5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

Jakkraphan Suwannasen (username: [email protected])

Attempt 2
Written: May 2, 2023 11:00 AM - May 2, 2023 12:13 PM

Submission View
Your quiz has been submitted successfully.

Question 1 0 / 1 point

Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must
put the documents into a safe at the end of the workday, where they are locked up until the
following workday. What kind of control is the process of putting the documents into the safe? (D1,
L1.3.1) 

A)  Administrative

B)  Tangential

C)  Physical

D)  Technical

Hide question 1 feedback

A is the correct answer. The process itself is an administrative control; rules and practices are
administrative. The safe itself is physical, but the question asked specifically about process, not the
safe, so C is incorrect. Neither the safe nor the process is  part of the IT environment, so this is not a
technical control; D is incorrect. B is incorrect; "tangential" is not a term commonly used to describe
a particular type of security control, and is used here only as a distractor. 

Question 2 1 / 1 point

Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After
attending a few online sessions, Tina learns that some participants in the group are sharing malware
with each other, in order to use it against other organizations online. What should Tina do? (D1,
L1.5.1) 
https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brights… 1/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Nothing

B)  Stop participating in the group

C)  Report the group to law enforcement

D)  Report the group to (ISC)²

Hide question 2 feedback

B is the best answer. The (ISC)² Code of Ethics requires that members "protect society, the common
good, necessary public trust and confidence, and the infrastructure"; this would include a prohibition
against disseminating and deploying malware for offensive purposes. However, the Code does not
make (ISC)² members into law enforcement officers; there is no requirement to get involved in legal
matters beyond the scope of personal responsibility. Tina should stop participating in the group, and
perhaps (for Tina's own protection) document when participation started and stopped, but no other
action is necessary on Tina's part. 

Question 3 1 / 1 point

Druna is a security practitioner tasked with ensuring that laptops are not stolen from the
organization's offices. Which sort of security control would probably be best for this purpose? (D1,
L1.3.1) 

A)  Technical

B)  Obverse

C)  Physical

D)  Administrative

Hide question 3 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brights… 2/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

C is the best answer. Because laptops are tangible objects, and Druna is trying to ensure that these
objects are not moved from a certain place, physical controls are probably best for the purpose. A is
incorrect; technical controls might help detect an attempt to steal a laptop, or locate the laptop after
it has been stolen, but won't prevent the laptop from being taken. B is incorrect; "obverse" is not a
term commonly used to describe a particular type of security control, and is used here only as a
distractor. D is incorrect; administrative controls may help reduce theft, such as ensuring that
laptops are not left in a place unobserved, but won't prevent the laptop from being taken. 

Question 4 0 / 1 point

Which of the following is an example of a "something you are" authentication factor? (D1, L1.1.1) 

A)  A credit card presented to a cash machine

B)  Your password and PIN

C)  A user ID

D)  A photograph of your face

Hide question 4 feedback

D is correct. A facial photograph is something you are—your appearance. A is incorrect because a

credit card is an example of an authentication factor that is something you have. B is incorrect
because passwords and PINs are examples of authentication factors that are something you know. C
is incorrect because a user ID is an identity assertion, not an authentication factor. 

Question 5 0 / 1 point

Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to
assess a particular threat, and he suggests that the best way to counter this threat would be to
purchase and implement a particular security solution. This is an example of _______. (D1, L1.2.2) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brights… 3/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Acceptance

B)  Avoidance

C)  Mitigation

D)  Transference

Hide question 5 feedback

C is correct. Applying a security solution (a type of control) is an example of mitigation. A is

incorrect; if Kerpak suggested acceptance, then the threat, and the acceptance of the associated
risk, only needs to be documented—no other action is necessary. B is incorrect; if Kerpak suggested
avoidance, the course of action would be to cease whatever activity was associated with the
threat. D is incorrect; if Kerpak suggested transference, this would involve forming some sort of risk-
sharing relationship with an external party, such as an insurance underwriter. 

Question 6 0 / 1 point

Preenka works at an airport. There are red lines painted on the ground next to the runway; Preenka
has been instructed that nobody can step or drive across a red line unless they request, and get
specific permission from, the control tower. This is an example of a(n)______ control. (D1, L1.3.1) 

A)  Physical

B)  Administrative

C)  Critical

D)  Technical

Hide question 6 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brights… 4/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

B is correct. The process of requesting and getting permission, and the painted signage, are
examples of administrative controls. A is incorrect; while the line is painted on the ground (and the
ground is a tangible object), the line does not actually act to prevent or control anything—the line is
a symbol and indicator; Preenka could easily walk across the line, if Preenka chose to do so. C is
incorrect; "critical" is not a term commonly used to describe a particular type of security control, and
is used here only as a distractor. D is incorrect; a painted line is not an IT system or part of the IT
environment. 

Question 7 0 / 1 point

A vendor sells a particular operating system (OS). In order to deploy the OS securely on different
platforms, the vendor publishes several sets of instructions on how to install it, depending on which
platform the customer is using. This is an example of a ________. (D1, L1.4.2) 

A)  Law

B)  Procedure

C)  Standard

D)  Policy

Hide question 7 feedback

B is correct. This is a set of instructions to perform a particular task, so it is a procedure (several

procedures, actually—one for each platform). A is incorrect; the instructions are not a governmental
mandate. C is incorrect, because the instructions are particular to a specific product, not accepted
throughout the industry. D is incorrect, because the instructions are not particular to a given
organization. 

Question 8 1 / 1 point

Triffid Corporation has a policy that all employees must receive security awareness instruction
before using email; the company wants to make employees aware of potential phishing attempts that
the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brights… 5/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Administrative

B)  Finite

C)  Physical

D)  Technical

Hide question 8 feedback

A is correct. Both the policy and the instruction are administrative controls; rules and governance
are administrative. B is incorrect; "finite" is not a term commonly used to describe a particular type
of security control, and is used here only as a distractor. C is incorrect; training is not a tangible
object, so this is not a physical control. D is incorrect; training is not part of the IT environment, so it
is not a technical control. 

