Cyber Security

Question 1

For which of the following assets is integrity probably the most important security aspect?

A. “One frame of a streaming video”
B. “The file that contains passwords used to authenticate users”
C. “The color scheme of a marketing website”
D. “Software that checks the spelling of product descriptions for a retail website”

Answer 1

“The file that contains passwords used to authenticate users” (B)

Question 2

Glen is an ISC2 member. Glen receives an email from a company offering a set of answers for an ISC2 certification exam. What should Glen do?

A. “Nothing”
B. “Inform ISC2”
C. “Inform law enforcement”
D. “Inform Glen’s employer”

Answer 2

“Inform ISC2” (B)

Question 3

In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset.

A. “Fear”
B. “Threat”
C. “Control”
D. “Asset”

Answer 3

“Threat” (B)

Question 4

Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don’t collide with pedestrians. What is probably the most effective type of control for this task?

A. “Administrative”
B. “Technical”
C. “Physical”
D. “Nuanced”

Answer 4

“Physical” ｩ

Question 5

The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.) are at all times, so the city has GPS transmitters installed in all the vehicles. What kind of control is this?

A. “Administrative”
B. “Entrenched”
C. “Physical”
D. “Technical”

Answer 5

“Technical” (D)

Question 6

Zarma is an ISC2 member and a security analyst for Triffid Corporation. One of Zarma’s colleagues is interested in getting an ISC2 certification and asks Zarma what the test questions are like. What should Zarma do?

A. “Inform ISC2”
B. “Explain the style and format of the questions, but no detail”
C. “Inform the colleague’s supervisor”
D. “Nothing”

Answer 6

“Explain the style and format of the questions, but no detail” (B)

Question 7

Which of the following probably poses the most risk?

A. “A high-likelihood, high-impact event”
B. “A high-likelihood, low-impact event”
C. “A low-likelihood, high-impact event”
D. “A low-likelihood, low-impact event”

Answer 7

“A high-likelihood, high-impact event” (A)

Question 8

Tina is an ISC2 member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do?

A. “Nothing”
B. “Stop participating in the group”
C. “Report the group to law enforcement”
D. “Report the group to ISC2”

Answer 8

“Stop participating in the group” (B)

Question 9

ISC2 publishes a Common Body of Knowledge (CBK) that IT security practitioners should be familiar with; this is recognized throughout the industry as a set of material that is useful for practitioners to refer to. Certifications can be issued for demonstrating expertise in this Common Body of Knowledge. What kind of document is the Common Body of Knowledge?

A. “Policy”
B. “Procedure”
C. “Standard”
D. “Law”

Answer 9

“Standard” (C)

Question 10

Siobhan is an ISC2 member who works for Triffid Corporation. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do?

A. “Inform ISC2”
B. “Pay the parking ticket”
C. “Inform supervisors at Triffid”
D. “Resign employment from Triffid”

Answer 10

“Pay the parking ticket” (B)

Question 11

Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess a particular risk, and he suggests that the best way to counter this risk would be to purchase and implement a particular security solution. This is an example of _______.

A. “Acceptance”
B. “Avoidance”
C. “Mitigation”
D. “Transference”

Answer 11

“Mitigation” (C)

Question 12

The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this?

A. “Policy”
B. “Procedure”
C. “Standard”
D. “Law”

Answer 12

“Law” (D)

Question 13

A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing _________.

A. “Non-repudiation”
B. “Multifactor authentication”
C. “Biometrics”
D. “Privacy”

Answer 13

“Non-repudiation” (A)

Question 14

Aphrodite is a member of ISC2 and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do?

A. “Inform ISC2”
B. “Inform law enforcement”
C. “Inform Triffid management”
D. “Nothing”

Answer 14

“Inform Triffid management” (C)

Question 15

Druna is a security practitioner tasked with ensuring that laptops are not stolen from the organization’s offices. Which sort of security control would probably be best for this purpose?

A. “Technical”
B. “Obverse”
C. “Physical”
D. “Administrative”

Answer 15

“Physical” (C)

Question 16

Olaf is a member of ISC2 and a security analyst for Triffid Corporation. During an audit, Olaf is asked whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not adhering to that standard in that particular situation, but that saying this to the auditors will reflect poorly on Triffid. What should Olaf do?

A. “Tell the auditors the truth”
B. “Ask supervisors for guidance”
C. “Ask ISC2 for guidance”
D. “Lie to the auditors”

Answer 16

“Tell the auditors the truth” (A)

Question 17

A bollard is a post set securely in the ground to prevent a vehicle from entering an area or driving past a certain point. Bollards are an example of ______ controls.

A. “Physical”
B. “Administrative”
C. “Drastic”
D. “Technical”

Answer 17

“Physical” (A)

Question 18

Within the organization, who can identify risk?

A. “The security manager”
B. “Any security team member”
C. “Senior management”
D. “Anyone”

Answer 18

“Anyone” (D)

Question 19

The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States. The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers’ personal data. This set of rules is a ____.

A. “Law”
B. “Policy”
C. “Standard”
D. “Procedure”

Answer 19

“Standard” ｩ

Question 20

The Triffid Corporation publishes a strategic overview of the company’s intent to secure all the data the company possesses. This document is signed by Triffid senior management. What kind of document is this?

