Free CC Exam Questions

ISC2 CC Free Exam Questions

Disclaimer

Please keep a note that the demo questions are not frequently updated. You may as well find them in open communities around the web. However, this demo is only to depict what sort of questions you may find in our original files.

Nonetheless, the premium exam dumps files are frequently updated and are based on the latest exam syllabus and real exam questions.

1 / 60

Which of the following is very likely to be used in a disaster recovery effort?

Data backups

Guard dogs

Contract personnel

Antimalware solutions

2 / 60

Which of these components is very likely to be instrumental to any disaster recovery (DR) effort?

Firewalls

Laptops

Backups

Routers

3 / 60

A set of security controls or system settings used to ensure uniformity of configuration through the IT environment.

Inventory

Policy

Baseline

Patches

4 / 60

You are working in your organization's security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success. After a brief investigation, you determine that the user's account has been compromised. This is an example of a.....

Policy

Disaster

Emergency

Event

5 / 60

An external entity has tried to gain access to your organization's IT environment without proper authorization. This Will be called ________

Malware

Intrusion

Exploit

Event

6 / 60

True or False? The IT department is responsible for creating the organization's business continuity plan.

True

False

7 / 60

Which of these activities is often associated with DR efforts?

Running anti-malware solutions

Scanning the IT environment for vulnerabilities

Employees returning to the primary production location

Zero-day exploits

8 / 60

Which of the following statements best describes the purpose of deception technology in cybersecurity?

It creates decoy systems and assets to detect, analyze, and mitigate cyber threats by deceiving attackers

It provides a virtual environment to safely execute and analyze potentially malicious code

It encrypts data to prevent unauthorized access

It monitors employee activities

9 / 60

A company wants to ensure that only employees with specific roles can access certain data. Which access control model should they implement?

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Attribute-Based Access Control (ABAC)

Role-Based Access Control (RBAC)

10 / 60

A company is concerned about data loss during a disaster. What type of backup strategy should they implement to minimize data loss?

Incremental backup every day

Differential backup every week

No backup needed

Full backup once a month

11 / 60

An organization is implementing a zero-trust security model. Which of the following statements accurately reflects a key principle of zero-trust architecture?

All network traffic is trusted by default

Only external threats are considered

Once authenticated, users have unrestricted access to resources

Continuous verification of user identity and device security posture is required

12 / 60

Which principle addresses the information security strategy by integrating people, technology, and operations to establish variable barriers across multiple layers and missions of the organization?

Separation of Duties

Privilege Function

Principle of Least Privilege

Defense in Depth

13 / 60

A common network device used to filter traffic?

Firewall

Server

Ethernet

Endpoint

14 / 60

What are the primary approaches ids take to analyse events to detect attacks?

Log detection and anomaly detection

Scan detection and anomaly detection

Misuse detection and anomaly detection

Misuse detection and early drop detection

15 / 60

Which of the following is the least secure communications protocol?

Ipsec

CHAP

PAP

EAP

16 / 60

David is worried about distributed denial of service attacks against his company’s primary web application. which of the following options will provide the MOST resilience against large-scale DDoS attacks?

Increase the number of servers in the web application server cluster

Contract for DDoS mitigation services via the company’s IPS

Increase the amount of bandwidth available from one or more ISPs

Implement a CDN

17 / 60

Which type of network is set up similar to the internet but is private to an organization? Select the MOST appropriate.

VLAN

Extranet

Intranet

VPN

18 / 60

Julia is listening to network traffic and capturing passwords as they are sent to the authentication server. She plans to use the passwords as part of a future attack. What type of attack is this?

Dictionary attack

Brute-force attack

Social engineering attack

Replay Attack

19 / 60

What is the purpose of non-repudiation in information security?

To prevent the sender or recipient of a message from denying having sent or received the message

To protect data from unauthorized access

To ensure data is always accessible when needed

To ensure data is accurate and unchanged

20 / 60

Which one of the following cryptographic algorithms does not depend upon the prime factorization problem?

