Practice Free CC CC - Certified in Cybersecurity Exam Questions Answers With Explanation

A Risk Management Framework (RMF) provides a structured, continuous process for identifying, assessing, and mitigating risk across an organization.

Transport Layer Security (TLS) helps mitigateman-in-the-middle (MITM) attacksby providing encryption, authentication, and integrity protection for data transmitted between communicating systems. TLS ensures that data exchanged between a client and server cannot be intercepted, modified, or read by unauthorized third parties.

TLS uses digital certificates and public key cryptography to authenticate servers (and sometimes clients), preventing attackers from impersonating legitimate endpoints. It also encrypts session data using symmetric encryption, protecting confidentiality even if traffic is captured.

TLS does not prevent application-layer attacks such as XSS or SQL injection, which are caused by insecure application logic. It also does not address social engineering, which targets human behavior rather than network protocols.

Because MITM attacks exploit unencrypted or improperly authenticated connections, TLS is a primary defense recommended by NIST and all modern security standards for protecting data in transit.

VLAN hopping exploits weaknesses in Layer 2 switching mechanisms such as trunking and tagging.

A MAC (Media Access Control) address is 48 bits long and is divided into two main parts. The first24 bitsrepresent theOrganizationally Unique Identifier (OUI), which is assigned by IEEE to hardware manufacturers.

The remaining 24 bits are assigned by the manufacturer to uniquely identify individual network interfaces. The OUI allows network administrators and tools to identify the vendor of a network device.

Understanding MAC addressing is important for network security, device identification, and troubleshooting. MAC addresses are commonly used in access control mechanisms such as MAC filtering, although they should not be relied upon as a strong security control due to spoofing risks.

Adequate securitymeans applying controls proportional to risk and potential impact, a core concept in NIST frameworks.

A baseline is a documented set of approved security controls, configurations, and system settings used as a standard across an IT environment. Baselines ensure consistency, security, and compliance by defining how systems should be configured before deployment and during operation.

Security baselines are commonly derived from frameworks such as CIS Benchmarks, NIST SP 800-53, and vendor hardening guides. They help reduce misconfigurations, which are a leading cause of security breaches.

Patches address specific vulnerabilities, inventory tracks assets, and policies define high-level rules and expectations. Baselines translate policies into actionable technical settings, such as password policies, logging configurations, and service restrictions.

By enforcing baselines, organizations improve security posture, simplify audits, and enable faster incident response. Any deviation from the baseline can be detected and investigated, making baselines a cornerstone of secure and well-managed IT environments.

MAC enforces centrally managed access controls. Users and data owners cannot modify permissions.

Type 1 authentication is “something you know,” such as passwords or PINs. Other options represent possession-based or biometric authentication.

Effective DLP solutions monitor all egress channels to prevent unauthorized data exfiltration, including web uploads, APIs, and removable media.

Port scanning targetstransport-layer ports(TCP/UDP), making Layer 4 the correct answer.

PAM solutions focus onjust-in-time (JIT) access, granting elevated privileges only when needed and revoking them afterward. This reduces standing privileges and minimizes attack surfaces.

While managementparticipatesin BCP, “management” alone is not a documented component. The other options represent formal, documented BCP elements.

Two-Person Integrityensures no single individual can complete a sensitive action alone, reducing fraud and insider threats.

Distributed Denial-of-Service (DDoS) attacks disrupt availability by overwhelming systems, preventing legitimate access.

A guard dog deters unauthorized access by increasing perceived risk. Deterrent controls discourage attacks before they occur.

VLANs reduce broadcast domains, improving performance and security.

An exploit is the method or code used to take advantage of a known vulnerability. Successful exploitation may result in an intrusion or breach.

Replay attacks disrupt communication by resending captured packets, potentially causing session confusion or denial of service. IPSec mitigates this using sequence numbers.

Tunneling encapsulates packets to securely transmit them across networks, commonly used in VPNs.

DAC allows object owners broad discretion to manage permissions, including delegation and modification of access controls.

