Practice Free CC CC - Certified in Cybersecurity Exam Questions Answers With Explanation

Exhibit.

What is the PRIMARY purpose of a web application firewall (WAF)?

In information systems terms, the activities necessary to restore IT and communications services of an organization during and after an outage

What is the process of verifying a users identity called?

Which OSI layer VPN works

Is the right of an individual to control the distribution of information about themselves

Access control used in in high-security situations such as military and government organizations.

Mark has purchased a MAC LAPTOP. He is scared of losing his screen and planning to buy an insurance policy. So, which risk management strategy is?

Government can imposes financial penalties as a consequence of breaking a

Sending employees to work at a customer's home can open your business to more risk of bodily injury or property damage claims. So, to reduce risk and avoid potential losses, you decide not to offer those kinds of services

The process of running a simulated instances of a computer system in a layer abstracted from the underlying hardware server or workstation

Which of the following is not a protocol of the OSI layer 3

Which TLS extension is used to optimize the TLS handshake process by reducing the number of round trips between the client and server?

Ping flood attack target which OSI layer

The mitigation of violations of security policies and recommended practices

What is the primary goal of the incident management team in the organization

Granting a user access to services or the system

Centralized organizational function fulfilled by an information security team that monitors, detects and analyzes events on the network or system to prevent and resolve issues before they result in business disruptions.

What does the term "Two-factor authentication" refer to in Cybersecurity?

Which of the following is NOT one of the four typical ways of managing risk?

Risk tolerance also known as

Which type of control is used to identify that an attack has occurred or is currently occurring

Port scanning attack target which OSI layer

What is the primary goal of incident management

An external entity has tried to gain access to your organization's IT environment without proper authorization. This is an example of a(n)

What security feature used in HTTPS

Is a way to prevent unwanted devices from connecting to a network.

What does the term business in business continuity planning refer to?

What is the most important aspect of security awareness/training?

In the context of cybersecurity, typical threat actors include the following:

Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of information

Dani is an ISC2 member and an employee of New Corporation. One of Dani's colleagues offers to share a file that contains an illicit copy of a newly released movie. What should Dani do

What should been done to limit the damage caused by the ransomware attack

Some Employee of his organization launched a privilege escalation attack to gain root access on one of the organization's database serversiThe employee does have an authorized user account on the server. What log file would be MOST likely to contain relevant information??

What kind of control is, when we add a backup firewall that takes over if the main one stops working?

Exhibit.

information security is not built on which of the following?

Faking the sending address of a transmission to gain illegal entry into a secure system.

Which of the following protocols is a secure alternative to using telnet?

When is the Business Continuity Plan Enacted?

Selvaa presents a userid and a password to a system in order to log on. Which of the following characteristics must the userid have?

What are the primary responsibilities of a computer incident response team (CIRT) during an incident?

EKristal is the security administrator for a large online service provider. Kristal learns that the company is harvesting personal data of its customers and sharing the data with local governments where the company operates, without the knowledge of the users, to allow the governments to persecute users on the basis of their political and philosophical beliefs. The published user agreement states that the company will not share personal user data with any entities without the users' explicit permission. According to the ISC2 Code of Ethics, to whom does Kristal ultimately report in this situation?

What is the range of well known ports

Incident management is also known as

Juli is listening to network traffic and capturing passwords as they are sent to the authentication server. She plans to use the passwords as part of a future attack. What type of attack is this?

Which ensure maintaining business operations during or after an incident

Communication between end systems is encrypted using a key, often known as________?

What is the main challenge in achieving non repudiation in electronic transactions

A Company IT system experienced a system crash that result in a loss of data. What term best describes this event?

A organization's security system which involves in preventing, detecting, analyzing, and responding to cybersecurity incidents.

Which version of TLS is considered to be the most secure and recommended for use?

What is the purpose of defense in depth in information security

What is the recommended fire suppression system for server rooms

Uses multiple types of access controls in literal or theoretical

layers to help an organization avoid a monolithic security

Structured way to align IT with business goals while managing risks and meeting all industry and government regulations

What is the primary goal of implementing input validation in application security?