Question 9 0 / 1 point

Jengi is setting up security for a home network. Jengi decides to configure MAC address filtering on
the router, so that only specific devices will be allowed to join the network. This is an example of
a(n)_______ control. (D1, L1.3.1) 

A)  Physical

B)  Administrative

C)  Substantial

D)  Technical

Hide question 9 feedback

This is a difficult question, because it may seem as if there are two possible answers: the router
enforces a set of rules as to which MAC addresses may be included on the network, so that sounds

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brights… 6/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

like an administrative control. However, the router is an IT system, so that seems as if it is a technical
control. In fact, it is considered the latter. In general, it is best to consider the matter this way: if it
has a power cord, or electricity running through it, it's a technical control. So D is the correct
answer. A is incorrect; while the router is a tangible object, it does not act on the physical realm,
affecting other tangible objects; it's an electronic device that is part of the IT environment. C is
incorrect; "substantial" is not a term commonly used to describe a particular type of security control,
and is used here only as a distractor. 

Question 10 0 / 1 point

The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects
health and human safety. The security office is tasked with writing a detailed set of processes on
how employees should wear protective gear such as hardhats and gloves when in hazardous areas.
This detailed set of processes is a _________. (D1, L1.4.1) 

A)  Policy

B)  Procedure

C)  Standard

D)  Law

Hide question 10 feedback

B is correct. A detailed set of processes used by a specific organization is a procedure. A is

incorrect; the policy is the overarching document that requires the procedure be
created and implemented. C is incorrect. The procedure is not recognized and
implemented throughout the industry; it is used internally. D is incorrect; the
procedure was created by Triffid Corporation, not a governmental body. 

Question 11 1 / 1 point

The European Union (EU) law that grants legal protections to individual human privacy. (D1, L1.1.1) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brights… 7/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  The Privacy Human Rights Act

B)  The General Data Protection Regulation

C)  The Magna Carta

D)  The Constitution

Hide question 11 feedback

B is correct: The GDPR is the EU law that treats privacy as a human right. A is incorrect because
there is no Privacy Human Rights Act, which is only used here as a distractor. C is incorrect because
the Magna Carta is a British law describing the relationship between the monarchy and the people,
and does not mention privacy. D is incorrect because the Constitution is the basis of United States
federal law, and does not mention privacy. 

Question 12 1 / 1 point

For which of the following systems would the security concept of availability probably be most
important? (D1, L1.1.1) 

A)  Medical systems that store patient data

B)  Retail records of past transactions

C)  Online streaming of camera feeds that display historical works of art in museums around
the world

D)  Medical systems that monitor patient condition in an intensive care unit

Hide question 12 feedback

D is correct. Information that reflects patient condition is data that necessarily must be kept
available in real time, because that data is directly linked to the patients' well-being (and possibly

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brights… 8/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

their life). This is, by far, the most important of the options listed. A is incorrect because stored data,
while important, is not as critical to patient health as the monitoring function listed in answer D. B is
incorrect because retail transactions do not constitute a risk to health and human safety. C is
incorrect because displaying artwork does not reflect a risk to health and human safety; also
because the loss of online streaming does not actually affect the asset (the artwork in the museum)
in any way—the art will still be in the museum, regardless of whether the camera is functioning. 

Question 13 0 / 1 point

Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is
interested in getting an (ISC)2  certification and asks Zarma what the test questions are like. What
should Zarma do? (D1, L1.5.1) 

A)  Inform (ISC)²

B)  Explain the style and format of the questions, but no detail 

C)  Inform the colleague's supervisor

D)  Nothing

Hide question 13 feedback

B is the best answer. It is all right to explain the format of the exam, and even to share your own
impressions of how challenging and difficult you found the exam to be. But in order to protect the
security of the test, and to adhere to the (ISC)² Code of Ethics ("advance and protect the
profession"), Zarma should not share any explicit information about details of the exam or reveal any
actual questions. 

Question 14 1 / 1 point

A software firewall is an application that runs on a device and prevents specific types of traffic from
entering that device. This is a type of ________ control. (D1, L1.3.1) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brights… 9/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Physical

B)  Administrative

C)  Passive

D)  Technical

Hide question 14 feedback

D is correct. A software firewall is a technical control, because it is a part of the IT environment. A is

incorrect; a software firewall is not a tangible object that protects something. B is incorrect; a
software firewall is not a rule or process. Without trying to confuse the issue, a software firewall
might incorporate an administrative control: the set of rules which the firewall uses to allow or block
particular traffic. However, answer D is a much better way to describe a software firewall. C is
incorrect; "passive" is not a term commonly used to describe a particular type of security control,
and is used here only as a distractor. 

Question 15 1 / 1 point

Olaf is a member of (ISC)² and a security analyst for Triffid Corporation. During an audit, Olaf is asked
whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not
adhering to that standard in that particular situation, but that saying this to the auditors will reflect
poorly on Triffid. What should Olaf do? (D1, L1.5.1) 

A)  Tell the auditors the truth

B)  Ask supervisors for guidance

C)  Ask (ISC)² for guidance

D)  Lie to the auditors

Hide question 15 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 10/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A is the best answer. The (ISC)² Code of Ethics requires that members "act honorably, honestly,
justly, responsibly" and also "advance and protect the profession." Both requirements dictate that
Olaf should tell the truth to the auditors. While the Code also says that Olaf should "provide diligent
and competent service to principals," and Olaf's principal is Triffid in this case, lying does not serve
Triffid's best long-term interests, even if the truth has some negative impact in the short term.  

