ISC2 – CC ACTUAL EXAM UPDATE 2026
QUESTIONCiphertext - answer-The altered form of a plaintext message so it is unreadable for
anyone except the intended recipients. In other words, it has been turned into a secret.
Application Server - answer-A computer responsible for hosting applications to user
workstations. NIST SP 800-82 Rev.2
QUESTIONAsymmetric Encryption - answer-An algorithm that uses one key to encrypt and a
different key to decrypt the input plaintext.
QUESTIONChecksum - answer-A digit representing the sum of the correct digits in a piece of
stored or transmitted digital data, against which later comparisons can be made to detect errors
in the data.
QUESTIONClassification - answer-Classification identifies the degree of harm to the
organization, its stakeholders or others that might result if an information asset is divulged to an
unauthorized person, process or organization. In short, classification is focused first and
foremost on maintaining the confidentiality of the data, based on the data sensitivity.
QUESTIONConfiguration management - answer-A process and discipline used to ensure that the
only changes made to a system are those that have been authorized and validated.
QUESTIONCryptanalyst - answer-One who performs cryptanalysis which is the study of
mathematical techniques for attempting to defeat cryptographic techniques and/or information
systems security. This includes the process of looking for errors or weaknesses in the
implementation of an algorithm or of the algorithm itself.
,QUESTIONCryptography - answer-The study or applications of methods to secure or protect the
meaning and content of messages, files, or other information, usually by disguise, obscuration,
or other transformations of that content and meaning.
QUESTIONHash Function - answer-An algorithm that computes a numerical value (called the
hash value) on a data file or electronic message that is used to represent that file or message
and depends on the entire contents of the file or message. A hash function can be considered to
be a fingerprint of the file or message. NIST SP 800-152
QUESTIONHashing - answer-The process of using a mathematical algorithm against data to
produce a numeric value that is representative of that data. Source CNSSI 4009-2015
QUESTIONInformation Sharing - answer-The requirements for information sharing by an IT
system with one or more other IT systems or applications, for information sharing to support
multiple internal or external organizations, missions, or public programs. NIST SP 800-16
QUESTIONIngress Monitoring - answer-Monitoring of incoming network traffic.
QUESTIONMessage Digest - answer-A digital signature that uniquely identifies data and has the
property such that changing a single bit in the data will cause a completely different message
digest to be generated. NISTIR-8011 Vol.3
QUESTIONOperating System - answer-The software "master control application" that runs the
computer. It is the first program loaded when the computer is turned on, and its main
component, the kernel, resides in memory at all times. The operating system sets the standards
for all application programs (such as the Web server) that run in the computer. The applications
communicate with the operating system for most user interface and file management
operations. NIST SP 800-44 Version 2
, QUESTIONPatch - answer-A software component that, when installed, directly modifies files or
device settings related to a different software component without changing the version number
or release details for the related software component. Source: ISO/IEC 19770-2
QUESTIONPatch Management - answer-The systematic notification, identification, deployment,
installation and verification of operating system and application software code revisions. These
revisions are known as patches, hot fixes, and service packs. Source: CNSSI 4009
QUESTIONPlaintext - answer-A message or data in its natural format and in readable form;
extremely vulnerable from a confidentiality perspective.
QUESTIONRecords - answer-The recordings (automated and/or manual) of evidence of activities
performed or results achieved (e.g., forms, reports, test results), which serve as a basis for
verifying that the organization and the information system are performing as intended. Also
used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a
program and that contain the complete set of information on particular items). NIST SP 800-53
Rev. 4
QUESTIONData Loss Prevention (DLP) - answer-System capabilities designed to detect and
prevent the unauthorized use and transmission of information.
QUESTIONDecryption - answer-The reverse process from encryption. It is the process of
converting a ciphertext message back into plaintext through the use of the cryptographic
algorithm and the appropriate key for decryption (which is the same for symmetric encryption,
but different for asymmetric encryption). This term is also used interchangeably with the
"deciphering."
QUESTIONDegaussing - answer-A technique of erasing data on disk or tape (including video
tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to
reconstruct data.