PGP Pretty Good Privacy

RSA - Rivest-Shamir-Adleman

GPG- GNU Privacy Guard

ECC - Elliptic curve cryptosystem

21 / 60

Some Employees of his organization launched a privilege escalation attack to gain root access to one of the organization’s database servers. The employee does have an authorized user account on the server. What log file would be MOST likely to contain relevant information??

Database application log

Operating system log

Firewall log

IDS log

22 / 60

Which of the following best describes a zero-day vulnerability?

A vulnerability that has been identified and patched by software vendors

A vulnerability that can only be exploited by experienced hackers

A vulnerability that has not yet been discovered or publicly disclosed

A vulnerability that affects only legacy systems

23 / 60

What is the primary goal of a risk management process in cybersecurity?A) B) C) D)

To transfer all cybersecurity risks to a third-party

To identify, assess, and mitigate cybersecurity risks to an acceptable level

To eliminate all cybersecurity risks

To ignore cybersecurity risks and focus on incident response

24 / 60

What is the primary goal of implementing input validation in application security?

To prevent unauthorized access to the application

To ensure all inputs are stored in a secure database

To validate and sanitize user inputs to prevent code injection attacks

To encrypt sensitive data transmitted between the client and server

25 / 60

Which of the following is a common security measure to prevent Cross- Site Scripting (XSS) attacks in web applications?A) B) C) D)

Using a firewall to block incoming traffic

Implementing strong password policies

Validating and sanitizing user input

Encrypting data during transmission

26 / 60

Which of the following best describes the principle of least privilege?

Granting full access to administrators

Ensuring that users have access to all resources

Allowing temporary access to users for any tasks

Limiting user access to the minimum necessary to perform their job functions

27 / 60

What is the primary goal of implementing security policies in an organization?

To ensure legal compliance

To create a framework for security controls and procedures

To enforce strong passwords

To train employees in cybersecurity

28 / 60

Which security principle focuses on ensuring that data cannot be altered without authorization?

Integrity

Availability

Confidentiality

Authentication

29 / 60

Which of the following is an example of a physical security control?

Firewalls

Encryption

Security guards

Antivirus software

30 / 60

Which of the following best describes the concept of defense in depth?

Relying on user education for security

Implementing multiple layers of security controls

Using a single security measure to protect assets

Applying security only at the perimeter of the network

31 / 60

What is the main goal of business continuity planning?

To develop incident response procedures

To restore normal operations after a disaster

To identify potential threats to the organization

To ensure the continuous availability of critical business functions

32 / 60

Which phase of the disaster recovery plan involves the restoration of normal operations?

Recovery

Mitigation

Response

Business Impact Analysis (BIA)

33 / 60

What is the purpose of conducting a Business Impact Analysis (BIA)?

To develop security policies

To identify potential security threats

To assess the security posture of an organization

To determine the impact of disruptions on business operations

34 / 60

Which of the following is a primary component of an incident response plan?

Risk assessment

Communication procedures

Physical security measures

Security policy development

35 / 60

What is the main purpose of disaster recovery testing?

To train employees on security policies

To ensure compliance with regulations

To validate the effectiveness of the disaster recovery plan

To identify potential threats to the organization

36 / 60

Which access control model is based on the classification of information and clearance levels of users?

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

Attribute-Based Access Control (ABAC)

37 / 60

What is the primary purpose of the principle of separation of duties?

To ensure data availability

To enforce strong password policies

To reduce the risk of errors and fraud

To limit access to sensitive information

38 / 60

Which access control model permits data owners to decide who can access their resources?

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

Attribute-Based Access Control (ABAC)

39 / 60

What is an example of preventive access control?

Firewalls

Audit logs

Security training

Intrusion detection systems

40 / 60

Which of the following best describes the concept of least privilege?

Rotating user roles periodically

Allowing temporary access to resources

Providing users with minimal access rights

Implementing strong authentication mechanisms

41 / 60

What is the main advantage of using Single Sign-On (SSO)?