A. “Policy”
B. “Procedure”
C. “Standard”
D. “Law”

Answer 20

“Policy” (A)

Question 21

What is the goal of Business Continuity efforts?

A. “Save money”
B. “Impress customers”
C. “Ensure all IT systems continue to operate”
D. “Keep critical business functions operational”

Answer 21

“Keep critical business functions operational” (D)

Question 22

What is the overall objective of a disaster recovery (DR) effort?

A. “Save money”
B. “Return to normal, full operations”
C. “Preserve critical business functions during a disaster”
D. “Enhance public perception of the organization”

Answer 22

“Return to normal, full operations” (B)

Question 23

What is the risk associated with delaying resumption of full normal operations after a disaster?

A. “People might be put in danger”
B. “The impact of running alternate operations for extended periods”
C. “A new disaster might emerge”
D. “Competition”

Answer 23

“The impact of running alternate operations for extended periods” (B)

Question 24

What is the goal of an incident response effort?

A. “No incidents ever happen”
B. “Reduce the impact of incidents on operations”
C. “Punish wrongdoers”
D. “Save money”

Answer 24

“Reduce the impact of incidents on operations” (B)

Question 25

When should a business continuity plan (BCP) be activated?

A. “As soon as possible”
B. “At the very beginning of a disaster”
C. “When senior management authorizes”
D. “When instructed to do so by regulators”

Answer 25

“When senior management authorizes” (C)

Question 26

Which of the following are not typically involved in incident detection?

A. “Users”
B. “Security analysts”
C. “Automated tools”
D. “Regulators”

Answer 26

“Regulators” (D)

Question 27

Suvid works at Triffid, Inc. When Suvid attempts to log in to the production environment, a message appears stating that Suvid has to reset the password. What may have occurred to cause this?

A. “Suvid broke the law”
B. “Suvid’s password has expired”
C. “Suvid made the manager angry”
D. “Someone hacked Suvid’s machine”

Answer 27

“Suvid’s password has expired” (B)

Question 28

Which of the following would be considered a logical access control?

A. “An iris reader that allows an employee to enter a controlled area”
B. “A fingerprint reader that allows an employee to enter a controlled area”
C. “A fingerprint reader that allows an employee to access a laptop computer”
D. “A chain attached to a laptop computer that connects it to furniture so it cannot be taken”

Answer 28

“A fingerprint reader that allows an employee to access a laptop computer” ｩ

Question 29

In this situation, what is the ACL?

A. “The subject”
B. “The object”
C. “The rule”
D. “The firmware”

Answer 29

“The rule” ｩ

Question 30

Which of the following is probably most useful at the perimeter of a property?

A. “A safe”
B. “A fence”
C. “A data center”
D. “A centralized log storage facility”

Answer 30

“A fence” (B)

Question 31

All visitors to a secure facility should be _______.

A. “Fingerprinted”
B. “Photographed”
C. “Escorted”
D. “Required to wear protective equipment

Answer 31

“Escorted” ｩ

Question 32

Which of these is an example of a physical access control mechanism?

A. “Software-based firewall at the perimeter of the network”
B. “A lock on a door”
C. “Network switches that filter according to MAC addresses”
D. “A process that requires two people to act at the same time to perform a function”

Answer 32

“A lock on a door” (B)

Question 33

Which of the following will have the most impact on determining the duration of log retention?

A. “Personal preference”
B. “Applicable laws”
C. “Industry standards”
D. “Type of storage media”

Answer 33

“Applicable laws” (B)

Question 34

A human guard monitoring a hidden camera could be considered a ______ control.

A. “Detective”
B. “Preventive”
C. “Deterrent”
D. “Logical”

Answer 34

“Detective” (A)

Question 35

Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a “classification.” Every person in the agency is assigned a “clearance” level, which determines the classification of data each person can access. What is the access control model being implemented in Tekila’s agency?

A. “MAC (mandatory access control)”
B. “DAC (discretionary access control)”
C. “RBAC (role-based access control)”
D. “FAC (formal access control)”

Answer 35

“MAC (mandatory access control)” (A)

Question 36

Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the database?

A. “The subject”
B. “The object”
C. “The rule”
D. “The site”

Answer 36

“The object” (A)

Question 37

Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of the following except:

A. “Sign-in sheet/tracking log”
B. “Fence”
C. “Badges that differ from employee badges”
D. “Receptionist”

Answer 37

“Fence” (B)

Question 38

Which of the following is a biometric access control mechanism?

A. “A badge reader”
B. “A copper key”
C. “A fence with razor tape on it”
D. “A door locked by a voiceprint identifier”

Answer 38

“A door locked by a voiceprint identifier” (D)

Question 39

Guillermo logs onto a system and opens a document file. In this example, Guillermo is:

A. “The subject”
B. “The object”
C. “The process”
D. “The software”

Answer 39

“The subject” (A)

Question 40

Which of the following roles does not typically require privileged account access?

A. “Security administrator”
B. “Data entry professional”
C. “System administrator”
D. “Help Desk technician”

Answer 40

“Data entry professional” (B)

Question 41

Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why?