Question 16 1 / 1 point

A bollard is a post set securely in the ground in order to prevent a vehicle from entering an area or
driving past a certain point. Bollards are an example of ______ controls. (D1, L1.3.1) 

A)  Physical

B)  Administrative

C)  Drastic

D)  Technical

Hide question 16 feedback

A is correct. A bollard is a tangible object that prevents a physical act from occurring; this is a
physical control. B and D are incorrect because the bollard is a physical control, not administrative or
technical. C is incorrect: "drastic" is not a term commonly used to describe a particular type of
security control, and is used here only as a distractor. 

Question 17 1 / 1 point

Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an
(ISC)² certification exam. What should Glen do? (D1, L1.5.1) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.brights… 11/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Nothing

B)  Inform (ISC)²

C)  Inform law enforcement 

D)  Inform Glen's employer

Hide question 17 feedback

B is correct. The (ISC)² Code of Ethics requires that members "advance and protect the profession";
this includes protecting test security for (ISC)² certification material. (ISC)² (and every (ISC)² member)
has a vested interest in protecting test material, and countering any entity that is trying to
undermine the validity of the certifications. This is, however, not a matter for law enforcement; if it
turns out that law enforcement must be involved, (ISC)² will initiate that activity. Glen's employer
has no bearing on this matter. 

Question 18 1 / 1 point

Hoshi is an (ISC)² member who works for the Triffid Corporation as a data manager. Triffid needs a
new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and
implement. Hoshi's cousin works for a firewall vendor; that vendor happens to make the best firewall
available. What should Hoshi do? (D1, L1.5.1) 

A)  Recommend a different vendor/product

B)  Recommend the cousin's product

C)  Hoshi should ask to be recused from the task 

D)  Disclose the relationship, but recommend the vendor/product

Hide question 18 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 12/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

D is the best answer. According to the third Canon of the ISC2 Code of Ethics, members are required
to "provide diligent and competent service to principals." Hoshi's principal here is Triffid, Hoshi's
employer. It would be inappropriate for Hoshi to select the cousin's product solely based upon the
family relationship; however, if the cousin's product is, in fact, the best choice for Triffid, then Hoshi
should recommend that product. In order to avoid any appearance of impropriety or favoritism,
Hoshi needs to declare the relationship when making the recommendation. 

Question 19 1 / 1 point

The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city
council creates a rule that anyone caught creating and launching malware within the city limits will
receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1) 

A)  Policy

B)  Procedure

C)  Standard

D)  Law

Hide question 19 feedback

D is correct. The city council is a governmental body making a legal mandate; this is a law. A is
incorrect; the rule is not a policy used by a specific organization, but instead applies to anyone
within the jurisdiction of the Grampon city council. B is incorrect; this rule is not a process to follow.
C is incorrect; this rule is not recognized outside the jurisdiction of the Grampon city council. 

Question 20 1 / 1 point

Grampon municipal code requires that all companies that operate within city limits will have a set of
processes to ensure employees are safe while working with hazardous materials. Triffid Corporation
creates a checklist of activities employees must follow while working with hazardous materials inside
Grampon city limits. The municipal code is a ______, and the Triffid checklist is a ________. (D1,
L1.4.2) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 13/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Law, procedure

B)  Standard, law

C)  Law, standard

D)  Policy, law

Hide question 20 feedback

A is correct. The municipal code was created by a governmental body and is a legal mandate; this is a
law. The Triffid checklist is a detailed set of actions which must be used by Triffid employees in
specific circumstances; this is a procedure. B and C are incorrect; neither document is recognized
throughout the industry, so neither is a standard. D is incorrect; neither document is a strategic
internal overview issued by senior management, so neither is a policy. 

Question 21 1 / 1 point

Which of the following is likely to be included in the business continuity plan? (D2, L2.2.1) 

A)  Alternate work areas for personnel affected by a natural disaster 

B)  The organization's strategic security approach 

C)  Last year's budget information

D)  Log data from all systems

Hide question 21 feedback

A is correct. The business continuity plan should include provisions for alternate work sites, if the
primary site is affected by an interruption, such as a natural disaster. B is incorrect; the
organization's strategic security approach should be included in the organization's security policy. C

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 14/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

is incorrect; budgetary information is not typically included in the business continuity plan. D is
incorrect; log data is not typically included in the business continuity plan. 

Question 22 1 / 1 point

An attacker outside the organization attempts to gain access to the organization's internal files. This
is an example of a(n) ______. (D2, L2.1.1)

A)  Intrusion

B)  Exploit

C)  Disclosure

D)  Publication

Hide question 22 feedback

A is correct. An intrusion is an attempt (successful or otherwise) to gain unauthorized access. B is

incorrect; the question does not mention what specific attack or vulnerability was used. C and D are
incorrect; the organization did not grant unauthorized access or release the files. 

Question 23 1 / 1 point

What is the risk associated with delaying resumption of full normal operations after a disaster? (D2,
L2.3.1) 

A)  People might be put in danger

B)  The impact of running alternate operations for extended periods

C)  A new disaster might emerge 

D)  Competition

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 15/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

Hide question 23 feedback

B is correct. Alternate operations are typically more costly than normal operations, in terms of
impact to the organization; extended alternate operations could harm the organization as much as a
disaster. A is incorrect; typically, alternate operations are safer than normal operations. C is
incorrect; this would actually be an argument for delaying alternate operations, but it doesn't make
much sense. D is incorrect; competition is always a risk, but doesn't have anything to do with DR
efforts. 

Question 24 1 / 1 point

You are reviewing log data from a router; there is an entry that shows a user sent traffic through the
router at 11:45 am, local time, yesterday. This is an example of a(n)  _______. (D2, L2.1.1) incide

A)  Incident

B)  Event

C)  Attack

D)  Threat

Hide question 24 feedback

An event is any observable occurrence within the IT environment. (Any observable occurrence in a
network or system. (Source: NIST SP 800-61 Rev 2) While an event might be part of an incident,
attack, or threat, no other information about the event was given in the question, so B is the correct
answer. 

