ISC2 CC (CERTIFIED IN CYBERSECURITY) PRACTICE
QUESTIONS : CERTIFICATION SUCCESS -
UNOFFICIAL BY CERTIFICATION TERMINAL (PART 1)
4.1 In the realm of information security, what constitutes the utmost crucial element of
privacy?
A. Protecting personal information from unauthorized access or disclosure
B. Ensuring data is accurate and unchanged
C. Making sure data is always accessible when needed
D. All of the above - Answers :A. Protecting personal information from unauthorized
access or disclosure
4.2 Choose the BEST example for a preventive control from the following:
A. A firewall
B. A backup generator
C. An intrusion detection system
D. An antivirus software - Answers :A. A firewall
4.3 What distinguishes a private cloud from a public cloud?
A. A public cloud is less secure than a private cloud
B. A private cloud is more expensive than a public cloud
C. A public cloud is hosted by a third-party provider, while a private cloud is dedicated to
a single organization
D. A private cloud is only accessible from a single location - Answers :C. A public cloud
is hosted by a third-party provider, while a private cloud is dedicated to a single
organization
4.4 What security principle asserts that a user should possess only the requisite
permissions to perform a task?
A. Separation of Duties
B. Defense in Depth
C. Least Privilege
D. Privileged Accounts - Answers :C. Least Privilege
4.5 What is the objective of implementing a security awareness and training initiative?
A. To develop technical specifications for security controls
B. To educate employees about security policies and procedures
C. To investigate and respond to security incidents
D. To enforce disciplinary actions for security violations - Answers :B. To educate
employees about security policies and procedures
4.6 In your roles as a cybersecurity analyst, your supervisor tasks you with producing a
document that delineates the sequential procedure for setting up firewall rules within the
organization's network infrastructure. What specific type of document are you creating?
A. Guideline
,B. Policy
C. Procedure
D. Standard - Answers :C. Procedure
4.7 What is the term used to denote the process of eliminating or neutralizing malicious
software (malware) from a computer?
A. Firewall configuration
B. Decryption
C. Encryption
D. Malware Removal - Answers :D. Malware Removal
4.8 What is the main objective of Business Continuity (BC)?
A. To minimize expenses during unexpected events
B. To maintain operations during unexpected events
C. To maximize profits during unexpected events
D. To maintain the status quo during unexpected events - Answers :B. To maintain
operations during unexpected even
4.9 What distinguishes an incident response plan from a disaster recovery plan?
A. An incident response plan focuses on recovering from security incidents, while a
disaster recovery plan focuses on recovering from natural disasters.
B. An incident response plan focuses on preventing security incidents, while a disaster
recovery plan focuses on mitigating the impact of natural disasters
C. An incident response plan focuses on detecting and responding to security incidents,
while a disaster recovery plan focuses on restoring IT systems and infrastructure
D. An incident response plan focuses on restoring critical systems and data, while a
disaster recovery plan focuses on restoring business operations. - Answers :C. An
incident response plan focuses on detecting and responding to security incidents, while
a disaster recovery plan focuses on restoring IT systems and infrastructure
4.10 Which of the options below is an example that does NOT represent a possible
model for an Incident Response Team (IRT)?
A. Leveraged
B. Dedicated
C. Hybrid
D. Pre-existing - Answers :D. Pre-existing
4.11 What is the objective of a risk assessment procedure?
A. To assign risk priorities to identified risks
B. To assess the potential impact of risks on the organization
C. To implement controls and measures to reduce or eliminate risks
D. To provide a structured approach for conducting risk assessments - Answers :D. To
provide a structured approach for conducting risk assessments
4.12 In risk management, what does the term "impact" refer to?
A. The actions taken to transfer or mitigate risks
, B. Confidentiality
C. The severity or consequences of a risk event
D. the potential vulnerabilities in a system or process. - Answers :C. The severity or
consequences of a risk event
4.13 How do you define integrity in the context of Information Security?
A. The maintenance of a known configuration and unexpected operational function as
the system processes information
B. The maintenance of a random configuration and unpredictable operational function
as the system processes information
C. The maintenance of a known bad configuration and unexpected operational function
as the system processes information
D. The maintenance of a known good configuration and expected operational function
as the system processes information - Answers :D. The maintenance of a known good
configuration and expected operational function as the system processes information
4.14 What is the primary objective of risk assessment?
A. To identify critical business functions
B. To evaluate the potential impact of threats to the organization
C. To define recovery time objectives for critical systems and data
D. To establish procedures for restoring critical systems and data - Answers :B. To
evaluate the potential impact of threats to the organization
4.15 Which of the following options exemplifies an administrative control?
A. Firewall
B. Network-based intrusion detection system
C. Physical locks on doors
D. Background checks for employees - Answers :D. Background checks for employees
4.16 Which of these is primarily focused on identifying and prioritizing critical business
processes?
A. Business Continuity Plan
B. Disaster Recovery Plan
C. Business Impact Analysis
D. Business Impact Plan - Answers :C. Business Impact Analysis
4.17 What term pertains to an individual's capacity to mange the sharing of their
personal information?