A. “Gary is being punished”
B. “The network is tired”
C. “Users remember their credentials if they are given time to think about it”
D. “Gary’s actions look like an attack”

Answer 41

“Gary’s actions look like an attack” (D)

Question 42

Prina is a database manager. Prina is allowed to add new users to the database, remove current users and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself. This is an example of:

A. “Role-based access controls (RBAC)”
B. “Mandatory access controls (MAC)”
C. “Discretionary access controls (DAC)”
D. “Alleviating threat access controls (ATAC)”

Answer 42

“Role-based access controls (RBAC)” (A)

Question 43

What is the common term for systems that ensure proper temperature and humidity in the data center?

A. “RBAC”
B. “HVAC”
C. “MAC”

Answer 43

“HVAC” (B) “heating, ventilation and air conditioning”

Question 44

A tool that filters inbound traffic to reduce potential threats.

A. “NIDS (network-based intrusion-detection systems)”
B. “Anti-malware”
C. “DLP (data loss prevention)”
D. “Firewall”

Answer 44

“Firewall” (D)

Question 45

Which of the following is one of the common ways potential attacks are often identified?

A. “The attackers contact the target prior to the attack, in order to threaten and frighten the target”
B. “Victims notice excessive heat coming from their systems”
C. “The power utility company warns customers that the grid will be down and the internet won’t be accessible”
D. “Users report unusual systems activity/response to Help Desk or the security office”

Answer 45

“Users report unusual systems activity/response to Help Desk or the security office” (D)

Question 46

A device that is commonly useful to have on the perimeter between two networks.

A. “User laptop”
B. “IoT”
C. “Camera”
D. “Firewall”

Answer 46

“Firewall” (D)

Question 47

An IoT (Internet of Things) device is typified by its effect on or use of the _____ environment.

A. “Philosophical”
B. “Remote”
C. “Internal”
D. “Physical”

Answer 47

“Physical” (D)

Question 48

Which common cloud service model only offers the customer access to a given application?

A. “Lunch as a service (LaaS)”
B. “Infrastructure as a service (IaaS)”
C. “Platform as a service (PaaS)”
D. “Software as a service (SaaS)”

Answer 48

“Software as a service (SaaS)” (D)

Question 49

Which of the following would be best placed in the DMZ of an IT environment?

A. “User’s workplace laptop”
B. “Mail server”
C. “Database engine”
D. “SIEM log storage”

Answer 49

“Mail server” (B)

Question 50

Bert wants to add a flashlight capability to a smartphone. What kind of app is this?

A. “DDOS”
B. “Trojan”
C. “Side channel”
D. “On-path”

Answer 50

“Trojan” (B)

Question 51

A tool that monitors local devices to reduce potential threats from hostile software.

A. “NIDS (network-based intrusion-detection systems)”
B. “Anti-malware”
C. “DLP (data loss prevention)”
D. “Firewall”

Answer 51

“Anti-malware” (B)

Question 52

A VLAN is a _____ method of segmenting networks.

A. “Secret”
B. “Physical”
C. “Regulated”
D. “Logical”

Answer 52

“Logical” (D)

Question 53

Which of the following activities is usually part of the configuration management process, but is also extremely helpful in countering potential attacks?

A. “Annual budgeting”
B. “Conferences with senior leadership”
C. “Updating and patching systems”
D. “The annual shareholders’ meeting”

Answer 53

“Updating and patching systems” ｩ

Question 54

To adequately ensure availability for a data center, it is best to plan for both resilience and _______ of the elements in the facility.

A. “Uniqueness”
B. “Destruction”
C. “Redundancy”
D. “Hue”

Answer 54

“Redundancy” (C)

Question 55

A tool that aggregates log data from multiple sources, and typically analyzes it and reports potential threats.

A. “HIDS”
B. “Anti-malware”
C. “Router”
D. “SIEM”

Answer 55

“SIEM” (D)

Question 56

“Wiring _____” is a common term meaning “a place where wires/conduits are often run, and equipment can be placed, in order to facilitate the use of local networks.”

A. “Shelf”
B. “Closet”
C. “Bracket”
D. “House”

Answer 56

“Closet” (B)

Question 57

Cyril wants to ensure all the devices on his company’s internal IT environment are properly synchronized. Which of the following protocols would aid in this effort?

A. “FTP (File Transfer Protocol)”
B. “NTP (Network Time Protocol)”
C. “SMTP (Simple Mail Transfer Protocol)”
D. “HTTP (Hypertext Transfer Protocol)”

Answer 57

“NTP (Network Time Protocol)” (B)

Question 58

Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an additional task necessary to ensure this control will function properly?

A. “Pay all employees a bonus for allowing anti-malware solutions to be run on their systems”
B. “Update the anti-malware solution regularly”
C. “Install a monitoring solution to check the anti-malware solution”
D. “Alert the public that this protective measure has been taken”

Answer 58

“Update the anti-malware solution regularly” (B)

Question 59

The concept that the deployment of multiple types of controls provides better security than using a single type of control.

A. “VPN”
B. “Least privilege”
C. “Internet”
D. “Defense in depth”

Answer 59

“Defense in depth” (D)

Question 60

Ludwig is a security analyst at Triffid, Inc. Which of the following might be the attack Ludwig sees?

