ISC2 CC Exam Questions With 100% Correct Answers

ISC2 CC Exam Questions With 100% Correct Answers Which access control is more effective at protecting a door against unauthorized access? A. Fences B. Turnstiles C. Barriers D. Locks - answerD. Locks A lock is a device that prevents a physical structure (typically a door) from being opened, indicating that only the authorized person (i.e. the person with the key) can open it. A fence or a barrier will prevent ALL access. Turnstiles are physical barrier that can easily overcome (after all, it is common knowledge that intruders can easily jump over a turnstile when no one is watching). Which type of attack PRIMARILY aims to make a resource inaccessible to its intended users? A. Phishing B. Denial of Service C. Trojans D. Cross-site scripting - answerB. Denial of Service A denial of service attack (DoS) consists in compromising the availability of a system or service through a malicious overload of requests, which causes the activation of safety mechanisms that delay or limit the availability of that system or service. Due to this, systems or services are rendered inaccessible to their intended users, Trojans, phishing, and cross-site scripting attacks try to gain access o the system or data, and therefore do not primarily aim at compromising the system's availability. Which devices have the PRIMARY objective of collecting and analyzing security events? A. Firewalls B. Hubs C. Routers D. SIEM - answerD. SIEM A security Information and Even Management (SIEM) system is an application that gathers security data from information system components and presents actionable information through a unified interface. Routers and Hubs aim to receive and forward traffic. Firewalls filter incoming traffic. Neither of these last three options aim at collecting and analyzing security events. Which access control model specifies access to an object based on the subject's role in the organization? A. RBAC B. MAC C. ABAC D. DAC - answerA. RBAC The role-based access control (RBAC) model is well known for governing access to objects based on the roles of individual users within the organization. Mandatory access control is based on security classification. Attribute-access control is based on complex attribute rules. In discretionary access control, subjects can grant privileges to other subjects and change some of the security attributes of the object they have access to, When a company hires an insurance company to mitigate risk, which risk management technique is being applied? A. Risk transfer B. Risk avoidance C. Risk mitigation D. Risk tolerance - answerA. Risk transfer Risk transfer is a risk management strategy that contractually shifts a pure risk from one party to another (in this case, to an insurance company.) Risk avoidance consists in stopping activities and exposures that can negatively affect an organization and its assets. Risk mitigation consists of mechanism to reduce the risk. Finally, risk tolerance is the degree of risk that an investor is willing to endure. Which type of attack will most effectively provide privileged access (root access in Unix/Linux platforms) to a computer while hiding its presence? A. Rootkits B. Phishing C. Cross-Site Scripting D. Trojans - answerA. Rootkits A rootkit tries to maintain root-level access while concealing malicious activity. It typically creates a backdoor and attempts to remain undetected by anti-malware software. A rootkit is active while the system is running. Trojans can also create backdoors but are only active while a specific application is running, and thus are not as effective as a rootkit. Phishing is used to initiate attacks by redirecting the user to fake websites. Cross-site scripting is used to attack websites. Which device is used to connect a LAN to the Internet? A. Router B. Firewall C. HIDS D. SIEM - answerA. Router A router is a device that acts as a gateway between two or more networks by relaying and directing data packets between them. A firewall is a device that filters traffic coming from the Internet but does not seek to distribute traffic. Neither Security Information and Event Management (SIEM) systems nor Host Intrusion Detection Systems (HIDS) are monitoring devices nor applications that aim at inter-network connectivity. How many data labels are considered manageable? A. 1-2 B. 1 C. 2-3 D. >4 - answerC. 2 - 3 According to data handling and labeling best practices, two or three classifications for data are typically considered manageable for most organizations. In the ISC2 Study Guide, Ch. 5, Module 1, under Data Handling Practices in Labeling, "two or three classification are manageable, but more than four tend to be challenging to manage,". These classifications could be labels such as Public, Confidential, and Restricted, each representing a different level of data sensitivity. The Labeling system allows the organization to easily identify and manage data based on its sensitivity level, ensuring that appropriate security measures are in place for each classification. The principle is that labeling data based on its sensitivity level should be based on a limited, unambiguous set of labels that correspond to different levels of data sensitivity. The key is to have a system that differentiates data sensitivity levels without being overly complex to implement and maintain. (Having more that 4 can make the system overly complex and difficult to manage, increasing the risk of misclassification and potential data breaches. In Change Management, which component addresses the procedures needed to undo changes? A. Request for Approval B. Rollback C. Request for Change D. Disaster and Recover - answerB. Rollback In Change Management, the Request for Change (RFC) is the first stage of the request; it formalizes the change from the stakeholder's point of view. The next phase is the Approval phase, where each stakeholder reviews the change, identifies and allocates the corresponding resources, and eventually either approves or rejects the change (appropriately documenting the approval or rejection). Finally, the Rollback phase addresses the actions to take when the monitoring change suggests a failure or inadequate performance. Which of the following is an example of 2FA? A. One-time passwords (OTA) B. Keys C. Badges D. Passwords - answerA. One-time passwords (OTA) One-time passwords are typically generated by a device (i.e. "something you have") and are required in addition to the actual password (i.e. "something you know"). Badges, keys and passwords with no overlapping authentication controls are considered single-factor. Which cloud deployment model is suited to companies with similar needs and concerns? A. Community cloud B. Private cloud C. Multi-tenant D. Hybrid cloud - answerA. Community cloud Community cloud deployment models are where several organization with similar needs and concern (technological or regulatory) share the infrastructure and resources of a cloud environment. This model is attractive because it is cost-effective while addressing the specific requirements of the participating organizations. A private cloud is a cloud computing model where the cloud infrastructure is dedicated