Question 25 1 / 1 point

What is the goal of Business Continuity efforts? (D2, L2.2.1) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 16/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Save money

B)  Impress customers

C)  Ensure all IT systems continue to operate

D)  Keep critical business functions operational

Hide question 25 feedback

D is correct. Business Continuity efforts are about sustaining critical business functions during
periods of potential interruption, such as emergencies, incidents, and disasters. A is incorrect;
Business Continuity efforts often require significant financial expenditures. B is incorrect; Business
Continuity efforts are important regardless of whether customers are impressed. C is incorrect;
Business Continuity efforts should focus specifically on critical business functions, not the entire IT
environment. 

Question 26 0 / 1 point

All of the following are important ways to practice an organization disaster recovery (DR) effort;
which one is the most important? (D2, L2.3.1) 

A)  Practice restoring data from backups

B)  Facility evacuation drills

C)  Desktop/tabletop testing of the plan 

D)  Running the alternate operating site to determine if it could handle critical functions in
times of emergency

Hide question 26 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 17/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

B is the only answer that directly addresses health and human safety, which is the paramount
concern of all security efforts. All the other answers are good exercises to perform as DR
preparation, but B is the correct answer. 

Question 27 0 / 1 point

Who approves the incident response policy? (D2, L2.1.1) 

A)  (ISC)²

B)  Senior management

C)  The security manager

D)  Investors

Hide question 27 feedback

B is correct. The organization's senior management are the only entities authorized to accept risk on
behalf of the organization, and therefore all organizational policies must be approved by senior
management. A is incorrect; (ISC)² has no authority over individual organizations. C is incorrect; the
security manager will likely be involved in crafting and implementing the policy, but only senior
management can approve it. D is incorrect; investors leave policy review and approval to senior
management. 

Question 28 1 / 1 point

Larry and Fern both work in the data center. In order to enter the data center to begin their workday,
they must both present their own keys (which are different) to the key reader, before the door to the
data center opens. 

Which security concept is being applied in this situation? (D3, L3.1.1) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 18/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Defense in depth

B)  Segregation of duties

C)  Least privilege

D)  Dual control

Hide question 28 feedback

D is correct. This is an example of dual control, where two people, each with distinct authentication
factors, must be present to perform a function. A is incorrect; defense in depth requires multiple
controls protecting assets—there is no description of multiple controls in this situation. B is
incorrect; in segregation of duties, the parts of a given transaction are split among multiple people,
and the task cannot be completed unless each of them takes part. Typically, in segregation of duties,
the people involved do not have to take part simultaneously; their actions can be spread over time
and distance. This differs from dual control, where both people must be present at the same time. C
is incorrect; the situation described in the question does not reduce the permissions of either person
involved or limit their capabilities to their job function. 

Question 29 1 / 1 point

A _____ is a record of something that has occurred. (D3, L3.2.1) 

A)  Biometric

B)  Law

C)  Log

D)  Firewall

Hide question 29 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 19/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

C is correct. This is a description of a log. A is incorrect; "biometrics" is a term used to describe

access control systems that use physiological traits of individuals in order to grant/deny access. B is
incorrect; laws are legal mandates. D is incorrect; a firewall is a device for filtering traffic. 

Question 30 1 / 1 point

Which of the following is not an appropriate control to add to privileged accounts? (D3, L3.1.1) 

A)  Increased logging

B)  Multifactor authentication

C)  Increased auditing

D)  Security deposit

Hide question 30 feedback

D is correct. We typically do not ask privileged account holders for security deposits. A, B, and C are
incorrect; those are appropriate controls to enact for privileged accounts. 

Question 31 1 / 1 point

Which of the following would be considered a logical access control? 

A)  An iris reader that allows an employee to enter a controlled area

B)  A fingerprint reader that allows an employee to enter a controlled area

C)  A fingerprint reader that allows an employee to access a laptop computer

D)  A chain attached to a laptop computer that connects it to furniture so it cannot be taken

Hide question 31 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 20/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

Logical access controls limit who can gain user access to a device/system. C is the correct answer. A,
B and D are all physical controls, as they limit physical access to areas and assets. 

Question 32 1 / 1 point

Which of the following roles does not typically require privileged account access? (D3, L3.1.1) 

A)  Security administrator

B)  Data entry professional 

C)  System administrator

D)  Help Desk technician

Hide question 32 feedback

B is correct. Data entry professionals do not usually need privileged access. A, C and D are all
incorrect; those are roles that typically need privileged access. 

Question 33 0 / 1 point

Which of the following is probably most useful at the perimeter of a property? (D3, L3.2.1) 

A)  A safe

B)  A fence

C)  A data center

D)  A centralized log storage facility

Hide question 33 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 21/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

B is the best answer. Of the options listed, a fence would be most useful at the perimeter of a
property. A, C and D are incorrect, because those contain high-value assets which would be better
located away from the perimeter of the property, so they can be protected with multiple security
controls of varying types. 

Question 34 1 / 1 point

Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of
the following except: (D3, L3.2.1) 

A)  Sign-in sheet/tracking log

B)  Fence

C)  Badges that differ from employee badges

D)  Receptionist

Hide question 34 feedback

B is the best answer. A fence is useful for controlling visitors, authorized users and potential
intruders. This is the only control listed among the possible answers that is not specific to visitors. A,
C and D are all controls that should be used to manage visitors. 

Question 35 0 / 1 point

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control
scheme for the company. Handel wants to ensure that employees transferring from one department
to another, getting promoted, or cross-training to new positions can get access to the different
assets they'll need for their new positions, in the most efficient manner. Which method should
Handel select? (D3, L3.3.1)

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 22/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Role-based access controls (RBAC)

B)  Mandatory access controls (MAC)

C)  Discretionary access controls (DAC)

D)  Barbed wire

Hide question 35 feedback

RBAC is the most efficient way to assign permissions to users based on their job duties. A is the
correct answer. B and C are incorrect; MAC and DAC don't offer the same kind of efficiency in this
regard. D is incorrect; barbed wire is a physical control, and won't be useful in this context. 

