ISC2 CC Exam UPDATED Study Guide
QUESTIONS AND CORRECT ANSWERS
Which access control is more effective at protecting a door against unauthorized
access?
A. Fences
B. Turnstiles
C. Barriers
D. Locks - CORRECT ANSWERS D. Locks
A lock is a device that prevents a physical structure (typically a door) from
being opened, indicating that only the authorized person (i.e. the person with the
key) can open it. A fence or a barrier will prevent ALL access. Turnstiles are
physical barrier that can easily overcome (after all, it is common knowledge that
intruders can easily jump over a turnstile when no one is watching).
Which type of attack PRIMARILY aims to make a resource inaccessible to its
intended users?
A. Phishing
B. Denial of Service
C. Trojans
D. Cross-site scripting - CORRECT ANSWERS B. Denial of Service
A denial of service attack (DoS) consists in compromising the availability of a
system or service through a malicious overload of requests, which causes the
activation of safety mechanisms that delay or limit the availability of that
system or service. Due to this, systems or services are rendered inaccessible to
their intended users, Trojans, phishing, and cross-site scripting attacks try to
gain access o the system or data, and therefore do not primarily aim at
compromising the system's availability.
Which devices have the PRIMARY objective of collecting and analyzing
security events?
A. Firewalls
,B. Hubs
C. Routers
D. SIEM - CORRECT ANSWERS D. SIEM
A security Information and Even Management (SIEM) system is an application
that gathers security data from information system components and presents
actionable information through a unified interface. Routers and Hubs aim to
receive and forward traffic. Firewalls filter incoming traffic. Neither of these
last three options aim at collecting and analyzing security events.
Which access control model specifies access to an object based on the subject's
role in the organization?
A. RBAC
B. MAC
C. ABAC
D. DAC - CORRECT ANSWERS A. RBAC
The role-based access control (RBAC) model is well known for governing
access to objects based on the roles of individual users within the organization.
Mandatory access control is based on security classification. Attribute-access
control is based on complex attribute rules. In discretionary access control,
subjects can grant privileges to other subjects and change some of the security
attributes of the object they have access to,
When a company hires an insurance company to mitigate risk, which risk
management technique is being applied?
A. Risk transfer
B. Risk avoidance
C. Risk mitigation
D. Risk tolerance - CORRECT ANSWERS A. Risk transfer
Risk transfer is a risk management strategy that contractually shifts a pure risk
from one party to another (in this case, to an insurance company.) Risk
avoidance consists in stopping activities and exposures that can negatively
,affect an organization and its assets. Risk mitigation consists of mechanism to
reduce the risk. Finally, risk tolerance is the degree of risk that an investor is
willing to endure.
Which type of attack will most effectively provide privileged access (root
access in Unix/Linux platforms) to a computer while hiding its presence?
A. Rootkits
B. Phishing
C. Cross-Site Scripting
D. Trojans - CORRECT ANSWERS A. Rootkits
A rootkit tries to maintain root-level access while concealing malicious activity.
It typically creates a backdoor and attempts to remain undetected by anti-
malware software. A rootkit is active while the system is running. Trojans can
also create backdoors but are only active while a specific application is running,
and thus are not as effective as a rootkit. Phishing is used to initiate attacks by
redirecting the user to fake websites. Cross-site scripting is used to attack
websites.
Which device is used to connect a LAN to the Internet?
A. Router
B. Firewall
C. HIDS
D. SIEM - CORRECT ANSWERS A. Router
A router is a device that acts as a gateway between two or more networks by
relaying and directing data packets between them. A firewall is a device that
filters traffic coming from the Internet but does not seek to distribute traffic.
Neither Security Information and Event Management (SIEM) systems nor Host
Intrusion Detection Systems (HIDS) are monitoring devices nor applications
that aim at inter-network connectivity.
How many data labels are considered manageable?
A. 1-2
, B. 1
C. 2-3
D. >4 - CORRECT ANSWERS C. 2 - 3
According to data handling and labeling best practices, two or three
classifications for data are typically considered manageable for most
organizations. In the ISC2 Study Guide, Ch. 5, Module 1, under Data Handling
Practices in Labeling, "two or three classification are manageable, but more
than four tend to be challenging to manage,". These classifications could be
labels such as Public, Confidential, and Restricted, each representing a different
level of data sensitivity. The Labeling system allows the organization to easily
identify and manage data based on its sensitivity level, ensuring that appropriate
security measures are in place for each classification. The principle is that
labeling data based on its sensitivity level should be based on a limited,
unambiguous set of labels that correspond to different levels of data sensitivity.
The key is to have a system that differentiates data sensitivity levels without
being overly complex to implement and maintain. (Having more that 4 can
make the system overly complex and difficult to manage, increasing the risk of
misclassification and potential data breaches.
In Change Management, which component addresses the procedures needed to
undo changes?
A. Request for Approval
B. Rollback
C. Request for Change
D. Disaster and Recover - CORRECT ANSWERS B. Rollback
In Change Management, the Request for Change (RFC) is the first stage of the
request; it formalizes the change from the stakeholder's point of view. The next
phase is the Approval phase, where each stakeholder reviews the change,
identifies and allocates the corresponding resources, and eventually either
approves or rejects the change (appropriately documenting the approval or
rejection). Finally, the Rollback phase addresses the actions to take when the
monitoring change suggests a failure or inadequate performance.