Defense in Depth employs administrative, technical, and physical controls across multiple layers to reduce reliance on any single security mechanism. This approach increases resilience and detection capability.

Qualitative risk analysis evaluates risk using descriptive categories such aslow,medium, andhighinstead of numerical values. This approach relies on expert judgment, experience, and contextual understanding rather than precise financial or statistical calculations. According to NIST SP 800-30, qualitative analysis is especially useful when numerical data is unavailable or when rapid risk prioritization is required.

Unlike quantitative risk analysis, which assigns monetary values and probabilities, qualitative analysis focuses on relative severity and likelihood. It is commonly used during early stages of risk management, policy development, and executive decision-making. While less precise, qualitative risk analysis is easier to communicate to stakeholders and helps organizations focus resources on the most critical risks.

A switch operates at Layer 2 and forwards traffic only to the destination port based on MAC address tables, unlike hubs which broadcast traffic.

Non-repudiation requires strong identity verification, message integrity, and tamper resistance, typically implemented using digital signatures and PKI.

The post-incident phase focuses on documenting lessons learned, improving controls, and preventing recurrence.

The Federal Information Security Modernization Act (FISMA) requires federal agencies to implement comprehensive information security programs, including continuous monitoring and vulnerability scanning.

FISMA mandates risk-based security controls aligned with NIST standards, such as NIST SP 800-53 and NIST SP 800-137.

HIPAA applies to healthcare data, GLBA applies to financial institutions, and FERPA protects student education records. None of these broadly mandate vulnerability scanning across federal systems.

FISMA is foundational to federal cybersecurity governance and compliance.

Digital signatures provide authentication, integrity, and non-repudiation. They confirm who sent a message and ensure it was not altered.

SOAR (Security Orchestration, Automation, and Response) platforms are designed to collect security data from multiple tools, analyze events, and automatically execute response actions using predefined playbooks. This automation allows security teams to respond quickly and consistently to incidents.

While SIEM systems collect and correlate logs and generate alerts, they typically require manual analyst intervention for response. SOAR extends SIEM capabilities by orchestrating workflows across tools such as firewalls, endpoint protection, ticketing systems, and threat intelligence platforms.

Log repositories store logs without analysis or response capabilities. Intrusion Prevention Systems (IPS) focus on blocking malicious traffic in real time but do not coordinate broader incident response actions.

SOAR solutions reduce alert fatigue, improve response time, and standardize incident handling procedures. They are a key component of mature Security Operations Centers (SOCs) and are strongly recommended by modern security operations frameworks.

SSH key-based authentication is ideal for automated system-to-system communication. It allows secure, passwordless authentication using cryptographic key pairs.

Biometrics and smart cards require human interaction, and hard-coded passwords are insecure and difficult to rotate. SSH keys provide strong authentication, automation support, and secure key management.

This approach is widely recommended for scripts, automation, and DevOps pipelines.

A sudden flood of network packets causing degraded performance is best classified as anadverse event. An adverse event is any occurrence that negatively affects system performance, availability, or operations but may not yet meet the threshold of a confirmed security incident. According to NIST definitions, events such as traffic spikes, system slowdowns, or anomalous behavior are initially treated as adverse events until further analysis confirms malicious intent.

If investigation later confirms the flood was caused by a deliberate denial-of-service attack, the classification may escalate to asecurity incident. However, without confirmation of intent or compromise, adverse event is the most accurate term.

Microsegmentationdivides networks into granular zones protected by internal firewalls or policy enforcement points. It limits lateral movement and is a core Zero Trust principle.

Role-Based Access Control (RBAC) enforces least privilege by assigning permissions based on job roles rather than individuals. Users receive only the permissions necessary for their role, reducing excess access.

RBAC is widely used in enterprises, cloud platforms, and operating systems due to its scalability and manageability.

WPA2uses strong encryption (AES) and is significantly more secure than WEP or WPA.

Routers control traffic flow between different networks by making routing decisions based on IP addresses. They operate at OSI Layer 3 and determine the optimal path for data packets.

Risk is calculated by evaluating the likelihood of a threat exploiting a vulnerability and the resulting impact.

