ISC2 CC EXAM AND PRACTICE EXAM LATEST 2026
TEST BANK| ISC2 CERTIFIED IN CYBERSECURITY (CC)
EXAM PREP WITH COMPLETE 400 REAL EXAM
QUESTION AND CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS) ALREADY GRADED A+ (MOST
RECENT!!)
Question 1
A company experiences a data breach where customer credit
card numbers are stolen. Which element of the CIA triad has
been primarily violated?
A) Availability
B) Integrity
C) Confidentiality
D) Non-repudiation
Correct Answer: C
Rationale: Confidentiality ensures that information is not disclosed
to unauthorized individuals. The theft of credit card numbers
represents an unauthorized disclosure of sensitive information,
directly violating confidentiality. Integrity would involve
unauthorized modification of data. Availability would involve
1
,disruption of access to data. Non-repudiation ensures that a
party cannot deny an action .
Question 2
The IT department is working to restore email services after a
server crash. Users are unable to send or receive email until the
server is back online. Which security principle is being affected?
A) Confidentiality
B) Integrity
C) Availability
D) Authentication
Correct Answer: C
Rationale: Availability ensures that systems and data are
accessible to authorized users when needed. The email outage
prevents users from accessing the service, directly impacting
availability. Confidentiality and integrity are not affected
because there is no unauthorized access or data modification;
users simply cannot access the system .
Question 3
A file is hashed using SHA-256, and the hash value is stored
2
,securely. Later, the file is hashed again, and the hash matches the
original. What does this ensure?
A) Confidentiality of the file
B) Integrity of the file
C) Availability of the file
D) Non-repudiation of the file
Correct Answer: B
Rationale: Hashing provides integrity verification. If the hash
value matches the original, it confirms that the file has not been
altered. Hashing does not provide confidentiality (files are not
encrypted) or availability, and it does not by itself provide non-
repudiation (which requires digital signatures) .
Question 4
Which of the following best describes the "separation of duties"
principle?
A) A single person is responsible for all security tasks
B) No single person has complete control over a critical process
C) All employees have equal access to sensitive data
D) Duties are rotated among employees every week
3
, Correct Answer: B
Rationale: Separation of duties is an internal control that
prevents fraud and error by dividing responsibilities among
multiple individuals. No single person has complete control over a
critical process, such as authorizing a payment and also issuing
the check. This reduces the risk of malicious or accidental errors .
Question 5
You use a computer on a TCP/IP network to transfer data
through well-known TCP port 80. Which protocol is most likely
being used to transfer data?
A) FTP
B) POP3
C) SMTP
D) HTTP
Correct Answer: D
Rationale: HTTP (Hypertext Transfer Protocol) uses TCP port 80
by default and is used to transfer data between web browsers
and web servers. FTP uses ports 20 and 21, POP3 uses port 110,
and SMTP uses port 25. Port 80 is universally associated with
HTTP web traffic .
4
TEST BANK| ISC2 CERTIFIED IN CYBERSECURITY (CC)
EXAM PREP WITH COMPLETE 400 REAL EXAM
QUESTION AND CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS) ALREADY GRADED A+ (MOST
RECENT!!)
Question 1
A company experiences a data breach where customer credit
card numbers are stolen. Which element of the CIA triad has
been primarily violated?
A) Availability
B) Integrity
C) Confidentiality
D) Non-repudiation
Correct Answer: C
Rationale: Confidentiality ensures that information is not disclosed
to unauthorized individuals. The theft of credit card numbers
represents an unauthorized disclosure of sensitive information,
directly violating confidentiality. Integrity would involve
unauthorized modification of data. Availability would involve
1
,disruption of access to data. Non-repudiation ensures that a
party cannot deny an action .
Question 2
The IT department is working to restore email services after a
server crash. Users are unable to send or receive email until the
server is back online. Which security principle is being affected?
A) Confidentiality
B) Integrity
C) Availability
D) Authentication
Correct Answer: C
Rationale: Availability ensures that systems and data are
accessible to authorized users when needed. The email outage
prevents users from accessing the service, directly impacting
availability. Confidentiality and integrity are not affected
because there is no unauthorized access or data modification;
users simply cannot access the system .
Question 3
A file is hashed using SHA-256, and the hash value is stored
2
,securely. Later, the file is hashed again, and the hash matches the
original. What does this ensure?
A) Confidentiality of the file
B) Integrity of the file
C) Availability of the file
D) Non-repudiation of the file
Correct Answer: B
Rationale: Hashing provides integrity verification. If the hash
value matches the original, it confirms that the file has not been
altered. Hashing does not provide confidentiality (files are not
encrypted) or availability, and it does not by itself provide non-
repudiation (which requires digital signatures) .
Question 4
Which of the following best describes the "separation of duties"
principle?
A) A single person is responsible for all security tasks
B) No single person has complete control over a critical process
C) All employees have equal access to sensitive data
D) Duties are rotated among employees every week
3
, Correct Answer: B
Rationale: Separation of duties is an internal control that
prevents fraud and error by dividing responsibilities among
multiple individuals. No single person has complete control over a
critical process, such as authorizing a payment and also issuing
the check. This reduces the risk of malicious or accidental errors .
Question 5
You use a computer on a TCP/IP network to transfer data
through well-known TCP port 80. Which protocol is most likely
being used to transfer data?
A) FTP
B) POP3
C) SMTP
D) HTTP
Correct Answer: D
Rationale: HTTP (Hypertext Transfer Protocol) uses TCP port 80
by default and is used to transfer data between web browsers
and web servers. FTP uses ports 20 and 21, POP3 uses port 110,
and SMTP uses port 25. Port 80 is universally associated with
HTTP web traffic .
4