QUESTIONCiphertext - answer-The altered form of a plaintext message so it is unreadable for
anyone except the intended recipients. In other words, it has been turned into a secret.
Application Server - answer-A computer responsible for hosting applications to user
workstations. NIST SP 800-82 Rev.2
QUESTIONAsymmetric Encryption - answer-An algorithm that uses one key to encrypt and a
different key to decrypt the input plaintext.
QUESTIONChecksum - answer-A digit representing the sum of the correct digits in a piece of
stored or transmitted digital data, against which later comparisons can be made to detect errors
in the data.
QUESTIONClassification - answer-Classification identifies the degree of harm to the
organization, its stakeholders or others that might result if an information asset is divulged to an
unauthorized person, process or organization. In short, classification is focused first and
foremost on maintaining the confidentiality of the data, based on the data sensitivity.
QUESTIONConfiguration management - answer-A process and discipline used to ensure that the
only changes made to a system are those that have been authorized and validated.
QUESTIONCryptanalyst - answer-One who performs cryptanalysis which is the study of
mathematical techniques for attempting to defeat cryptographic techniques and/or information
systems security. This includes the process of looking for errors or weaknesses in the
implementation of an algorithm or of the algorithm itself.
,QUESTIONCryptography - answer-The study or applications of methods to secure or protect the
meaning and content of messages, files, or other information, usually by disguise, obscuration,
or other transformations of that content and meaning.
QUESTIONHash Function - answer-An algorithm that computes a numerical value (called the
hash value) on a data file or electronic message that is used to represent that file or message
and depends on the entire contents of the file or message. A hash function can be considered to
be a fingerprint of the file or message. NIST SP 800-152
QUESTIONHashing - answer-The process of using a mathematical algorithm against data to
produce a numeric value that is representative of that data. Source CNSSI 4009-2015
QUESTIONInformation Sharing - answer-The requirements for information sharing by an IT
system with one or more other IT systems or applications, for information sharing to support
multiple internal or external organizations, missions, or public programs. NIST SP 800-16
QUESTIONIngress Monitoring - answer-Monitoring of incoming network traffic.
QUESTIONMessage Digest - answer-A digital signature that uniquely identifies data and has the
property such that changing a single bit in the data will cause a completely different message
digest to be generated. NISTIR-8011 Vol.3
QUESTIONOperating System - answer-The software "master control application" that runs the
computer. It is the first program loaded when the computer is turned on, and its main
component, the kernel, resides in memory at all times. The operating system sets the standards
for all application programs (such as the Web server) that run in the computer. The applications
communicate with the operating system for most user interface and file management
operations. NIST SP 800-44 Version 2
, QUESTIONPatch - answer-A software component that, when installed, directly modifies files or
device settings related to a different software component without changing the version number
or release details for the related software component. Source: ISO/IEC 19770-2
QUESTIONPatch Management - answer-The systematic notification, identification, deployment,
installation and verification of operating system and application software code revisions. These
revisions are known as patches, hot fixes, and service packs. Source: CNSSI 4009
QUESTIONPlaintext - answer-A message or data in its natural format and in readable form;
extremely vulnerable from a confidentiality perspective.
QUESTIONRecords - answer-The recordings (automated and/or manual) of evidence of activities
performed or results achieved (e.g., forms, reports, test results), which serve as a basis for
verifying that the organization and the information system are performing as intended. Also
used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a
program and that contain the complete set of information on particular items). NIST SP 800-53
Rev. 4
QUESTIONData Loss Prevention (DLP) - answer-System capabilities designed to detect and
prevent the unauthorized use and transmission of information.
QUESTIONDecryption - answer-The reverse process from encryption. It is the process of
converting a ciphertext message back into plaintext through the use of the cryptographic
algorithm and the appropriate key for decryption (which is the same for symmetric encryption,
but different for asymmetric encryption). This term is also used interchangeably with the
"deciphering."
QUESTIONDegaussing - answer-A technique of erasing data on disk or tape (including video
tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to
reconstruct data.