Deterrent controls are designed to discourage individuals from attempting unauthorized or malicious actions. CCTV systems act as deterrent controls because their visible presence can discourage theft, vandalism, or unauthorized access by increasing the perceived risk of being caught.

Business Continuity Plans (BCP), Disaster Recovery Plans (DRP), and Incident Response Plans (IRP) are corrective and recovery-focused controls, not deterrents. They address what happensafteran incident occurs.

Deterrent controls are often combined with preventive and detective controls to form a layered security strategy. Examples include warning signs, lighting, guards, and surveillance cameras. These controls play an important psychological role in reducing security incidents.

An IP address is a logical identifier used to locate and route traffic to devices on a network.

A security incident is an event that threatens or violates CIA principles. Not all incidents result in breaches.

A BIA identifies critical systems, dependencies, and acceptable downtime to establish recovery priorities.

Authentication is the phase of the AAA (Authentication, Authorization, Accounting) model in which a user proves their identity. During authentication, the system verifies that the user is who they claim to be by validating credentials such as passwords, biometrics, smart cards, or cryptographic keys.

Identification occurs first, when a user claims an identity (for example, entering a username). Authentication then confirms that claim. Authorization follows authentication and determines what actions the authenticated user is permitted to perform. Accounting tracks and logs user activities for auditing and monitoring purposes.

Strong authentication is critical to system security because all subsequent access control decisions depend on its accuracy. Weak authentication mechanisms increase the risk of unauthorized access, credential theft, and impersonation attacks.

Modern security frameworks emphasize multi-factor authentication (MFA) to strengthen this phase. NIST SP 800-63 highlights authentication as a core security function essential to protecting systems, data, and services from unauthorized access.

A zero-day vulnerability is one that is unknown to the vendor and has no available patch at the time it is exploited. Attackers take advantage of the fact that defenders have “zero days” to fix the issue.

Routine vulnerability scans cannot detect zero-days because scanners rely on known signatures. This is why defense-in-depth, monitoring, and anomaly detection are critical security strategies.

Log retention policies are primarily driven by laws, regulations, and governance requirements. Audits review compliance but do not typically define retention durations themselves.

Availabilityensures that authorized users can access information and systems when needed, a core element of the CIA triad.

Address Space Layout Randomization (ASLR) randomizes the memory locations used by applications, making it significantly harder for attackers to predict where malicious payloads should be placed during buffer overflow attacks.

Buffer overflow exploits rely on predictable memory layouts. ASLR disrupts this predictability, increasing attacker effort and reducing exploit reliability.

The other options are either non-standard terms or unrelated to buffer overflow mitigation. ASLR is widely used in modern operating systems and is a key defensive control recommended by secure coding and system hardening guidelines.

ASLR does not eliminate vulnerabilities but raises the attack complexity, which is a core defensive strategy.

Zero Trust is a security architecture that assumesno implicit trust—inside or outside the network perimeter. Every access request must be continuously verified based on identity, device health, context, and policy. Unlike traditional perimeter-based models, Zero Trust eliminates the concept of a “trusted internal network.”

Microsegmentation is a core Zero Trust technique that divides networks and workloads into highly granular security zones. Each zone enforces its own access controls, dramatically reducing lateral movement if an attacker gains access. This model aligns with NIST SP 800-207, which defines Zero Trust as a strategy to minimize attack surfaces and contain breaches.

Data Loss Prevention (DLP) solutions are specifically designed to detect, monitor, and prevent the unauthorized storage, use, or transmission of sensitive data such as Social Security numbers, credit card data, and personal records. DLP tools can scan endpoint hard drives, servers, databases, and cloud storage to identify sensitive data based on patterns, classifications, or content inspection.

IDS and IPS focus on detecting or blocking network attacks, not improper data storage. TLS encrypts data in transit but does not detect where sensitive data resides. DLP solutions directly address Natalia’s concern by identifying policy violations related to sensitive data storage.

DLP is a critical control recommended by NIST and CIS for protecting regulated data and preventing data leakage across all data states.