Question 36 0 / 1 point

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control
scheme for the company. Handel wants to ensure that employees who are assigned to new positions
in the company do not retain whatever access they had in their old positions. Which method should
Handel select? (D3, L3.3.1)

A)  Role-based access controls (RBAC)

B)  Mandatory access controls (MAC)

C)  Discretionary access controls (DAC)

D)  Logging

Hide question 36 feedback

RBAC can aid in reducing "privilege creep," where employees who stay with the company for a long
period of time might get excess permissions within the environment. A is the correct answer. B and

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 23/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

C are incorrect; MAC and DAC do not offer this type of assurance. D is incorrect; logging will
demonstrate user activity, but doesn't aid in reducing excess permissions. 

Question 37 1 / 1 point

Which of these is an example of a physical access control mechanism? (D3, L3.2.1) 

A)  Software-based firewall at the perimeter of the network

B)  A lock on a door

C)  Network switches that filter according to MAC addresses 

D)  A process that requires two people to act at the same time to perform a function

Hide question 37 feedback

B is correct. A lock on a door restricts physical access to the area on the other side of the door to
only those personnel who have the appropriate entry mechanism (key, badge, etc.).  A and C are
both technical/logical controls. D is an administrative control. 

Question 38 0 / 1 point

All of the following are typically perceived as drawbacks to biometric systems, except: (D3, L3.2.1) 

A)  Lack of accuracy

B)  Potential privacy concerns

C)  Retention of physiological data past the point of employment 

D)  Legality

Hide question 38 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 24/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A is correct. Biometric systems can be extremely accurate, especially when compared with other
types of access controls. B, C and D are all potential concerns when using biometric data, so those
answers are incorrect in this context. 

Question 39 1 / 1 point

Which of the following will have the most impact on determining the duration of log retention? (D3,
L3.2.1) 

A)  Personal preference

B)  Applicable laws

C)  Industry standards

D)  Type of storage media

Hide question 39 feedback

B is correct. Laws will have the most impact on policies, including log retention periods, because
laws cannot be contravened. All the other answers may have some impact on retention periods, but
they will never have as much impact as applicable laws. 

Question 40 1 / 1 point

Bruce is the branch manager of a bank. Bruce wants to determine which personnel at the branch can
get access to systems, and under which conditions they can get access. Which access control
methodology would allow Bruce to make this determination? (D3, L3.3.1)

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 25/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  MAC (mandatory access control)

B)  DAC (discretionary access control)

C)  RBAC (role-based access control)

D)  Defense-in-depth

Hide question 40 feedback

Discretionary access control is a model wherein permissions are granted by operational managers,
allowing them to make the determination of which personnel can get specific access to particular
assets controlled by the manager. B is the correct answer. A is incorrect; in mandatory access
control, managers do not have the authority (discretion) to determine who gets access to specific
assets. C is incorrect; in role-based access control, managers do not have the authority to determine
who gets access to particular assets. D is incorrect; defense in depth is not an access control model,
it's a security philosophy. 

Question 41 1 / 1 point

In order for a biometric security to function properly, an authorized person's physiological data must
be ______. (D3, L3.2.1) 

A)  Broadcast

B)  Stored

C)  Deleted

D)  Modified

Hide question 41 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 26/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

B is correct. A biometric security system works by capturing and recording a physiological trait of the
authorized person and storing it for comparison whenever that person presents the same trait in the
future. A is incorrect; access control information should not be broadcast. C is incorrect; if all
biometric data is erased, the data cannot be used for comparison purposes to grant access later. D is
incorrect; biometric data should not be modified, or it may become useless for comparison
purposes. 

Question 42 1 / 1 point

Network traffic originating from outside the organization might be admitted to the internal IT
environment or blocked at the perimeter by a ________. (D3, L3.2.1) 

A)  Turnstile

B)  Fence

C)  Vacuum

D)  Firewall

Hide question 42 feedback

A firewall is a solution used to filter traffic between networks, including between the internal
environment and the outside world. D is the correct answer. A and B are incorrect; a turnstile and a
fence are physical access control mechanisms. C is incorrect; a vacuum does not affect network
traffic, and the term is used here only as a distractor. 

Question 43 1 / 1 point

 Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove
software. Which of the following could be used to describe Gelbi's account? (D3, L3.1.1) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 27/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Privileged

B)  Internal

C)  External

D)  User

Hide question 43 feedback

A is Correct. This is the description of a privileged account; an account that typically needs greater
permissions than a basic user. B and C are incorrect; the question does not specify whether Gelbi
connects to the environment from within the network, or from outside. D is incorrect; this is too
vague—Gelbi is a user, but has permissions that are typically greater than what basic users have. 

Question 44 1 / 1 point

Guillermo logs onto a system and opens a document file. In this example, Guillermo is: (D3, L3.1.1) 

A)  The subject

B)  The object

C)  The process

D)  The software

Hide question 44 feedback

A is correct. Guillermo is the subject in this example.  B is incorrect; in this example, the file is the
object. C is incorrect; in this example, the process is logging on and opening the file. D is incorrect;
in this example, the application used to open the file is the software. 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 28/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

Question 45 1 / 1 point

Which common cloud deployment model typically features only a single customer's
data/functionality stored on specific systems/hardware? (D4.3 L4.3.2) 

A)  Public

B)  Private

C)  Community

D)  Hybrid

Hide question 45 feedback

B is correct; this is the defining feature of private cloud. A is incorrect; in public cloud, multiple
customers (or "tenants") typically share the underlying systems. C is incorrect; in community cloud,
multiple customers from a shared affinity group/industry typically share access to the underlying
infrastructure. D is incorrect; in hybrid cloud, more than one customer may use underlying
infrastructure. 