A. Consent
B. Privacy
C. Anonymization
D. Data minimization - Answers :B. Privacy
4.18 Which of the following options exemplifies a logical access control?
A. Security guards patrolling an area
B. Physical locks on doors
QUESTIONS : CERTIFICATION SUCCESS -
UNOFFICIAL BY CERTIFICATION TERMINAL (PART 1)
4.1 In the realm of information security, what constitutes the utmost crucial element of
privacy?
A. Protecting personal information from unauthorized access or disclosure
B. Ensuring data is accurate and unchanged
C. Making sure data is always accessible when needed
D. All of the above - Answers :A. Protecting personal information from unauthorized
access or disclosure
4.2 Choose the BEST example for a preventive control from the following:
A. A firewall
B. A backup generator
C. An intrusion detection system
D. An antivirus software - Answers :A. A firewall
4.3 What distinguishes a private cloud from a public cloud?
A. A public cloud is less secure than a private cloud
B. A private cloud is more expensive than a public cloud
C. A public cloud is hosted by a third-party provider, while a private cloud is dedicated to
a single organization
D. A private cloud is only accessible from a single location - Answers :C. A public cloud
is hosted by a third-party provider, while a private cloud is dedicated to a single
organization
4.4 What security principle asserts that a user should possess only the requisite
permissions to perform a task?
A. Separation of Duties
B. Defense in Depth
C. Least Privilege
D. Privileged Accounts - Answers :C. Least Privilege
4.5 What is the objective of implementing a security awareness and training initiative?
A. To develop technical specifications for security controls
B. To educate employees about security policies and procedures
C. To investigate and respond to security incidents
D. To enforce disciplinary actions for security violations - Answers :B. To educate
employees about security policies and procedures
4.6 In your roles as a cybersecurity analyst, your supervisor tasks you with producing a
document that delineates the sequential procedure for setting up firewall rules within the
organization's network infrastructure. What specific type of document are you creating?
A. Guideline
,B. Policy
C. Procedure
D. Standard - Answers :C. Procedure
4.7 What is the term used to denote the process of eliminating or neutralizing malicious
software (malware) from a computer?
A. Firewall configuration
B. Decryption
C. Encryption
D. Malware Removal - Answers :D. Malware Removal
4.8 What is the main objective of Business Continuity (BC)?
A. To minimize expenses during unexpected events
B. To maintain operations during unexpected events
C. To maximize profits during unexpected events
D. To maintain the status quo during unexpected events - Answers :B. To maintain
operations during unexpected even
4.9 What distinguishes an incident response plan from a disaster recovery plan?
A. An incident response plan focuses on recovering from security incidents, while a
disaster recovery plan focuses on recovering from natural disasters.
B. An incident response plan focuses on preventing security incidents, while a disaster
recovery plan focuses on mitigating the impact of natural disasters
C. An incident response plan focuses on detecting and responding to security incidents,
while a disaster recovery plan focuses on restoring IT systems and infrastructure
D. An incident response plan focuses on restoring critical systems and data, while a
disaster recovery plan focuses on restoring business operations. - Answers :C. An
incident response plan focuses on detecting and responding to security incidents, while
a disaster recovery plan focuses on restoring IT systems and infrastructure
4.10 Which of the options below is an example that does NOT represent a possible
model for an Incident Response Team (IRT)?
A. Leveraged
B. Dedicated
C. Hybrid
D. Pre-existing - Answers :D. Pre-existing
4.11 What is the objective of a risk assessment procedure?
A. To assign risk priorities to identified risks
B. To assess the potential impact of risks on the organization
C. To implement controls and measures to reduce or eliminate risks
D. To provide a structured approach for conducting risk assessments - Answers :D. To
provide a structured approach for conducting risk assessments
4.12 In risk management, what does the term "impact" refer to?
A. The actions taken to transfer or mitigate risks
, B. Confidentiality
C. The severity or consequences of a risk event
D. the potential vulnerabilities in a system or process. - Answers :C. The severity or
consequences of a risk event
4.13 How do you define integrity in the context of Information Security?
A. The maintenance of a known configuration and unexpected operational function as
the system processes information
B. The maintenance of a random configuration and unpredictable operational function
as the system processes information
C. The maintenance of a known bad configuration and unexpected operational function
as the system processes information
D. The maintenance of a known good configuration and expected operational function
as the system processes information - Answers :D. The maintenance of a known good
configuration and expected operational function as the system processes information
4.14 What is the primary objective of risk assessment?
A. To identify critical business functions
B. To evaluate the potential impact of threats to the organization
C. To define recovery time objectives for critical systems and data
D. To establish procedures for restoring critical systems and data - Answers :B. To
evaluate the potential impact of threats to the organization
4.15 Which of the following options exemplifies an administrative control?
A. Firewall
B. Network-based intrusion detection system
C. Physical locks on doors
D. Background checks for employees - Answers :D. Background checks for employees
4.16 Which of these is primarily focused on identifying and prioritizing critical business
processes?
A. Business Continuity Plan
B. Disaster Recovery Plan
C. Business Impact Analysis
D. Business Impact Plan - Answers :C. Business Impact Analysis
4.17 What term pertains to an individual's capacity to mange the sharing of their
personal information?
A. Consent
B. Privacy
C. Anonymization
D. Data minimization - Answers :B. Privacy
4.18 Which of the following options exemplifies a logical access control?
A. Security guards patrolling an area
B. Physical locks on doors