Risk transference is a risk management strategy in which an organization or individual shifts the financial impact of a risk to a third party. Purchasing insurance is a classic example of risk transference. In this scenario, Mark transfers the financial consequences of potential damage to the laptop screen to the insurance provider.

Risk acceptance involves acknowledging a risk and choosing to do nothing. Risk deterrence discourages risky behavior through controls or penalties. Risk mitigation reduces the likelihood or impact of a risk through safeguards such as protective cases or training.

Risk transference does not eliminate the risk itself; the laptop can still be damaged. However, it reduces the financial burden associated with the event. In cybersecurity, common examples include cyber insurance, outsourcing, and service-level agreements (SLAs).

This strategy is widely recognized in risk management frameworks such as NIST SP 800-30 and ISO 31000 as an appropriate option when mitigation is too costly or impractical.

Internal consistency ensures that all copies of data remain identical in content and meaning.

In Business Continuity Planning (BCP), the termbusinessrefers primarily to theoperational aspects of the organization—the people, processes, and activities required to deliver products and services. While IT systems, finances, and facilities support operations, BCP focuses on ensuring thatcritical business functions continueduring and after disruptions.

This includes customer service, supply chain operations, payroll, compliance activities, and decision-making processes. BCP is broader than disaster recovery, which focuses mainly on restoring IT systems. According to NIST SP 800-34, business continuity emphasizes mission-essential functions and their dependencies, including personnel, third parties, facilities, and technology.

ThePrinciple of Least Privilegeensures users, applications, and systems have only the minimum permissions necessary to perform their duties. This reduces the attack surface and limits potential damage if credentials are compromised.

Antivirus softwareis apreventive security controldesigned to stop known malware threats before they can execute or spread within a system. Antivirus solutions use signature-based detection, heuristic analysis, and increasingly behavior-based techniques to block malicious code such as viruses, worms, trojans, and ransomware.

In contrast,IDS (Intrusion Detection Systems)andHIDS (Host-based IDS)are primarilydetective controls. They monitor systems and networks for suspicious activity but do not inherently block threats.SIEMplatforms aggregate and analyze logs for visibility and correlation; they support detection and response but do not directly prevent threats.

According to NIST SP 800-53, preventive controls are designed to stop incidents from occurring, while detective controls identify events after or during occurrence. Therefore, antivirus is the correct choice as it directly prevents threats.

An event is any observable occurrence. Not all events are incidents or breaches, but incidents start as events.

A Content Delivery Network (CDN) provides the greatest resilience against large-scale DDoS attacks by distributing traffic across a globally dispersed network of edge servers. CDNs absorb and filter malicious traffic before it reaches the origin infrastructure.

Increasing servers or bandwidth helps only to a limited extent and can still be overwhelmed by volumetric attacks. IPS-based mitigation is effective for smaller attacks but is not designed to handle massive distributed floods. CDNs combine traffic absorption, rate limiting, caching, and threat filtering at scale.

Major CDNs operate with terabits of capacity and specialized DDoS defenses, making them highly effective against attacks that would cripple individual organizations.

For public-facing applications, CDNs are considered a best-practice defensive control against availability attacks.

A URL filter is specifically designed to block access to prohibited websites based on domain names, URLs, or content categories. It provides granular and user-friendly control over web access.

IP address blocking is less effective because many websites use shared IP addresses and dynamic hosting. DLP focuses on data protection, not web browsing. IPS detects and blocks attacks, not policy-based browsing restrictions.

URL filtering is commonly implemented in firewalls, secure web gateways, and proxy servers and is a best-practice control for acceptable use enforcement.

A Security Information and Event Management (SIEM) system is designed tocollect, correlate, analyze, and alert on security eventsgenerated across an organization’s IT environment. SIEM platforms aggregate logs from diverse sources such as servers, firewalls, endpoints, applications, and cloud services, providing centralized visibility into security activity.