It provides a higher level of encryption for data

It requires multiple passwords for increased security

It ensures that users have minimal access rights

It simplifies user authentication by allowing access to multiple applications with one set of credentials

42 / 60

Which device is primarily used to filter and monitor network traffic, both incoming and outgoing, according to predefined security rules?

Hub

Switch

Firewall

Router

43 / 60

What is the primary function of a Virtual Private Network (VPN)?

To detect malware

To increase internet speed

To monitor network traffic

To provide secure remote access to a network

44 / 60

Which of the following is a common method for preventing DDoS attacks?

Employing network firewalls

Implementing strong passwords

Using intrusion detection systems (IDS)

Deploying rate limiting and traffic analysis

45 / 60

What type of attack involves intercepting and possibly modifying communication between two parties without their awareness?

Man-in-the-Middle (MitM)

Phishing

SQL Injection

Denial of Service (DoS)

46 / 60

What security measure is used to detect and prevent unauthorized access to a private network?

Web proxy

Antivirus software

Data Loss Prevention (DLP) software

Network Intrusion Detection System (NIDS)

47 / 60

What is the primary goal of security operations within an organization?

To develop security policies

To conduct security training for employees

To ensure compliance with legal requirements

To detect, respond to, and recover from security incidents

48 / 60

Which of the following is a key activity in security operations to maintain the integrity of systems?

Monitoring network traffic

Conducting security audits

Performing regular backups

Implementing access controls

49 / 60

What type of system is designed to automatically detect and respond to potential security threats?

Antivirus software

Public Key Infrastructure (PKI)

Data Loss Prevention (DLP) system

Security Information and Event Management (SIEM) system

50 / 60

Which of the following best describes a security incident?

A report of a phishing email

Any event that threatens the security of an information system

A successful breach of a network

An attempt to compromise system security

51 / 60

What is the purpose of a Security Operations Center (SOC)?

To develop security policies

To provide end-user technical support

To conduct security training for employees

To manage and monitor security threats and incidents

52 / 60

Which process involves identifying, assessing, and mitigating risks to an organization’s information systems?

Incident response

Risk management

Penetration testing

Vulnerability scanning

53 / 60

You are assisting your organization in implementing new firewall rules. What type of control are you implementing?

Physical

Technical

Administrative

Compensating

54 / 60

You become aware that one of your colleagues provided a CC candidate with the text of several questions that appeared on their certification exam. What canon of the ISC2 code of ethics was most directly violated?

Canon 1

Canon 2

Canon 3

Canon 4

55 / 60

Your organization recently experienced a disaster that activated their disaster recovery program. At what point is the effort considered concluded?

Upon activation of the DR site

Upon transfer of processing to the DR site

Upon the restoration of service at the primary site

Upon the end of the situation that caused the disruption

56 / 60

Your organization recently experienced a security incident where the attacker was able to take down your primary website. What cybersecurity principle does this attack most directly violate?

Integrity

Availability

Confidentiality

Non-repudiation

57 / 60

You are building a new file system where each department’s managers can control access to files stored on their portion of the server, granting it to anyone they choose. What access control model best describes this approach?

DAC

MAC

ABAC

RBAC

58 / 60

Which one of the following is NOT a standard part of the crime prevention through environmental design (CP TED) philosophy?

Natural surveillance

Natural access control

Natural spatial modification

Natural territorial reinforcement

59 / 60

You are setting up a new wireless network and would like to configure it to require that people accept terms and conditions before using the network. The network will be used by many thousands of guests each day. What access control mechanism would be most efficient?

Captive portal

Open network

Preshared key

Enterprise authentication

60 / 60

You are installing a public-facing web server for your organization. What network zone would be the most appropriate for this device?

DMZ

Intranet

Internet

Air gapped network

Your score is

The average score is 68%

By Wordpress Quiz plugin

Free CC Exam Questions

Disclaimer

[email protected]

Helpful links

top Vendors

Contact Us

[email protected]

FLASH OFFER

avail $6 DISCOUNT on YOUR PURCHASE