A. “DDOS (distributed denial of service)”
B. “Spoofing”
C. “Exfiltrating stolen data”
D. “An insider sabotaging the power supply”

Answer 60

“DDOS (distributed denial of service)” (A)

Question 61

Data retention periods apply to ____ data.

A. “Medical”
B. “Sensitive”
C. “All”
D. “Secret”

Answer 61

“All” ｩ

Question 62

Security needs to be provided to ____ data.

A. “Restricted”
B. “Illegal”
C. “Private”
D. “All”

Answer 62

“All” (D)

Question 63

Archiving is typically done when _________.

A. “Data is ready to be destroyed”
B. “Data has lost all value”
C. “Data is not needed for regular work purposes”
D. “Data has become illegal”

Answer 63

“Data is not needed for regular work purposes” ｩ

Question 64

Which of these is the most important reason to conduct security instruction for all employees.

A. “Reduce liability”
B. “Provide due diligence”
C. “It is a moral imperative”
D. “An informed user is a more secure user”

Answer 64

“An informed user is a more secure user” (D)

Question 65

If two people want to use symmetric encryption to conduct a confidential conversation, how many keys do they need?

A. “1”
B. “3”
C. “8”
D. “None”

Answer 65

“1” (A)

Question 66

Which of the following is probably the main purpose of configuration management?

A. “Keeping out intruders”
B. “Ensuring the organization adheres to privacy laws”
C. “Keeping secret material protected”
D. “Ensuring only authorized modifications are made to the IT environment”

Answer 66

“Ensuring only authorized modifications are made to the IT environment” (D)

Question 67

The output of any given hashing algorithm is always _____.

A. “The same length”
B. “The same characters”
C. “The same language”
D. “Different for the same inputs”

Answer 67

“The same length” (A)

Question 68

Log data should be kept ______.

A. “On the device that the log data was captured from”
B. “In an underground bunker”
C. “In airtight containers”
D. “On a device other than where it was captured”

Answer 68

“On a device other than where it was captured” (D)

Question 69

Proper alignment of security policy and business goals within the organization is important because:

A. “Security should always be as strict as possible”
B. “Security policy that conflicts with business goals can inhibit productivity”
C. “Bad security policy can be illegal”
D. “Security is more important than business”

Answer 69

“Security policy that conflicts with business goals can inhibit productivity” (B)

Question 70

If two people want to use asymmetric communication to conduct a confidential conversation, how many keys do they need?

A. “1”
B. “4”
C. “8”
D. “11”

Answer 70

“4” (B)

Question 71

Triffid, Inc., wants to host streaming video files for the company’s remote users. Which of the following methods are probably best for this purpose?

A. “Symmetric encryption”
B. “Hashing”
C. “Asymmetric encryption”
D. “VLANs”

Answer 71

“Symmetric encryption” (A)

Question 72

Bluga works for Triffid, Inc. What type of encryption should Bluga use?

A. “Symmetric encryption”
B. “Asymmetric encryption”
C. “Small-scale encryption”
D. “Hashing”

Answer 72

“Asymmetric encryption” (B)

Question 73

“Every document owned by Triffid, Inc., whether hardcopy or electronic, has a clear, 24-point word at the top and bottom. Only three words can be used: ‘Sensitive,’ ‘Proprietary’ and ‘Public.’” This is an example of _____.

A. “Secrecy”
B. “Privacy”
C. “Inverting”
D. “Labeling”

Answer 73

“Labeling” (D)

Question 74

A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff. This is an example of a:

A. “Management/Administrative control”
B. “Technical control”
C. “Physical control”
D. “Cloud control”

Answer 74

“Management/Administrative control” (A)

Question 75

Is it possible to avoid risk?

A. “Yes”
B. “No”
C. “Sometimes”
D. “Never”

Answer 75

“Yes” (A)

Question 76

What is meant by non-repudiation?

A. “If a user does something, they can’t later claim that they didn’t do it.”
B. “Controls to protect the organization’s reputation from harm due to inappropriate social media postings by employees, even if on their private accounts and personal time.”
C. “It is part of the rules set by administrative controls.”
D. “It is a security feature that prevents session replay attacks.”

Answer 76

“If a user does something, they can’t later claim that they didn’t do it.” (A)

Question 77

Which of the following is NOT one of the four typical ways of managing risk?

A. “Avoid”
B. “Accept”
C. “Mitigate”
D. “Conflate”

Answer 77

“Conflate” (D)

Question 78

Siobhan is deciding whether to make a purchase online; the vendor wants Siobhan to create a new user account, and is requesting Siobhan’s full name, home address, credit card number, phone number, email address, the ability to send marketing messages to Siobhan, and permission to share this data with other vendors. Siobhan decides that the item for sale is not worth the value of Siobhan’s personal information, and decides to not make the purchase. What kind of risk management approach did Siobhan make?

A. “Avoidance”
B. “Acceptance”
C. “Mitigation”
D. “Transfer”

Answer 78

“Avoidance” (A)

Question 79

Guillermo is the system administrator for a midsized retail organization. Guillermo has been tasked with writing a document that describes, step-by-step, how to securely install the operating system on a new laptop. This document is an example of a ________.

