ISC2 Certified In Cybersecurity Exam
with correct answers 100% 2025
Which of the following involves a sophisticated attack in which a hacker maintains a stealthy long term
presence in the victim's network? - Correct Answer Advanced Persistent Threat
Which of the following is an example of a technical control? - Correct Answer Antivirus
Which of the following is not an example of protecting data-in-transit? - Correct Answer Database
Encryption
A data center technician needs to securely dispose of several hard drives for systems that are being
decommissioned. What technique is not sufficient to ensue the data is not recoverable? - Correct
Answer Erasure
A security engineer is trying to decide on the best course of action to take to block internet traffic from
specific IP addresses at the perimeter of the company network. which of the following controls would
allow the security engineer to configure such rules? - Correct Answer Network Firewall
Which access control is common used in military and government environments to protect classified
information? - Correct Answer Mandatory Access Control (MAC)
Which method of authentication provides the strongest security? - Correct Answer Dual-Factor
Mary is conducting a risk analysis for her organization. Her boss, the CISO, feels strongly that the
organization's biggest risk is from hackers trying to steal intellectual property from their engineering
database server so that is where their defensive focus should lie. this is an example of what kind of
analysis? - Correct Answer Qualitative Risk Analysis
Which of the following best represents the process for security risk management? - Correct Answer Risk
Identification, assessment, treatment
Of the job titles listed, which is most likely to be responsible for risk management if the organization
does not have a CISOL or Risk Officer? - Correct Answer Chief Financial Officer
, Which of the following terms describes the output of information that is run through a hash function? -
Correct Answer Message Digest
Which cloud service model gives customers access to platforms where they can develop, test, and run
code for applications in various programming languages? - Correct Answer Platform as a Service (PaaS)
Which of the following cryptographic techniques cannot be used to provide confidentiality protection to
a message? - Correct Answer Hasing
Which of the following items best describes the principle of confidentiality? - Correct Answer
Confidentiality ensures data is kept secret and not disclosed to unauthorized parties.
Stealing data (exfiltration) is an example of a breach of what property? - Correct Answer Confidentiality
When it comes to physical security, what is the most important consideration? - Correct Answer Ensure
the safety of personnel from harm
Which phase of the incident response process involves bringing systems and data back to normal
operation? - Correct Answer Containment, Eradication, and Recovery
Which of the following best represents activities typically included in the patch management lifecycle? -
Correct Answer Asset discovery, Vulnerability discovery, Patch acquisition, Patch Validation, Patch
deployment, reporting
Bob and Alice share a job. To prevent fraud, Bob performs part A and Alice performs part B, but because
of their account privileges, neither Bob nor Alice can perform the other's part. This is an example of
what concept? - Correct Answer Segregation of duties
An organization is utilizing a third-party web-based email service for their corporate email. Which of the
following types of cloud service model is being utilized? - Correct Answer Software as a Service (SaaS)
with correct answers 100% 2025
Which of the following involves a sophisticated attack in which a hacker maintains a stealthy long term
presence in the victim's network? - Correct Answer Advanced Persistent Threat
Which of the following is an example of a technical control? - Correct Answer Antivirus
Which of the following is not an example of protecting data-in-transit? - Correct Answer Database
Encryption
A data center technician needs to securely dispose of several hard drives for systems that are being
decommissioned. What technique is not sufficient to ensue the data is not recoverable? - Correct
Answer Erasure
A security engineer is trying to decide on the best course of action to take to block internet traffic from
specific IP addresses at the perimeter of the company network. which of the following controls would
allow the security engineer to configure such rules? - Correct Answer Network Firewall
Which access control is common used in military and government environments to protect classified
information? - Correct Answer Mandatory Access Control (MAC)
Which method of authentication provides the strongest security? - Correct Answer Dual-Factor
Mary is conducting a risk analysis for her organization. Her boss, the CISO, feels strongly that the
organization's biggest risk is from hackers trying to steal intellectual property from their engineering
database server so that is where their defensive focus should lie. this is an example of what kind of
analysis? - Correct Answer Qualitative Risk Analysis
Which of the following best represents the process for security risk management? - Correct Answer Risk
Identification, assessment, treatment
Of the job titles listed, which is most likely to be responsible for risk management if the organization
does not have a CISOL or Risk Officer? - Correct Answer Chief Financial Officer
, Which of the following terms describes the output of information that is run through a hash function? -
Correct Answer Message Digest
Which cloud service model gives customers access to platforms where they can develop, test, and run
code for applications in various programming languages? - Correct Answer Platform as a Service (PaaS)
Which of the following cryptographic techniques cannot be used to provide confidentiality protection to
a message? - Correct Answer Hasing
Which of the following items best describes the principle of confidentiality? - Correct Answer
Confidentiality ensures data is kept secret and not disclosed to unauthorized parties.
Stealing data (exfiltration) is an example of a breach of what property? - Correct Answer Confidentiality
When it comes to physical security, what is the most important consideration? - Correct Answer Ensure
the safety of personnel from harm
Which phase of the incident response process involves bringing systems and data back to normal
operation? - Correct Answer Containment, Eradication, and Recovery
Which of the following best represents activities typically included in the patch management lifecycle? -
Correct Answer Asset discovery, Vulnerability discovery, Patch acquisition, Patch Validation, Patch
deployment, reporting
Bob and Alice share a job. To prevent fraud, Bob performs part A and Alice performs part B, but because
of their account privileges, neither Bob nor Alice can perform the other's part. This is an example of
what concept? - Correct Answer Segregation of duties
An organization is utilizing a third-party web-based email service for their corporate email. Which of the
following types of cloud service model is being utilized? - Correct Answer Software as a Service (SaaS)