The core value of a SIEM lies inevent correlation and contextual analysis. By correlating events across systems and over time, a SIEM can detect suspicious patterns that individual logs alone would not reveal—such as lateral movement, privilege escalation, or coordinated attacks. SIEMs also support real-time alerting, dashboards, querying, and incident investigation, enabling security teams to respond faster and more effectively.

SIEM systems donotencrypt files (that’s cryptography), block websites directly (that’s firewalls or secure web gateways), or manage passwords (that’s IAM). Instead, they serve as thecentral nervous system of a Security Operations Center (SOC), supporting monitoring, detection, compliance reporting, and incident response workflows as recommended by NIST and other security frameworks.

An eavesdropping attack occurs when an attacker passively intercepts network communications to capture sensitive information such as credentials, session tokens, or authentication exchanges. This data can later be reused in impersonation or replay attacks.

CSRF and XSS are application-layer attacks, while ARP spoofing is an active network attack. Eavesdropping relies on unencrypted or weakly protected communications, highlighting the importance of TLS and secure authentication protocols.

Internet of Things (IoT)devices include embedded systems such as sensors, smart appliances, cameras, and industrial controllers that connect to networks and exchange data. These devices often have limited security controls and are common attack targets, making them a significant cybersecurity concern.

TLS 1.3 is the most secure and currently recommended version of the Transport Layer Security protocol. It removes outdated cryptographic algorithms, simplifies the handshake process, and provides stronger security guarantees than earlier versions.

TLS 1.3 eliminates insecure features such as static RSA key exchange and weak cipher suites. It enforces forward secrecy by default and significantly reduces handshake latency, improving both security and performance.

TLS 1.0 and TLS 1.1 are deprecated due to known vulnerabilities. TLS 1.2 is still secure when properly configured but is being phased out in favor of TLS 1.3.

Security frameworks and regulatory standards strongly recommend TLS 1.3 for protecting sensitive data in transit, especially for public-facing services.

HTTPS uses SSL/TLS to provide encryption, authentication, and integrity for web communications.

Risk identification is a collaborative process that enables awareness, communication, and protection against threats.

Security hardening involves disabling unnecessary services, applying secure configurations, and reducing system exposure. It is a core preventative security practice recommended by NIST and CIS.

A protocol analyzer, also known as a packet sniffer, captures and inspects network traffic flowing across a network segment. If traffic is unencrypted, protocol analyzers can intercept sensitive information such as usernames, passwords, session tokens, and application data.

Log servers store logs, network scanners identify hosts and services, and firewalls filter traffic based on rules. Only protocol analyzers are designed to capture and inspect packet contents.

This capability makes protocol analyzers valuable for troubleshooting and for attackers conducting eavesdropping attacks. Encryption protocols such as TLS are critical defenses against this risk.

Security testing is used to verify that a specific control is functioning as intended. In this scenario, John wants to confirm that authentication controls operate correctly, which requires actively testing them under real or simulated conditions.

Security assessments evaluate overall security posture and risk, audits focus on compliance and policy adherence, and walkthroughs are informal reviews or demonstrations. None of these directly validate control effectiveness as precisely as testing.

Security testing may include functional testing, penetration testing, or control validation exercises to confirm expected behavior. For authentication controls, this might involve testing login mechanisms, MFA enforcement, failure handling, and session management.

NIST SP 800-53 and ISO/IEC 27001 both emphasize testing as a critical step in ensuring security controls are implemented correctly and remain effective over time.

Data remanence refers to the residual representation of data that remains on storage media even after attempts have been made to delete or erase it. When files are deleted, the operating system typically removes references to the data rather than overwriting the actual bits on the disk. As a result, the data may still be recoverable using forensic tools.

Remanence is especially relevant for magnetic storage, solid-state drives, and backup media. Because of this risk, security standards recommend proper media sanitization techniques such as overwriting, degaussing, or physical destruction. NIST SP 800-88 specifically addresses media sanitization methods to mitigate remanence risks.

This concept is critical when disposing of or repurposing storage devices, particularly those that previously contained sensitive or regulated data.

Disaster Recovery Planning focuses on restoring IT infrastructure, systems, and communications after major disruptions.