Which of the following is an example of 2FA?
QUESTIONS AND CORRECT ANSWERS
Which access control is more effective at protecting a door against unauthorized
access?
A. Fences
B. Turnstiles
C. Barriers
D. Locks - CORRECT ANSWERS D. Locks
A lock is a device that prevents a physical structure (typically a door) from
being opened, indicating that only the authorized person (i.e. the person with the
key) can open it. A fence or a barrier will prevent ALL access. Turnstiles are
physical barrier that can easily overcome (after all, it is common knowledge that
intruders can easily jump over a turnstile when no one is watching).
Which type of attack PRIMARILY aims to make a resource inaccessible to its
intended users?
A. Phishing
B. Denial of Service
C. Trojans
D. Cross-site scripting - CORRECT ANSWERS B. Denial of Service
A denial of service attack (DoS) consists in compromising the availability of a
system or service through a malicious overload of requests, which causes the
activation of safety mechanisms that delay or limit the availability of that
system or service. Due to this, systems or services are rendered inaccessible to
their intended users, Trojans, phishing, and cross-site scripting attacks try to
gain access o the system or data, and therefore do not primarily aim at
compromising the system's availability.
Which devices have the PRIMARY objective of collecting and analyzing
security events?
A. Firewalls
,B. Hubs
C. Routers
D. SIEM - CORRECT ANSWERS D. SIEM
A security Information and Even Management (SIEM) system is an application
that gathers security data from information system components and presents
actionable information through a unified interface. Routers and Hubs aim to
receive and forward traffic. Firewalls filter incoming traffic. Neither of these
last three options aim at collecting and analyzing security events.
Which access control model specifies access to an object based on the subject's
role in the organization?
A. RBAC
B. MAC
C. ABAC
D. DAC - CORRECT ANSWERS A. RBAC
The role-based access control (RBAC) model is well known for governing
access to objects based on the roles of individual users within the organization.
Mandatory access control is based on security classification. Attribute-access
control is based on complex attribute rules. In discretionary access control,
subjects can grant privileges to other subjects and change some of the security
attributes of the object they have access to,
When a company hires an insurance company to mitigate risk, which risk
management technique is being applied?
A. Risk transfer
B. Risk avoidance
C. Risk mitigation
D. Risk tolerance - CORRECT ANSWERS A. Risk transfer
Risk transfer is a risk management strategy that contractually shifts a pure risk
from one party to another (in this case, to an insurance company.) Risk
avoidance consists in stopping activities and exposures that can negatively
,affect an organization and its assets. Risk mitigation consists of mechanism to
reduce the risk. Finally, risk tolerance is the degree of risk that an investor is
willing to endure.
Which type of attack will most effectively provide privileged access (root
access in Unix/Linux platforms) to a computer while hiding its presence?
A. Rootkits
B. Phishing
C. Cross-Site Scripting
D. Trojans - CORRECT ANSWERS A. Rootkits
A rootkit tries to maintain root-level access while concealing malicious activity.
It typically creates a backdoor and attempts to remain undetected by anti-
malware software. A rootkit is active while the system is running. Trojans can
also create backdoors but are only active while a specific application is running,
and thus are not as effective as a rootkit. Phishing is used to initiate attacks by
redirecting the user to fake websites. Cross-site scripting is used to attack
websites.
Which device is used to connect a LAN to the Internet?
A. Router
B. Firewall
C. HIDS
D. SIEM - CORRECT ANSWERS A. Router
A router is a device that acts as a gateway between two or more networks by
relaying and directing data packets between them. A firewall is a device that
filters traffic coming from the Internet but does not seek to distribute traffic.
Neither Security Information and Event Management (SIEM) systems nor Host
Intrusion Detection Systems (HIDS) are monitoring devices nor applications
that aim at inter-network connectivity.
How many data labels are considered manageable?
A. 1-2
, B. 1
C. 2-3
D. >4 - CORRECT ANSWERS C. 2 - 3
According to data handling and labeling best practices, two or three
classifications for data are typically considered manageable for most
organizations. In the ISC2 Study Guide, Ch. 5, Module 1, under Data Handling
Practices in Labeling, "two or three classification are manageable, but more
than four tend to be challenging to manage,". These classifications could be
labels such as Public, Confidential, and Restricted, each representing a different
level of data sensitivity. The Labeling system allows the organization to easily
identify and manage data based on its sensitivity level, ensuring that appropriate
security measures are in place for each classification. The principle is that
labeling data based on its sensitivity level should be based on a limited,
unambiguous set of labels that correspond to different levels of data sensitivity.
The key is to have a system that differentiates data sensitivity levels without
being overly complex to implement and maintain. (Having more that 4 can
make the system overly complex and difficult to manage, increasing the risk of
misclassification and potential data breaches.
In Change Management, which component addresses the procedures needed to
undo changes?
A. Request for Approval
B. Rollback
C. Request for Change
D. Disaster and Recover - CORRECT ANSWERS B. Rollback
In Change Management, the Request for Change (RFC) is the first stage of the
request; it formalizes the change from the stakeholder's point of view. The next
phase is the Approval phase, where each stakeholder reviews the change,
identifies and allocates the corresponding resources, and eventually either
approves or rejects the change (appropriately documenting the approval or
rejection). Finally, the Rollback phase addresses the actions to take when the
monitoring change suggests a failure or inadequate performance.
Which of the following is an example of 2FA?