Question 46 0 / 1 point

Triffid, Inc., has many remote workers who use their own IT devices to process Triffid's information.
The Triffid security team wants to deploy some sort of sensor on user devices in order to recognize
and identify potential security issues. Which of the following is probably most appropriate for this
specific purpose? (D4.2 L4.2.2) 

A)  HIDS (host-based intrusion-detection systems)

B)  NIDS (network-based intrusion-detection systems)

C)  LIDS (logistical intrusion-detection systems)

D)  Firewalls 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 29/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

Hide question 46 feedback

Host-based intrusion-detection systems are expressly designed for this purpose; each HIDS is
installed on each endpoint machine. A is the correct answer. B is incorrect; NIDS are useful for
monitoring internal traffic, but a HIDS would be better for distributed users/devices. C is incorrect;
LIDS is not a term standard within our industry, and was just made up and used here as a
distractor. D is incorrect; firewalls limit traffic, and can be used to identify potential threats, but a
HIDS is specifically intended for this purpose. 

Question 47 1 / 1 point

Which of the following would be best placed in the DMZ of an IT environment? (D4.3 L4.3.3) 

A)  User's workplace laptop

B)  Mail server

C)  Database engine

D)  SIEM log storage

Hide question 47 feedback

B is correct; devices that must often interact with the external environment (such as a mail server)
are typically best situated in the DMZ. A, C and D are incorrect; devices that contain sensitive or
valuable information are typically best placed well inside the perimeter of the IT environment, away
from the external world and the DMZ. 

Question 48 1 / 1 point

Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an
additional task necessary to ensure this control will function properly? (D4.2 L4.2.3) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 30/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Pay all employees a bonus for allowing anti-malware solutions to be run on their systems

B)  Update the anti-malware solution regularly

C)  Install a monitoring solution to check the anti-malware solution 

D)  Alert the public that this protective measure has been taken

Hide question 48 feedback

B is the correct answer. Anti-malware solutions typically work with signatures for known malware;
without continual updates, these tools lose their efficacy. A, C and D are incorrect; these measures
will not aid in the effectiveness of anti-malware solutions. 

Question 49 1 / 1 point

A device that filters network traffic in order to enhance overall security/performance. (D4.1 L4.1.1) 

A)  Endpoint

B)  Laptop

C)  MAC (media access control)

D)  Firewall

Hide question 49 feedback

Firewalls filter traffic in order to enhance the overall security or performance of the network, or
both. D is the correct answer. A is incorrect; "endpoint" is the term used to describe a device
involved in a networked communication, at either "end" of a conversation. B is incorrect; laptops are
not typically employed to filter network traffic. C is incorrect; MAC is the physical address of a
device on a network. 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 31/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

Question 50 1 / 1 point

Carol is browsing the Web. Which of the following ports is she probably using? (D4, L4.1.2)

A)  12

B)  80

C)  247

D)  999

Hide question 50 feedback

B is the correct answer; port 80 is used for HTTP traffic, and HTTP is a Web-browsing protocol. A, C
and D are incorrect; these ports are not used by Web browsers. 

Question 51 1 / 1 point

Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an
attack designed to affect the availability of the environment. Which of the following might be the
attack Ludwig sees? (D4.2 L4.2.1) 

A)  DDOS (distributed denial of service)

B)  Spoofing

C)  Exfiltrating stolen data

D)  An insider sabotaging the power supply

Hide question 51 feedback

DDOS is an availability attack, often typified by recognizable network traffic; either too much traffic
to be processed normally, or malformed traffic. A is the correct answer. B and C are incorrect,

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 32/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

because in both these kinds of attacks, the attacker wants the IT environment to continue working
properly—if the attacker shut down the environment, the attacker wouldn't be able to use spoofed
credentials or exfiltrate stolen data. D is incorrect, because loss of power is not recognized by
network traffic, it is recognized by lack of functionality.  

Question 52 1 / 1 point

Which of the following is one of the common ways potential attacks are often identified? (D4.2
L4.2.2) 

A)  The attackers contact the target prior to the attack, in order to threaten and frighten the
target

B)  Victims notice excessive heat coming from their systems 

C)  The power utility company warns customers that the grid will be down and the internet
won't be accessible

D)  Users report unusual systems activity/response to Help Desk or the security office 

Hide question 52 feedback

Users often act as an attack-detection capability (although many user reports might be false-
positives). D is the correct answer. A and C are incorrect; unfortunately, we rarely get advance
notification of impending threats to the environment. B is incorrect; attacks are not typically
identified by physical manifestations. 

Question 53 1 / 1 point

Which type of fire-suppression system is typically the safest for humans? (D4.3 L4.3.1) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 33/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Water

B)  Dirt

C)  Oxygen-depletion

D)  Gaseous

Hide question 53 feedback

A is correct as it is the safest fire-suppression system listed that is typically used. B is incorrect; dirt
is rarely used in fire suppression, and then usually only for forest fires. C is incorrect; humans require
oxygen. D is incorrect; gaseous fire-suppression systems typically pose more hazard to humans than
water-based systems. 

Question 54 1 / 1 point

A device typically accessed by multiple users, often intended for a single purpose, such as managing
email or web pages. (D4.1 L4.1.1) 

A)  Router

B)  Switch

C)  Server

D)  Laptop

Hide question 54 feedback

A server typically offers a specific service, such as hosting web pages or managing email, and is often
accessed by multiple users. C is the correct answer. A and B are incorrect; routers and switches are
used to vector network traffic, not to provide specific services. D is incorrect; a laptop is typically
only assigned to a single user. 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 34/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

Question 55 1 / 1 point

A device that is commonly useful to have on the perimeter between two networks. (D4.3 L4.3.3) 

A)  User laptop

B)  IoT

C)  Camera

D)  Firewall

Hide question 55 feedback

Firewalls are often useful to monitor/filter traffic between two networks. D is correct. A and B are
incorrect; these are typically located inside the perimeter of the internal environment. C is incorrect;
cameras do not offer much benefit in monitoring communications traffic. 