A. “Policy”
B. “Standard”
C. “Procedure”
D. “Guideline”

Answer 79

“Procedure” (C)

Question 80

Lankesh is the security administrator for a small food-distribution company. A new law is published by the country in which Lankesh’s company operates; the law conflicts with the company’s policies. Which governance element should Lankesh’s company follow?

A. “The Law”
B. “The Policy”
C. “Any procedures the company has created for the particular activities affected by the law”
D. “Lankesh should be allowed to use personal and professional judgment to make the determination of how to proceed”

Answer 80

“The Law” (A)

Question 81

Kristal is the security administrator for a large online service provider. Kristal learns that the company is harvesting personal data of its customers and sharing the data with local governments where the company operates, without the knowledge of the users, to allow the governments to persecute users on the basis of their political and philosophical beliefs. The published user agreement states that the company will not share personal user data with any entities without the users’ explicit permission. According to the ISC2 Code of Ethics, to whom does Kristal ultimately owe a duty in this situation?

A. “The governments of the countries where the company operates”
B. “The company Kristal works for”
C. “The users”
D. “ISC2”

Answer 81

“The users” ｩ

Question 82

While taking the certification exam for this certification, you notice another candidate for the certification cheating. What should you do?

A. “Nothing容ach person is responsible for their own actions.”
B. “Yell at the other candidate for violating test security.”
C. “Report the candidate to ISC2.”
D. “Call local law enforcement.”

Answer 82

“Report the candidate to ISC2.” (C)

Question 83

The concept of “secrecy” is most related to which foundational aspect of security?

A. “Confidentiality”
B. “Integrity”
C. “Availability”
D. “Plausibility”

Answer 83

“Confidentiality” (A)

Question 84

You are working in your organization’s security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success. This is an example of a(n)_______.

A. “Emergency”
B. “Event”
C. “Policy”
D. “Disaster”

Answer 84

“Event” (B)

Question 85

You are working in your organization’s security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success. After a brief investigation, you determine that the user’s account has been compromised. This is an example of a(n)_______.

A. “Risk management”
B. “Incident Detection”
C. “Malware”
D. “Disaster”

Answer 85

“Incident Detection” (B)

Question 86

An external entity has tried to gain access to your organization’s IT environment without proper authorization. This is an example of a(n) _________.

A. “Exploit”
B. “Intrusion”
C. “Event”
D. “Malware”

Answer 86

“Intrusion” (B)

Question 87

When responding to a security incident, your team determines that the vulnerability that was exploited was not widely known to the security community, and that there are no currently known definitions/listings in common vulnerability databases or collections. This vulnerability and exploit might be called ______.

A. “Malware”
B. “Critical”
C. “Fractal”
D. “Zero-day”

Answer 87

“Zero-day” (D)

Question 88

True or False? The IT department is responsible for creating the organization’s business continuity plan.

A. “True”
B. “False”

Answer 88

“False” (B)

Question 89

The Business Continuity effort for an organization is a way to ensure critical ______ functions are maintained during a disaster, emergency, or interruption to the production environment.

A. “Business”
B. “Technical”
C. “IT”
D. “Financial”

Answer 89

“Business” (A)

Question 90

Which of the following is very likely to be used in a disaster recovery (DR) effort?

A. “Guard dogs”
B. “Data backups”
C. “Contract Personnel”
D. “Anti-malware solutions”

Answer 90

“Data backups” (B)

Question 91

Which of the following is often associated with DR planning?

A. “Checklists”
B. “Firewalls”
C. “Motion Detectors”
D. “Non-Repudiation”

Answer 91

“Checklists” (A)

Question 92

Which of these activities is often associated with DR efforts?

A. “Employees returning to the primary production location”
B. “Running anti-malware solutions”
C. “Scanning the IT environment for vulnerabilities”
D. “Zero-day Exploits”

Answer 92

“Employees returning to the primary production location” (A)

Question 93

Which of these components is very likely to be instrumental to any disaster recovery (DR) effort?

A. “Routers”
B. “Laptops”
C. “Firewall”
D. “Backup”

Answer 93

“Backup” (D)

Question 94

Which of the following is a subject?

A. “File”
B. “Fence”
C. “Filename”
D. “User”

Answer 94

“User” (D)

Question 95

Lia works in the security office. During research, Lia learns that a configuration change could better protect the organization’s IT environment. Lia makes a proposal for this change, but the change cannot be implemented until it is approved, tested, and then cleared for deployment by the Change Control Board. This is an example of __________.

A. “Defense in depth”
B. “Holistic security”
C. “Threat intelligence”
D. “Segregation of duties”

Answer 95

“Segregation of duties” (D)

Question 96

Duncan and Mira both work in the data center at Triffid, Inc. There is a policy in place that requires both of them to be present in the data center at the same time; if one of them has to leave for any reason, the other has to step out, too, until they can both re-enter. This is called ________.

A. “Blockage”
B. “Multifactor authentication”
C. “Two-person integrity”
D. “Defense in depth”

Answer 96

“Two-person integrity” ｩ

Question 97

Clyde is the security analyst tasked with finding an appropriate physical control to reduce the possibility that unbadged people will follow badged employees through the entrance of the organization’s facility. Which of the following can address this risk?