The Internet Engineering Task Force (IETF) develops and maintains Internet standards through RFCs.

VLANslogically separate networks at Layer 2 while sharing the same physical infrastructure.

A Content Delivery Network (CDN) ensures low latency by caching content at geographically distributed edge locations close to end users. When customers access a website, content is served from the nearest CDN node rather than a centralized server.

This significantly reduces round-trip time, network congestion, and load on origin servers. CDNs are especially effective for static content such as images, scripts, and videos, which dominate e-commerce traffic.

Load balancing distributes traffic but does not reduce geographic distance. SaaS is a service model, not a latency solution. Decentralized data centers help but lack the optimized edge caching and routing capabilities of a CDN.

CDNs are a core performance and availability control for global online services and are widely used by large e-commerce platforms to improve customer experience and resilience.

Well-known ports (0–1023) are reserved for core services such as HTTP (80), HTTPS (443), FTP (21), and SSH (22).

When a device does not meet security baseline requirements, it poses a risk to the environment. Best practice is todisable or quarantine the deviceto prevent potential compromise or lateral movement. Network Access Control (NAC) solutions commonly automate this process.

Isolation ensures the device cannot interact with production systems until it is patched, configured correctly, and verified as compliant. This approach aligns with NIST and Zero Trust principles, emphasizing continuous compliance and containment.

Digital signatures provideauthentication,integrity, andnon-repudiation, but they donot provide confidentiality. A digital signature verifies who sent the message and ensures it was not altered, but the content remains readable unless encryption is also applied.

Confidentiality requires encryption, typically using symmetric or asymmetric cryptography. Digital signatures are often combined with encryption (such as in TLS or secure email), but by themselves they do not hide message contents.

Confidentiality ensures information is accessible only to authorized individuals.

In anasymmetric cryptography system, each user is assigned akey pairconsisting ofone public key and one private key. These two keys are mathematically related but serve different purposes: the public key is shared openly for encryption or verification, while the private key is kept secret for decryption or signing.

To support50 users, each user must have2 keys:

1 public key

1 private key

Therefore, the total number of keys required is:

50 users × 2 keys per user = 100 keys

This is one of the major advantages of asymmetric cryptography over symmetric cryptography. In symmetric systems, the number of required keys grows rapidly as the number of users increases (n(n?1)/2), making key management complex. Asymmetric cryptography scales much more efficiently because each user manages only their own key pair.

Asymmetric encryption is widely used in secure communications such as TLS, digital signatures, and PKI-based authentication. Standards bodies like NIST and ISO/IEC rely heavily on asymmetric cryptography for scalable and secure key management.

Law enforcement is not typically part of an organization’s internal incident response team. Incident response teams usually consist of cybersecurity professionals, technical subject matter experts, IT staff, legal advisors, and management representatives.

Law enforcement may become involved after an incident, especially in cases involving criminal activity, regulatory requirements, or large-scale breaches. However, they are external stakeholders, not internal team members.

Management plays a key role in decision-making and communication, while technical and cybersecurity experts handle detection, containment, eradication, and recovery.

NIST incident response guidance emphasizes coordination with external entities but clearly distinguishes internal response teams from external authorities such as law enforcement.

An Incident Response Plan (IRP) outlines roles, responsibilities, and procedures for handling security incidents and minimizing damage.

A wall is a physical deterrent that prevents and discourages unauthorized access. Signs are administrative deterrents, cameras are detective controls, and razor tape is a physical barrier but typically supplements perimeter defenses rather than serving as the primary deterrent.

SSH operates at the Application layer (Layer 7). IP, ICMP, and IGMP are Layer 3 protocols responsible for routing and control messaging.

Threat actors include insiders, external attackers, and automated technologies such as bots. Modern threat landscapes recognize non-human actors as valid threats due to automation and AI-driven attacks.

Registered ports (1024–49151) are typically assigned to vendor-specific or proprietary applications, such as database services.

High availability (HA) refers to system designs that ensure continuous operation by minimizing downtime in the event of component failures. Adding a backup firewall that automatically takes over when the primary firewall fails is a classic example of high availability.