Question 56 1 / 1 point

Inbound traffic from an external source seems to indicate much higher rates of communication than
normal, to the point where the internal systems might be overwhelmed. Which security solution can
often identify and potentially counter this risk? (D4.2 L4.2.2) 

A)  Firewall

B)  Turnstile

C)  Anti-malware

D)  Badge system

Hide question 56 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 35/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

Firewalls can often identify hostile inbound traffic, and potentially counter it. A is the correct
answer. B and D are incorrect; these are physical controls and aren't effective in
identifying/countering communications attacks. C is incorrect; anti-malware is not typically useful in
countering attacks that employ excess traffic as an attack mechanism. 

Question 57 1 / 1 point

A means to allow remote users to have secure access to the internal IT environment. (D4.3 L4.3.3) 

A)  Internet

B)  VLAN

C)  MAC

D)  VPN

Hide question 57 feedback

D is correct; a virtual private network protects communication traffic over untrusted media. A is
incorrect; the internet is an untrusted medium. B is incorrect; VLANs are used to segment portions
of the internal environment. C is incorrect; MAC is the physical address of a given networked
device. 

Question 58 1 / 1 point

Garfield is a security analyst at Triffid, Inc. Garfield notices that a particular application in the
production environment is being copied very quickly, across systems and devices utilized by many
users. What kind of attack could this be? (D4.2 L4.2.1) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 36/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Spoofing

B)  Side channel

C)  Trojan

D)  Worm

Hide question 58 feedback

Activity of this type, where an application or file is replicating rapidly across an entire environment,
is often indicative of a worm. D is correct. A is incorrect; spoofing uses captured credentials for the
attack, not replication of apps. B is incorrect; a side channel attack is typically entirely passive. C is
incorrect; while a Trojan horse method might be used to introduce a worm to the environment, not
all Trojans are worms. 

Question 59 1 / 1 point

A tool that aggregates log data from multiple sources, and typically analyzes it and reports potential
threats. (D4.2 L4.2.2) 

A)  HIDS

B)  Anti-malware

C)  Router

D)  SIEM

Hide question 59 feedback

SIEM/SEM/SIM solutions are typically designed specifically for this purpose. D is the correct
answer. A and C are incorrect; these are specific single sources of log data. B is incorrect; anti-
malware does not typically gather log data from multiple sources. 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 37/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

Question 60 1 / 1 point

Which of the following is not a typical benefit of cloud computing services? (D4.3 L4.3.2) 

A)  Reduced cost of ownership/investment

B)  Metered usage

C)  Scalability

D)  Freedom from legal constraints

Hide question 60 feedback

D is correct. Moving data/operations into the cloud does not relieve the customer from legal
constraints (and may even increase them). A, B and C are all common benefits of cloud services, and
are therefore incorrect answers. 

Question 61 0 / 1 point

Which common cloud service model only offers the customer access to a given application? (D4.3
L4.3.2) 

A)  Lunch as a service (LaaS) 

B)  Infrastructure as a service (IaaS)

C)  Platform as a service (PaaS)

D)  Software as a service (SaaS)

Hide question 61 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 38/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

D is the correct answer. This is a description of how SaaS works. A is incorrect; this is not a common
cloud service model. B is incorrect; IaaS offers much more than just access to a given application. C
is incorrect; PaaS offers much more than just access to a given application. 

Question 62 1 / 1 point

A tool that inspects outbound traffic to reduce potential threats. (D4.2 L4.2.3) 

A)  NIDS (network-based intrusion-detection systems)

B)  Anti-malware

C)  DLP (data loss prevention)

D)  Firewall

Hide question 62 feedback

DLP solutions typically inspect outbound communications traffic to check for unauthorized
exfiltration of sensitive/valuable information. C is correct. A, B and D are incorrect; these solutions
are not typically suited to inspect outbound traffic. 

Question 63 1 / 1 point

When data has reached the end of the retention period, it should be _____. (D5.1, L5.1.1) 

A)  Destroyed

B)  Archived

C)  Enhanced

D)  Sold

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 39/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

Hide question 63 feedback

At the end of the retention period, data should be securely destroyed. A is the correct answer. B, C
and D are incorrect; data must be securely destroyed at the end of the retention period. 

Question 64 1 / 1 point

Security controls on log data should reflect ________. (D5.1, L5.1.2) 

A)  The organization's commitment to customer service

B)  The local culture where the log data is stored

C)  The price of the storage device

D)  The sensitivity of the source device

Hide question 64 feedback

Log data should be protected with security as high, or higher, than the security level of the systems
or devices that log was captured from. D is the correct answer. A, B and C are incorrect; these are
not qualities that dictate security level of protection on log data. 

Question 65 1 / 1 point

Archiving is typically done when _________. (D5.1, L5.1.1) 

A)  Data is ready to be destroyed

B)  Data has lost all value

C)  Data is not needed for regular work purposes

D)  Data has become illegal

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 40/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

Hide question 65 feedback

Archiving is the action of moving data from the production environment to long-term storage. C is
the correct answer. A, B and C are incorrect. Archived data still has value and is not ready to be
destroyed; it is just not used on a regular basis. Illegal data should not be in the environment at all. 

Question 66 1 / 1 point

______ is used to ensure that configuration management activities are effective and enforced. (D5.2,
L5.2.1)

A)  Inventory

B)  Baseline

C)  Identification

D)  Verification and audit

Hide question 66 feedback

Verification and audit are methods we use to review the IT environment to ensure that configuration
management activities have taken place and are achieving their intended purpose. D is the correct
answer. A, B and C are incorrect; while these are terms related to configuration management, the
answer is verification and audit. 