A. “Fences”
B. “Dogs”
C. “Bollards”
D. “Turnstiles”

Answer 97

“Turnstiles” (D)

Question 98

Sinka is considering a physical deterrent control to dissuade unauthorized people from entering the organization’s property. Which of the following would serve this purpose?

A. “A wall”
B. “Razor tape”
C. “A sign”
D. “A hidden camera”

Answer 98

“Razor tape” (B)

Question 99

Which of these combinations of physical security controls share a single point of failure?

A. “Guards and fences”
B. “Badge readers and walls”
C. “Dogs and bollards”
D. “High-illumination lighting and cameras”

Answer 99

“High-illumination lighting and cameras” (D)

Question 100

Lakshmi presents a userid and a password to a system in order to log on. Which of the following characteristics must the userid have?

A. “Confidential”
B. “Complex”
C. “Unique”
D. “Long”

Answer 100

“Unique” ｩ

Question 101

Lakshmi presents a userid and a password to a system in order to log on. Which of the following characteristics must the password have?

A. “Confidential”
B. “Unique”
C. “Mathematical”
D. “Shared”

Answer 101

“Confidential” (A)

Question 102

Derrick logs on to a system in order to read a file. In this example, Derrick is the ______.

A. “Subject”
B. “Object”
C. “Process”
D. “Predicate”

Answer 102

“Subject” (A)

Question 103

Which is a physical control that prevents “piggybacking” or “tailgating”; that is, an unauthorized person following an authorized person into a controlled area?

A. “Bollard”
B. “Turnstile”
C. “Fence”
D. “Wall”

Answer 103

“Turnstile” (B)

Question 104

Common network device used to connect networks.

A. “Server”
B. “Endpoint”
C. “Router”
D. “Switch”

Answer 104

“Router” ｩ

Question 105

A common network device used to filter traffic.

A. “Server”
B. “Endpoint”
C. “Ethernet”
D. “Firewall”

Answer 105

“Firewall” (D)

Question 106

“Endpoint <——>?Web?server?? Which port number is associated with the protocol typically used in this connection?”

A. “21”
B. “53”
C. “80”
D. “161”

Answer 106

“80” ｩ

Question 107

An attack against the availability of a network/system; typically uses many attacking machines to direct traffic against a given target.

A. “Worm”
B. “Virus”
C. “Stealth”
D. “DDOS”

Answer 107

“DDOS” (D)

Question 108

A security solution installed on an endpoint?in order to?detect potentially anomalous activity.

A. “Router”
B. “Host-based intrusion prevention system”
C. “Switch”
D. “Security incident and event management system (SIEM)”

Answer 108

“Host-based intrusion prevention system” (B)

Question 109

A security solution that detects, identifies and often quarantines potentially hostile software.

A. “Firewall”
B. “Guard”
C. “Camera”
D. “Anti-malware”

Answer 109

“Anti-malware” (D)

Question 110

The common term used to describe the mechanisms that control the temperature and humidity in a data center.

A. “VLAN (virtual local area network)”
B. “HVAC (heating, ventilation and air conditioning)”
C. “STAT (system temperature and timing)”
D. “TAWC (temperature and water control)”

Answer 110

“HVAC (heating, ventilation and air conditioning)” (B)

Question 111

A cloud arrangement whereby the provider owns and manages the hardware, operating system, and applications in the cloud, and the customer owns the data.

A. “Infrastructure as a service (IaaS)”
B. “Morphing as a service (MaaS)”
C. “Platform as a service (PaaS)”
D. “Software as a service (SaaS)”

Answer 111

“Platform as a service (PaaS)” (D)

Question 112

A portion of the organization’s network that interfaces directly with the outside world; typically, this exposed area has more security controls and restrictions than the rest of the internal IT environment.

A. “National Institute of Standards and Technology (NIST)”
B. “Demilitarized zone (DMZ)”
C. “Virtual private network (VPN)”
D. “Virtual local area network (VLAN)”

Answer 112

“Demilitarized zone (DMZ)” (B)

Question 113

Which of the following tools can be used to grant remote users access to the internal IT environment?

A. “VLAN (virtual local area network)”
B. “VPN (virtual private network)”
C. “DDOS (distributed denial-of-service)”
D. “MAC (media access control)”

Answer 113

“VPN (virtual private network)” (B)

Question 114

Which of the following can be used to map data flows through an organization and the relevant security controls used at each point along the way?

A. “Encryption”
B. “Hashing”
C. “Hard copy”
D. “Data life cycle”

Answer 114

D. “Data life cycle”

Question 115

Why is an asset inventory so important?

A. “It tells you what to encrypt”
B. “You can’t protect what you don’t know you have”
C. “The law requires it”
D. “It contains a price list”

Answer 115

B. “You can’t protect what you don’t know you have”

Question 116

Who is responsible for publishing and signing the organization’s policies?

A. “The security office”
B. “Human Resources”
C. “Senior management”
D. “The legal department”

Answer 116

C. “Senior management”

Question 117

Which of the following is always true about logging?

A. “Logs should be very detailed”
B. “Logs should be in English”
C. “Logs should be concise”
D. “Logs should be stored separately from the systems they’re logging”

Answer 117

D. “Logs should be stored separately from the systems they’re logging”

Question 118

A mode of encryption for ensuring confidentiality efficiently, with a minimum amount of processing overhead

A. “Asymmetric”
B. “Symmetric”
C. “Hashing”
D. “Covert”

Answer 118

B. “Symmetric”

Question 119

A ready visual cue to let anyone in contact with the data know what the classification is.