HA solutions often use failover mechanisms, heartbeat monitoring, and redundancy to ensure seamless service continuity. The goal is to maintain availability, which is a core pillar of the CIA triad.

Component redundancy describes duplicated parts, but high availability focuses on the operational outcome—continued service. Load balancing distributes traffic, not failover. Clustering involves multiple systems working together, but HA specifically emphasizes fault tolerance and uptime.

High availability is critical for security infrastructure such as firewalls, authentication servers, and monitoring tools. NIST and ISO frameworks stress HA as essential for business continuity, disaster recovery, and resilient security operations.

Subnetting divides a large network into smaller, logical segments called subnets. One of the primary benefits of subnetting isreducing network congestion. In a flat network, broadcast traffic is sent to all devices, which can significantly degrade performance as the network grows. By creating subnets, broadcast domains are limited, ensuring that broadcast traffic stays within a specific segment instead of flooding the entire network.

While subnetting can indirectly improve security and management, its most direct and measurable benefit is performance improvement through reduced broadcast traffic. Smaller subnets result in fewer devices competing for bandwidth, which enhances efficiency and reliability.

Subnetting also supports scalability and fault isolation. Network issues in one subnet are less likely to impact others. This concept is foundational in enterprise networks and is heavily emphasized in network design standards and certifications such as Security+, CCNA, and CISSP.

BCPs should be testedroutinely(e.g., tabletop, simulations) to ensure readiness and relevance.

Logical access controls are implemented through software and system configurations. They include settings such as user permissions, authentication mechanisms, firewall rules, and system policies managed through GUIs or command-line interfaces. Logical controls protect digital assets by restricting access based on identity and authorization.

IPv6 was introduced primarily due toIPv4 address exhaustion, enabling vastly expanded address space.

A cryptographic hash uniquely represents the contents of a file or message. Even a small change produces a completely different hash value, making it an effective digital fingerprint.

A Virtual Private Network (VPN) creates an encrypted tunnel between a user’s device and a remote network or server. This tunnel protects data confidentiality and integrity by encrypting all traffic passing through it, even when using untrusted networks such as public Wi-Fi.

HTTPS encrypts only web traffic, antivirus detects malware, and IDS monitors for suspicious activity. Only a VPN provides full-tunnel encryption for all network communications. VPNs are commonly implemented using protocols such as IPSec or SSL/TLS and are widely recommended for secure remote access.

Athreatis any actor or condition capable of exploiting a vulnerability to cause harm.

Sensitivity refers to thedegree of protection required for information, as determined by its owner. Highly sensitive data requires stronger confidentiality controls because unauthorized disclosure could cause significant harm.

Asecurity incidentis an event or series of events that indicates a possible compromise of confidentiality, integrity, or availability of information systems or data. According to NIST SP 800-61, incidents include attempted or successful unauthorized access, misuse, modification, or denial of service.

Not all incidents result in breaches, but all breaches are incidents. Incidents trigger incident response processes, investigations, and potential escalation depending on severity.

Federated authentication enables single identity across trusted organizations, supporting single sign-on (SSO) and eliminating repeated credential entry.

Logical (technical) controls such as encryption, access controls, DLP, and firewalls directly prevent unauthorized data access and exfiltration.

Cross-Site Request Forgery (CSRF) tricks an authenticated user’s browser into sending unauthorized requests to a trusted server. Because the user is already authenticated, the server processes the request as legitimate.

XSS injects malicious scripts, while spoofing involves impersonation. CSRF exploits trust in an existing authenticated session. Defenses include CSRF tokens, same-site cookies, and proper request validation.

Load balancing improves availability by distributing traffic across multiple systems, preventing overload and downtime.

A security assessment evaluates the effectiveness of security controls and verifies whether they meet security requirements. It differs from risk assessments, which focus on identifying threats and vulnerabilities.

Risk assessment is the structured process of identifying risks, estimating their likelihood and impact, and prioritizing them for treatment. It forms the analytical foundation of risk management and enables informed decision-making. Risk assessment typically includes threat identification, vulnerability analysis, likelihood determination, and impact analysis.

