(ISC)2 Certified in Cybersecurity -
Exam Prep / Newest Actual Exam
Review Questions and Correct
Answers (Verified Answers) A Grade
Document specific requirements that a customer has about any aspect of a vendor's service
performance.
A) DLR
B) Contract
C) SLR
D) NDA - Correct Answer C) SLR (Service-Level Requirements)
Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)²
certification exam. What should Glen do? (D1, L1.5.1)
A) Nothing
B) Inform (ISC)²
C) Inform law enforcement
D) Inform Glen's employer - Correct Answer B) Inform (ISC)²
A system that collects transactional information and stores it in a record in order to show which users
performed which actions is an example of providing ________. (D1, L1.1.1)
A) Non-repudiation
B) Multifactor authentication
C) Biometrics
D) Privacy - Correct Answer A) Non-repudiation
,In risk management concepts, a(n) ___________ is something or someone that poses risk to an
organization or asset. (D1, L1.2.1)
A) Fear
B) Threat
C) Control
D) Asset - Correct Answer B) Threat
A software firewall is an application that runs on a device and prevents specific types of traffic from
entering that device. This is a type of ________ control. (D1, L1.3.1)
A) Physical
B) Administrative
C) Passive
D) Technical - Correct Answer D) Technical
Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending
a few online sessions, Tina learns that some participants in the group are sharing malware with each
other, in order to use it against other organizations online. What should Tina do? (D1, L1.5.1)
A) Nothing
B) Stop participating in the group
C) Report the group to law enforcement
D) Report the group to (ISC)² - Correct Answer B) Stop participating in the group
The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city
council creates a rule that anyone caught creating and launching malware within the city limits will
receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1)
A) Policy
,B) Procedure
C) Standard
D) Law - Correct Answer D) Law
The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit
card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules
that merchants must follow if the merchants choose to accept payment via credit card. These rules
describe best practices for securing credit card processing technology, activities for securing credit card
information, and how to protect customers' personal data. This set of rules is a _____. (D1, L1.4.2)
A) Law
B) Policy
C) Standard
D) Procedure - Correct Answer C) Standard
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing
user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy
and watching streaming videos during work hours. What should Aphrodite do? (D1, L1.5.1)
A) Inform (ISC)²
B) Inform law enforcement
C) Inform Triffid management
D) Nothing - Correct Answer C) Inform Triffid management
Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put
the documents into a safe at the end of the workday, where they are locked up until the following
workday. What kind of control is the process of putting the documents into the safe? (D1, L1.3.1)
A) Administrative
B) Tangential
C) Physical
D) Technical - Correct Answer A) Administrative
, Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess
a particular threat, and he suggests that the best way to counter this threat would be to purchase and
implement a particular security solution. This is an example of _______. (D1, L1.2.2)
A) Acceptance
B) Avoidance
C) Mitigation
D) Transference - Correct Answer C) Mitigation
The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects
health and human safety. The security office is tasked with writing a detailed set of processes on how
employees should wear protective gear such as hardhats and gloves when in hazardous areas. This
detailed set of processes is a _________. (D1, L1.4.1)
A) Policy
B) Procedure
C) Standard
D) Law - Correct Answer B) Procedure
The senior leadership of Triffid Corporation decides that the best way to minimize liability for the
company is to demonstrate the company's commitment to adopting best practices recognized
throughout the industry. Triffid management issues a document that explains that Triffid will follow the
best practices published by SANS, an industry body that addresses computer and information security.
The Triffid document is a ______, and the SANS documents are ________. (D1, L1.4.2)
A) Law, policy
B) Policy, standard
C) Policy, law
D) Procedure, procedure - Correct Answer B) Policy, standard
Exam Prep / Newest Actual Exam
Review Questions and Correct
Answers (Verified Answers) A Grade
Document specific requirements that a customer has about any aspect of a vendor's service
performance.
A) DLR
B) Contract
C) SLR
D) NDA - Correct Answer C) SLR (Service-Level Requirements)
Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)²
certification exam. What should Glen do? (D1, L1.5.1)
A) Nothing
B) Inform (ISC)²
C) Inform law enforcement
D) Inform Glen's employer - Correct Answer B) Inform (ISC)²
A system that collects transactional information and stores it in a record in order to show which users
performed which actions is an example of providing ________. (D1, L1.1.1)
A) Non-repudiation
B) Multifactor authentication
C) Biometrics
D) Privacy - Correct Answer A) Non-repudiation
,In risk management concepts, a(n) ___________ is something or someone that poses risk to an
organization or asset. (D1, L1.2.1)
A) Fear
B) Threat
C) Control
D) Asset - Correct Answer B) Threat
A software firewall is an application that runs on a device and prevents specific types of traffic from
entering that device. This is a type of ________ control. (D1, L1.3.1)
A) Physical
B) Administrative
C) Passive
D) Technical - Correct Answer D) Technical
Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending
a few online sessions, Tina learns that some participants in the group are sharing malware with each
other, in order to use it against other organizations online. What should Tina do? (D1, L1.5.1)
A) Nothing
B) Stop participating in the group
C) Report the group to law enforcement
D) Report the group to (ISC)² - Correct Answer B) Stop participating in the group
The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city
council creates a rule that anyone caught creating and launching malware within the city limits will
receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1)
A) Policy
,B) Procedure
C) Standard
D) Law - Correct Answer D) Law
The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit
card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules
that merchants must follow if the merchants choose to accept payment via credit card. These rules
describe best practices for securing credit card processing technology, activities for securing credit card
information, and how to protect customers' personal data. This set of rules is a _____. (D1, L1.4.2)
A) Law
B) Policy
C) Standard
D) Procedure - Correct Answer C) Standard
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing
user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy
and watching streaming videos during work hours. What should Aphrodite do? (D1, L1.5.1)
A) Inform (ISC)²
B) Inform law enforcement
C) Inform Triffid management
D) Nothing - Correct Answer C) Inform Triffid management
Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put
the documents into a safe at the end of the workday, where they are locked up until the following
workday. What kind of control is the process of putting the documents into the safe? (D1, L1.3.1)
A) Administrative
B) Tangential
C) Physical
D) Technical - Correct Answer A) Administrative
, Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess
a particular threat, and he suggests that the best way to counter this threat would be to purchase and
implement a particular security solution. This is an example of _______. (D1, L1.2.2)
A) Acceptance
B) Avoidance
C) Mitigation
D) Transference - Correct Answer C) Mitigation
The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects
health and human safety. The security office is tasked with writing a detailed set of processes on how
employees should wear protective gear such as hardhats and gloves when in hazardous areas. This
detailed set of processes is a _________. (D1, L1.4.1)
A) Policy
B) Procedure
C) Standard
D) Law - Correct Answer B) Procedure
The senior leadership of Triffid Corporation decides that the best way to minimize liability for the
company is to demonstrate the company's commitment to adopting best practices recognized
throughout the industry. Triffid management issues a document that explains that Triffid will follow the
best practices published by SANS, an industry body that addresses computer and information security.
The Triffid document is a ______, and the SANS documents are ________. (D1, L1.4.2)
A) Law, policy
B) Policy, standard
C) Policy, law
D) Procedure, procedure - Correct Answer B) Policy, standard