A. “Encryption”
B. “Label”
C. “Graphics”
D. “Photos”

Answer 119

B. “Label”

Question 120

A set of security controls or system settings used to ensure uniformity of configuration throughout the IT environment.

A. “Patches”
B. “Inventory”
C. “Baseline”
D. “Policy”

Answer 120

C. “Baseline”

Question 121

What is the most important aspect of security awareness/training?

A. “Protecting assets”
B. “Maximizing business capabilities”
C. “Ensuring the confidentiality of data”
D. “Protecting health and human safety”

Answer 121

A. “Protecting assets”

Question 122

Which entity is most likely to be tasked with monitoring and enforcing security policy?

A. “The Human Resources office”
B. “The legal department”
C. “Regulators”
D. “The security office”

Answer 122

D. “The security office”

Question 123

Which organizational policy is most likely to indicate which types of smartphones can be used to connect to the internal IT environment?

A. “The CM policy (change management)”
B. “The password policy”
C. “The AUP (acceptable use policy)”
D. “The BYOD policy (bring your own device)”

Answer 123

D. “The BYOD policy (bring your own device)”

Question 124

Preenka works at an airport. There are red lines painted on the ground next to the runway; Preenka has been instructed that nobody can step or drive across a red line unless they request, and get specific permission from, the control tower. This is an example of a(n)______ control.

A. “Physical”
B. “Administrative”
C. “Critical”
D. “Technical”

Answer 124

B. “Administrative”

Question 125

Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of ___________.

A. “Risk tolerance”
B. “Risk inversion”
C. “Threat”
D. “Vulnerability”

Answer 125

A. “Risk tolerance”

Question 126

Hoshi is an ISC2 member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi’s cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do?

A. “Recommend a different vendor/product”
B. “Recommend the cousin’s product”
C. “Hoshi should ask to be recused from the task”
D. “Disclose the relationship, but recommend the vendor/product”

Answer 126

D. “Disclose the relationship, but recommend the vendor/product”

Question 127

Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits. The municipal code is a ______, and the Triffid checklist is a ________.

A. “Law, procedure”
B. “Standard, law”
C. “Law, standard”
D. “Policy, law”

Answer 127

A. “Law, procedure”

Question 128

A vendor sells a particular operating system (OS). In order to deploy the OS securely on different platforms, the vendor publishes several sets of instructions on how to install it, depending on which platform the customer is using. This is an example of a ________.

A. “Law”
B. “Procedure”
C. “Standard”
D. “Policy”

Answer 128

B. “Procedure”

Question 129

In risk management concepts, a(n) _________ is something a security practitioner might need to protect.

A. “Vulnerability”
B. “Asset”
C. “Threat”
D. “Likelihood”

Answer 129

B. “Asset”

Question 130

Chad is a security practitioner tasked with ensuring that the information on the organization’s public website is not changed by anyone outside the organization. This task is an example of ensuring _________.

A. “Confidentiality”
B. “Integrity”
C. “Availability”
D. “Confirmation”

Answer 130

B. “Integrity”

Question 131

Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the documents into a safe at the end of the workday, where they are locked up until the following workday. What kind of control is the process of putting the documents into the safe?

A. “Administrative”
B. “Tangential”
C. “Physical”
D. “Technical”

Answer 131

A. “Administrative”

Question 132

All of the following are important ways to practice an organization disaster recovery (DR) effort; which one is the most important?

A. “Practice restoring data from backups”
B. “Facility evacuation drills”
C. “Desktop/tabletop testing of the plan”
D. “Running the alternate operating site to determine if it could handle critical functions in times of emergency”

Answer 132

B. “Facility evacuation drills”

Question 133

What is the risk associated with resuming full normal operations too soon after a DR effort?

A. “The danger posed by the disaster might still be present”
B. “Investors might be upset”
C. “Regulators might disapprove”
D. “The organization could save money”

Answer 133

A. “The danger posed by the disaster might still be present”

Question 134

Which of the following is likely to be included in the business continuity plan?

A. “Alternate work areas for personnel affected by a natural disaster”
B. “The organization’s strategic security approach”
C. “Last year’s budget information”
D. “Log data from all systems”

Answer 134

A. “Alternate work areas for personnel affected by a natural disaster”

Question 135

What is the most important goal of a business continuity effort?

A. “Ensure all IT systems function during a potential interruption”
B. “Ensure all business activities are preserved during a potential disaster”
C. “Ensure the organization survives a disaster”
D. “Preserve health and human safety”

Answer 135

D. “Preserve health and human safety”

Question 136

Network traffic originating from outside the organization might be admitted to the internal IT environment or blocked at the perimeter by a ________.

A. “Turnstile”
B. “Fence”
C. “Vacuum”
D. “Firewall”

Answer 136

D. “Firewall”

Question 137

Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is Prachi?