Risk treatment and mitigation occur after risks have been assessed, while risk management is the broader lifecycle that includes assessment, response, monitoring, and communication. Standards such as NIST SP 800-30 emphasize risk assessment as a critical early step in managing cybersecurity risk.

Corrective controls are designed torestore systems to normal operation after a security incident or attack has occurred. Examples include restoring data from backups, reimaging compromised systems, applying patches, and resetting credentials.

Detective controls identify incidents, preventive controls stop incidents, and corrective controls fix the damage. While recovery controls are sometimes mentioned informally, most security frameworks (including NIST) classify restoration activities under corrective controls.

Corrective controls are critical for minimizing downtime and ensuring business resilience following an incident.

At Layer 3 (Network Layer), data is encapsulated intopacketsfor routing across networks.

HIPAA applies to healthcare providers, insurers, and their business associates to protect patient health information (PHI).

Input validation ensures user inputs are sanitized and conform to expected formats, preventing injection attacks such as SQL injection and command injection.

In information security, privacy refers to protecting personal and sensitive information from unauthorized access, use, or disclosure. Privacy focuses specifically on data related to individuals, such as PII, and ensuring it is handled according to legal, ethical, and regulatory requirements.

While privacy is closely related to confidentiality, it places greater emphasis on individual rights and consent. Ensuring privacy means limiting access to personal data and preventing misuse.

Integrity and availability address different aspects of the CIA triad, while option D is incomplete and incorrect. Security frameworks treat privacy as a critical objective, especially in environments handling personal data.

Discretionary Access Control (DAC) allows the owner or creator of an object to decide who can access it and what permissions they receive. This delegation capability is a defining feature of DAC systems.

MAC enforces centrally controlled policies, RBAC assigns permissions through roles, and ABAC uses attributes evaluated by a policy engine. Only DAC explicitly allows object owners to grant or revoke access at their discretion.

Segregation of duties ensures no single individual can propose, approve, and implement changes alone, reducing fraud and errors.

Secure Shell (SSH) is the secure alternative to Telnet. Telnet transmits data, including credentials, in clear text, making it vulnerable to interception. SSH encrypts all communications, providing confidentiality, integrity, and authentication.

HTTPS secures web traffic, SFTP is used for file transfer, and LDAPS secures directory services—not remote terminal access. SSH is the industry-standard replacement for Telnet.

Aturnstileis a physical access control device designed to allow only one individual to pass at a time. Turnstiles are commonly used to prevent tailgating and unauthorized entry in offices, transit stations, and secure facilities. Unlike mantraps, turnstiles typically allow one-way movement and do not lock a person inside an enclosed space.

Cloud orchestration coordinates automated tasks, workflows, and resource provisioning across cloud environments to improve efficiency and consistency.

Rootkits provide stealthy, persistent control by hiding malicious processes and maintaining privileged access. They are extremely difficult to detect and remove.

Physical controls such as fire suppression systems, flood barriers, and seismic bracing protect facilities and equipment from environmental threats.

Standards such as ISO, NIST, and CIS are commonly developed by third-party organizations and provide best practices and compliance guidance. They are not laws unless mandated.

Load balancing distributes incoming traffic across multiple servers or resources to improve performance, scalability, and availability. It prevents overload of a single system and supports high availability architectures.

Logical access controls enforce security through software-based mechanisms such as access control lists, authentication systems, and configuration settings.

A Smurf attack amplifies ICMP traffic to overwhelm targets.

If CIA is not impacted, the occurrence remains asecurity event, not an incident or breach.

DNS primarily usesport 53over UDP and TCP for name resolution.

Mandatory Access Control (MAC) enforces centrally managed security labels and clearances, making it suitable for classified and government systems.

Abreachoccurs when sensitive or protected information is accessed, disclosed, or used without authorization—regardless of intent. Even accidental disclosures, such as sending confidential data to the wrong recipient, qualify as breaches because confidentiality has been compromised.