Question 67 1 / 1 point

Proper alignment of security policy and business goals within the organization is important because:
(D5.3, L5.3.1) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 41/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Security should always be as strict as possible

B)  Security policy that conflicts with business goals can inhibit productivity

C)  Bad security policy can be illegal

D)  Security is more important than business

Hide question 67 feedback

B is correct. Security is a support function in most organizations, not a business function; therefore,
security policy must conform to business needs to avoid inhibiting productivity. A is incorrect;
security that is too strict can cause the organization to fail in its business purpose—the right balance
has to be created. C is incorrect; while it is true that policies might violate the law if improperly
crafted, that is not a reason to align the policy to the business goals (business goals should not
violate the law, either). D is incorrect; business goals are typically more important than security. 

Question 68 1 / 1 point

Bluga works for Triffid, Inc. as a security analyst. Bluga wants to send a message to several people
and wants the recipients to know that the message definitely came from Bluga. What type of
encryption should Bluga use? (D5.1, L5.1.3) 

A)  Symmetric encryption

B)  Asymmetric encryption

C)  Small-scale encryption

D)  Hashing

Hide question 68 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 42/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

With asymmetric encryption, Bluga can provide proof-of-origin for the message, for multiple
recipients. B is the correct answer. A is incorrect; symmetric encryption does not provide a capability
for proof of origin. C is incorrect; this term is meaningless, and used here only as a distractor. D is
incorrect; hashing is not encryption, and does not provide proof of origin. 

Question 69 0 / 1 point

Who dictates policy? (D5.3, L5.3.1) 

A)  The security manager

B)  The Human Resources office

C)  Senior management

D)  Auditors

Hide question 69 feedback

Only senior management has the legal and financial authority to issue policy and accept risk on
behalf of the organization. C is the correct answer. A, B and D are incorrect; only senior
management can issue policy. 

Question 70 1 / 1 point

Every document owned by Triffid, Inc., whether hardcopy or electronic, has a clear, 24-point word at
the top and bottom. Only three words can be used: "Sensitive," "Proprietary" and "Public." 
 
This is an example of _____. (D5.1, L5.1.1)

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 43/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  Secrecy

B)  Privacy

C)  Inverting

D)  Labeling

Hide question 70 feedback

Labeling is the practice of annotating assets with classification markings. D is the correct answer. A
is incorrect; "secrecy" is too broad a term in this context, and not accurate—the markings are
visible. B is incorrect; privacy is associated with information that identifies a specific person (or
specific people). C is incorrect; this term has no meaning in this context, and is used here only as a
distractor. 

Question 71 0 / 1 point

Log data should be kept ______. (D5.1, L5.1.2) 

A)  On the device that the log data was captured from

B)  In an underground bunker

C)  In airtight containers

D)  On a device other than where it was captured

Hide question 71 feedback

D is the correct answer. Log data can often be useful in diagnosing or investigating the device it was
captured from; it is therefore useful to store the data away from the device where it was harvested,
in case something happens to the source device. A is incorrect; if something happens to the source
machine, the log data may be affected if it is stored on the source. B is incorrect; log data may be

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 44/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

stored underground, aboveground, underwater, in the sky, or in orbit, as long as it is stored

securely. C is incorrect; airtight seals do not affect log data positively or negatively. 

Question 72 0 / 1 point

By far, the most crucial element of any security instruction program. (D5.4, L5.4.1) 

A)  Protect assets

B)  Preserve health and human safety

C)  Ensure availability of IT systems

D)  Preserve shareholder value

Hide question 72 feedback

B is correct: This is the paramount rule in all security efforts. A, C and D are incorrect; these are
goals of the security instruction program, but all are secondary to B. 

Question 73 1 / 1 point

When Pritha started working for Triffid, Inc., Pritha had to sign a policy that described how Pritha
would be allowed to use Triffid's IT equipment. What policy was this? (D5.3, L5.3.1) 

A)  The organizational security policy

B)  The acceptable use policy (AUP)

C)  The bring-your-own-device (BYOD) policy

D)  The workplace attire policy

Hide question 73 feedback

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 45/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

The AUP describes how users will be permitted to use the organization's IT assets. B is the correct
answer. A, C and D are incorrect; while these are all common policies, they do not serve the same
function as the AUP. 

Question 74 1 / 1 point

Triffid, Inc., wants to host streaming video files for the company's remote users, but wants to ensure
the data is protected while it's streaming. Which of the following methods are probably best for this
purpose? (D5.1, L5.1.3) 

A)  Symmetric encryption

B)  Hashing

C)  Asymmetric encryption

D)  VLANs

Hide question 74 feedback

A is the correct answer; symmetric encryption offers confidentiality of data with the least amount of
processing overhead, which makes it the preferred means of protecting streaming data. B is
incorrect; hashing would not provide confidentiality of the data. C is incorrect; asymmetric
encryption requires more processing overhead than symmetric encryption, and is therefore not
preferable for streaming purposes. D is incorrect; VLANs are useful for logical segmentation of
networks, but do not serve a purpose for streaming data to remote users. 

Question 75 1 / 1 point

If two people want to use asymmetric communication to conduct a confidential conversation, how
many keys do they need? (D5.1, L5.1.2) 

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 46/47
5/2/23, 11:18 PM - Official (ISC)² Certified in Cybersecurity (CC) Self-Paced Training - 1M - ISC2 - International Information System Security

A)  1

B)  4

C)  8

D)  11

Hide question 75 feedback

In asymmetric encryption, each party needs their own key pair (a public key and a private key) to
engage in confidential communication. B is the correct answer. A, C and D are incorrect; in
asymmetric encryption, each party needs their own key pair for confidential communication. 

Congratulations, you passed the quiz!

You've achieved an overall grade of 70% or higher and completed this activity.

Attempt Score: 74.67 %

Overall Grade (highest attempt): 74.67 %

Done

https://learn.isc2.org/d2l/le/enhancedSequenceViewer/9541?url=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fbabe4806-440f-4af0-91ac-9d7c60651b42.sequences.api.bright… 47/47