on a roulette wheel. This is an example of _________.
A. Acceptance
B. Avoidance
C. Mitigation
D. Transference - Correct Answer - A. Acceptance
In risk management concepts, a(n) ___________ is something or
someone that poses risk to an organization or asset.
A. Fear
B. Threat
C. Control
pg. 1
,2|Page
D. Asset - Correct Answer - B. Threat
Who approves the incident response policy?
A. (ISC)2
B. Senior management
C. The security manager
D. Investor - Correct Answer - B. Senior management
When should a business continuity plan (BCP) be activated?
A. As soon as possible
B. At the very beginning of a disaster
C. When senior management decides
D. When instructed to do so by regulators - Correct Answer - C. When
senior management decides
You are reviewing log data from a router; there is an entry that shows a
user sent traffic through the router at 11:45 am, local time, yesterday.
This is an example of a(n) _______.
A. Incident
B. Event
C. Attack
D. Threat - Correct Answer - B. Event
Which of the following are not typically involved in incident detection?
pg. 2
,3|Page
A. Users
B. Security analysts
C. Automated tools
D. Regulators - Correct Answer - D. Regulators
Prachi works as a database administrator for Triffid, Inc. Prachi is
allowed to add or delete users, but is not allowed to read or modify the
data in the database itself. When Prachi logs onto the system, an access
control list (ACL) checks to determine which permissions Prachi has.
In this situation, what is the database?
A. The object
B. The rule
C. The subject
D. The site - Correct Answer - The object
Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is
required to install or remove software. Which of the following could be
used to describe Gelbi's account?
A. Privileged
B. Internal
C. External
D. User - Correct Answer - A. Privileged
A human guard monitoring a hidden camera could be considered a
______ control.
pg. 3
, 4|Page
A. Detective
B. Preventive
C. Deterrent
D. Logical - Correct Answer - A. Detective
In order for a biometric security to function properly, an authorized
person's physiological data must be ______.
A. Broadcast
B. Stored
C. Deleted
D. Modified - Correct Answer - B. Stored
A _____ is a record of something that has occurred.
A. Biometric
B. Law
C. Log
D. Firewall - Correct Answer - C. Log
Guillermo logs onto a system and opens a document file. In this
example, Guillermo is:
A. The subject
B. The object
C. The process
D. The software - Correct Answer - A. The subject
pg. 4