A. “The subject”
B. “The rule”
C. “The file”
D. “The object”

Answer 137

A. “The subject”

Question 138

Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. Before that product can be purchased, a manager must review Trina’s selection and determine whether to approve the purchase. This is a description of:

A. “Two-person integrity”
B. “Segregation of duties”
C. “Software”
D. “Defense in depth”

Answer 138

B. “Segregation of duties”

Question 139

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees transferring from one department to another, getting promoted, or cross-training to new positions can get access to the different assets they’ll need for their new positions, in the most efficient manner. Which method should Handel select?

A. “Role-based access controls (RBAC)”
B. “Mandatory access controls (MAC)”
C. “Discretionary access controls (DAC)”
D. “Barbed wire”

Answer 139

A. “Role-based access controls (RBAC)”

Question 140

A _____ is a record of something that has occurred.

A. “Biometric”
B. “Law”
C. “Log”
D. “Firewall”

Answer 140

C. “Log”

Question 141

“Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens. Which security concept is being applied in this situation?

A. “Defense in depth”
B. “Segregation of duties”
C. “Least privilege”
D. “Dual control”

Answer 141

D. “Dual control”

Question 142

Which of the following statements is true?

A. “Logical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls”
B. “Physical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls”
C. “Administrative access controls can protect the IT environment perfectly; there is no reason to deploy any other controls”
D. “It is best to use a blend of controls to provide optimum security”

Answer 142

D. “It is best to use a blend of controls to provide optimum security”

Question 143

Which of the following is not an appropriate control to add to privileged accounts?

A. “Increased logging”
B. “Multifactor authentication”
C. “Increased auditing”
D. “Security deposit”

Answer 143

D. “Security deposit”

Question 144

Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove software. Which of the following could be used to describe Gelbi’s account?

A. “Privileged”
B. “Internal”
C. “External”
D. “User”

Answer 144

A. “Privileged”

Question 145

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that operational managers have the utmost personal choice in determining which employees get access to which systems/data. Which method should Handel select?

A. “Role-based access controls (RBAC)”
B. “Mandatory access controls (MAC)”
C. “Discretionary access controls (DAC)”
D. “Security policy”

Answer 145

C. “Discretionary access controls (DAC)”

Question 146

All of the following are typically perceived as drawbacks to biometric systems, except:

A. “Lack of accuracy”
B. “Potential privacy concerns”
C. “Retention of physiological data past the point of employment”
D. “Legality”

Answer 146

A. “Lack of accuracy”

Question 147

“Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is Prachi?

A. “The subject”
B. “The rule”
C. “The file”
D. “The object”

Answer 147

A. “The subject”

Question 148

Garfield is a security analyst at Triffid, Inc. Garfield notices that a particular application in the production environment is being copied very quickly, across systems and devices utilized by many users. What kind of attack could this be?

A. “Spoofing”
B. “Side channel”
C. “Trojan”
D. “Worm”

Answer 148

D. “Worm”

Question 149

Barry wants to upload a series of files to a web-based storage service, so that people Barry has granted authorization can retrieve these files. Which of the following would be Barry’s preferred communication protocol if he wanted this activity to be efficient and secure?

A. “SMTP (Simple Mail Transfer Protocol)”
B. “FTP (File Transfer Protocol)”
C. “SFTP (Secure File Transfer Protocol)”
D. “SNMP (Simple Network Management Protocol)

Answer 149

C. “SFTP (Secure File Transfer Protocol)”

Question 150

Which type of fire-suppression system is typically the least expensive?

A. “Water”
B. “Dirt”
C. “Oxygen-depletion”
D. “Gaseous”

Answer 150

A. “Water”

Question 151

Which type of fire-suppression system is typically the safest for humans?

A. “Water”
B. “Dirt”
C. “Oxygen-depletion”
D. “Gaseous”

Answer 151

A. “Water”

Question 152

Dieter wants to send a message to Lupa and wants to be sure that Lupa knows the message has not been modified in transit. What technique/tool could Dieter use to assist in this effort?

A. “Hashing”
B. “Clockwise rotation”
C. “Symmetric encryption”
D. “Asymmetric encryption”

Answer 152

A. “Hashing”

Question 153

Security controls on log data should reflect ________.

A. “The organization’s commitment to customer service”
B. “The local culture where the log data is stored”
C. “The price of the storage device”
D. “The sensitivity of the source device”

Answer 153

D. “The sensitivity of the source device”

Question 154

When data has reached the end of the retention period, it should be _______.

A. “Destroyed”
B. “Archived”
C. “Enhanced”
D. “Sold”

Answer 154

A. “Destroyed”

Question 155

Logs should be reviewed ______.

A. “Every Thursday”
B. “Continually”
C. “Once per calendar year”
D. “Once per fiscal year”

Answer 155

B. “Continually”

Question 156

Data _____ is data left behind on systems/media after normal deletion procedures have been attempted.

A. “Fragments”
B. “Packets”
C. “Remanence”
D. “Residue”

Answer 156

C. “Remanence”

Question 157

An organization must always be prepared to ______ when applying a patch.

A. “Pay for the updated content”
B. “Buy a new system”
C. “Settle lawsuits”
D. “Rollback”

Answer 157

D. “Rollback”

Question 158

Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed. Which security solution can often identify and potentially counter this risk?

A. “Firewall”
B. “Turnstile”
C. “Anti-Malware”
D. “Badge System”

Answer 158

A. “Firewall”