What is the main purpose of using digital signatures in communication security?

Timiting access to resources based on the sensitivity of the information that the resource contains and the authorization of the user to access information with that level of sensitivity.

Which is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary's attack lifecycle and the platforms they are known to target

Which layer of OSI the Firewall works

Which security control mostly used to prevent data breach

Which type of authentication is something which you

Which layer does VLAN hopping belong to?

Which maintains that a user or entity should only have access to the spec data, resources and applications needed to complete a required task.

What is an incident in the context of cybersecurity

Which aspect of cybersecurity is MOST impacted by Distributed Denial of Service (DDoS) attacks?

Derrick logs on to a system in order to read a file. In this example. Derrick is the______?

Which of the following is the least secure communications protocol?

What is the main purpose of creating baseline in ensuring system integrity

Which type of attack attempts to gain information by observing the devices power consumption

Can be considered to be a fingerprint of the file or message

Which type of database combines related records and fields into a logical tree structure?

Which Prevents Threat

The amount of risk, at a broad level, that an organization is

willing to accept in pursuit of its strategic objectives.

Which of the following is a subject?

When responding to a security incident, your team determines that the vulnerability that was exploited was not widely known to the security community, and that there are no currently known definitions/listings in common vulnerability databases or collections. This vulnerability and exploit might be called______

How does IPSec protect against reply attacks

Are a measure of an organization's baseline of security performance

Which of the following physical controls is used to protect against eavesdropping and data theft through electromagnetic radiation

Actions, processes and tools for ensuring an organization can continue critical operations during a contingency.

When the ISC2 Mail server sends mail to other mail servers it becomes —?

A company primary data center goes down due to a hardware failure causing a major disruption to the IT and communications systems. What is the focus of disaster recovery planning in this scenario

Which of the following is NOT one of the three main components of a sql database?

Duke would like to restrict users from accessing a list of prohibited websites while connected to his network. Which one of the following controls would BEST achieve his objective?

Who should participate in creating a BCP

Created by switches to logically segment a network without altering its physical topology.

In what way do a victim's files get affected by ransomware?

Which type of application can intercept sensitive information such as passwords on a network segment?

provide integrity services that allow a recipient to verify that a message has not been altered.

The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization.

What is the first step in incident response planning

What is the potential impact of an IPSec reply attack

What is multi-factor authentication (MFA)?

Which of the following documents contains elements that are NOT mandatory

The method of distributing network traffic equally across a pool of resources that support an application

Ignoring the risk and proceeding the business operations

Which of the following security controls is designed to prevent unauthorized access to sensitive information by ensuring that it is only accessible to authorized users?

After an Earthquake disrupting business operations, which documents contains the reactive procedures required to return business to normal operations

The Bell and LaPadula access control model is a form of

Which of these is the most efficient and effective way to test a business continuity plan

Removing the design belief that the network has any trusted space. Security is managed at eachpossible level, representing the most granular asset. Micro segmentation of workloads is a tool of the model.

Natalia is concerned that users on her network may be storing sensitive information, such as social security numbers, on their hard drives without proper authorization or security controls. What 3rd -party security service can she implement to best detect this activity?

You experienced a power outage that disrupted access to your data center. What type of security concern occurred?

A hacker gains access to a compony network and begins to intercept network traffic in order to steal login credentials which OSI layer is being attacked

An unknown person obtaining access to the company file system without authorization is example of

A company data center has been breached by hackers and all its systems have been taken down what is the main objective of the DRP in such a scenario?

Faking the sender address in a transmission to gain illegal entry into a secure system

Which is the loopback address

The practice of ensuring that an organizational process cannot be completed by a single person; forces collusion as a means to reduce insider threats.

Which of the following attacks can TLS help mitigate?

Which of these activities is often associated with DR efforts?

Which device is used to control traffic flow in network

which is the short form of IPv6 address 2001:0db8:0000:0000:0000:ffff:0000:0001

Which is strongly used for Securing Wi-Fi

Which is not the function of IPS

Port forwarding is also known as

The prevention of authorized access to resources or the delaying of time critical operations.

Example of Deterrent controls