ISC2 CERTIFIED IN CYBERSECURITY (CC): 2025–2026 PRACTICE EXAM
QUESTIONS WITH MOST TESTED QUESTIONS (HARVARD STYLE)
INCLUDES 2025–2026 UPDATED PRACTICE QUESTIONS FOR THE ISC2 CERTIFIED
IN CYBERSECURITY (CC) EXAM. COVERS ALL DOMAINS: SECURITY PRINCIPLES,
ACCESS CONTROL, NETWORK SECURITY, INCIDENT RESPONSE, AND SECURITY
OPERATIONS. QUESTIONS ARE BASED ON THE MOST
COMMONLY TESTED CONCEPTS AND INCLUDE HARVARD STYLE REFERENCING
A vendor sells a particular operating system (OS). In order to deploy the OS securely on
different platforms, the vendor publishes several sets of instructions on how to install it,
depending on which platform the customer is using. This is an example of .
A. Law
B. Procedure
C. Standard
D. Policy - CORRECT ANSWER-B. Procedure
The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars,
etc.) are at all times, so the city has GPS transmitters installed in all the vehicles. What kind
of control is this?
A. Administrative
B. Entrenched
C. Physical
D. Technical - CORRECT ANSWER-D. Technical
What is the risk associated with resuming full normal operations too soon after a DR effort?
A. The danger posed by the disaster might still be present
B. Investors might be upset
https://www.stuvia.com/user/Wisdoms
,C. Regulators might disapprove
D. The organization could save money - CORRECT ANSWER-A. The danger posed by
the disaster might still be present
All of the following are important ways to practice an organization disaster recovery (DR)
effort; which one is the most important?
A. Practice restoring data from backups
B. Facility evacuation drills
https://www.stuvia.com/user/Wisdoms
,C. Desktop/tabletop testing of the plan
D. Running the alternate operating site to determine if it could handle critical function in
time of emergency - CORRECT ANSWER-B. Facility evacuation drills
Which of the following is likely to be included in the business continuity plan?
A. Alternate work areas for personnel affected by a natural disaster
B. The organization's approach security approach
C. Last year's budget information
D. Log data from all systems - CORRECT ANSWER-A. Alternate work areas for
personnel affected by a natural disaster
What is the overall objective of a disaster recovery (DR) effort?
A. Save money
B. Return to normal, full operations
C. Preserve critical business functions during a disaster
D. Enhance public perception of the organization - CORRECT ANSWER-B. Return to
normal, full operations
An attacker outside the organization attempts to gain access to the organization's internal
files. This is an example of a(n) .
A. Intrusion
B. Exploit
C. Disclosure
D. Publication - CORRECT ANSWER-A. Intrusion
https://www.stuvia.com/user/Wisdoms
, What is the goal of Business Continuity efforts?
A. Save money
B. Impress customers
C. Ensure all IT system continue to operate
D. Keep critical business functions operational - CORRECT ANSWER-D. Keep
critical business functions operational
https://www.stuvia.com/user/Wisdoms
QUESTIONS WITH MOST TESTED QUESTIONS (HARVARD STYLE)
INCLUDES 2025–2026 UPDATED PRACTICE QUESTIONS FOR THE ISC2 CERTIFIED
IN CYBERSECURITY (CC) EXAM. COVERS ALL DOMAINS: SECURITY PRINCIPLES,
ACCESS CONTROL, NETWORK SECURITY, INCIDENT RESPONSE, AND SECURITY
OPERATIONS. QUESTIONS ARE BASED ON THE MOST
COMMONLY TESTED CONCEPTS AND INCLUDE HARVARD STYLE REFERENCING
A vendor sells a particular operating system (OS). In order to deploy the OS securely on
different platforms, the vendor publishes several sets of instructions on how to install it,
depending on which platform the customer is using. This is an example of .
A. Law
B. Procedure
C. Standard
D. Policy - CORRECT ANSWER-B. Procedure
The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars,
etc.) are at all times, so the city has GPS transmitters installed in all the vehicles. What kind
of control is this?
A. Administrative
B. Entrenched
C. Physical
D. Technical - CORRECT ANSWER-D. Technical
What is the risk associated with resuming full normal operations too soon after a DR effort?
A. The danger posed by the disaster might still be present
B. Investors might be upset
https://www.stuvia.com/user/Wisdoms
,C. Regulators might disapprove
D. The organization could save money - CORRECT ANSWER-A. The danger posed by
the disaster might still be present
All of the following are important ways to practice an organization disaster recovery (DR)
effort; which one is the most important?
A. Practice restoring data from backups
B. Facility evacuation drills
https://www.stuvia.com/user/Wisdoms
,C. Desktop/tabletop testing of the plan
D. Running the alternate operating site to determine if it could handle critical function in
time of emergency - CORRECT ANSWER-B. Facility evacuation drills
Which of the following is likely to be included in the business continuity plan?
A. Alternate work areas for personnel affected by a natural disaster
B. The organization's approach security approach
C. Last year's budget information
D. Log data from all systems - CORRECT ANSWER-A. Alternate work areas for
personnel affected by a natural disaster
What is the overall objective of a disaster recovery (DR) effort?
A. Save money
B. Return to normal, full operations
C. Preserve critical business functions during a disaster
D. Enhance public perception of the organization - CORRECT ANSWER-B. Return to
normal, full operations
An attacker outside the organization attempts to gain access to the organization's internal
files. This is an example of a(n) .
A. Intrusion
B. Exploit
C. Disclosure
D. Publication - CORRECT ANSWER-A. Intrusion
https://www.stuvia.com/user/Wisdoms
, What is the goal of Business Continuity efforts?
A. Save money
B. Impress customers
C. Ensure all IT system continue to operate
D. Keep critical business functions operational - CORRECT ANSWER-D. Keep
critical business functions operational
https://www.stuvia.com/user/Wisdoms
