"ISC2 CC Certified in Cybersecurity Mock Exam:
2026 Edition – 200 Questions and Answers with
Detailed Rationales – Graded A+ / 100% Correct
/ Updated for September 2026 Syllabus / Instant
Download"
Domain 1: Security Principles (Questions 1-13)
Question 1
A vendor sells a particular operating system (OS). In
order to deploy the OS securely on different
platforms, the vendor publishes several sets of
instructions on how to install it, depending on
which platform the customer is using. This is an
example of ______.
A) Law
B) Procedure
C) Standard
D) Policy
☑VERIFIED ANSWER: B) Procedure
,Rationale: A procedure is a documented set of step-
by-step instructions that describes how to complete
a specific task. Different procedures are required for
different platforms because the installation steps
vary. Laws are legal requirements enacted by
governments. Standards are established norms or
technical requirements. Policies are high-level
statements of management intent.
Question 2
The city of Grampon wants to know where all its
public vehicles (garbage trucks, police cars, etc.) are
at all times, so the city has GPS transmitters
installed in all the vehicles. What kind of control is
this?
A) Administrative
B) Entrenched
C) Physical
D) Technical
☑VERIFIED ANSWER: D) Technical
,Rationale: GPS transmitters are technical controls
because they use technology (hardware and
software) to monitor vehicle locations. Technical
controls are implemented through systems and
technology. Administrative controls involve policies
and procedures. Physical controls involve barriers,
locks, and facility protections. "Entrenched" is not a
standard control category.
Question 3
Triffid Corporation has a rule that all employees
working with sensitive hardcopy documents must
put the documents into a safe at the end of the
workday, where they are locked up until the
following workday. What kind of control is the
process of putting the documents into the safe?
A) Administrative
B) Tangential
C) Physical
D) Technical
☑VERIFIED ANSWER: A) Administrative
, Rationale: The process of requiring employees to
place documents in a safe is an administrative
control because it is a rule or procedure that
governs human behavior. While the safe itself is a
physical control, the rule directing employees to use
it is administrative. Administrative controls include
policies, procedures, training, and security
awareness programs.
Question 4
Grampon municipal code requires that all
companies that operate within city limits will have a
set of processes to ensure employees are safe while
working with hazardous materials. Triffid
Corporation creates a checklist of activities
employees must follow while working with
hazardous materials inside Grampon city limits. The
municipal code is a ______, and the Triffid checklist
is a ________.
A) Law, procedure
B) Standard, law
2026 Edition – 200 Questions and Answers with
Detailed Rationales – Graded A+ / 100% Correct
/ Updated for September 2026 Syllabus / Instant
Download"
Domain 1: Security Principles (Questions 1-13)
Question 1
A vendor sells a particular operating system (OS). In
order to deploy the OS securely on different
platforms, the vendor publishes several sets of
instructions on how to install it, depending on
which platform the customer is using. This is an
example of ______.
A) Law
B) Procedure
C) Standard
D) Policy
☑VERIFIED ANSWER: B) Procedure
,Rationale: A procedure is a documented set of step-
by-step instructions that describes how to complete
a specific task. Different procedures are required for
different platforms because the installation steps
vary. Laws are legal requirements enacted by
governments. Standards are established norms or
technical requirements. Policies are high-level
statements of management intent.
Question 2
The city of Grampon wants to know where all its
public vehicles (garbage trucks, police cars, etc.) are
at all times, so the city has GPS transmitters
installed in all the vehicles. What kind of control is
this?
A) Administrative
B) Entrenched
C) Physical
D) Technical
☑VERIFIED ANSWER: D) Technical
,Rationale: GPS transmitters are technical controls
because they use technology (hardware and
software) to monitor vehicle locations. Technical
controls are implemented through systems and
technology. Administrative controls involve policies
and procedures. Physical controls involve barriers,
locks, and facility protections. "Entrenched" is not a
standard control category.
Question 3
Triffid Corporation has a rule that all employees
working with sensitive hardcopy documents must
put the documents into a safe at the end of the
workday, where they are locked up until the
following workday. What kind of control is the
process of putting the documents into the safe?
A) Administrative
B) Tangential
C) Physical
D) Technical
☑VERIFIED ANSWER: A) Administrative
, Rationale: The process of requiring employees to
place documents in a safe is an administrative
control because it is a rule or procedure that
governs human behavior. While the safe itself is a
physical control, the rule directing employees to use
it is administrative. Administrative controls include
policies, procedures, training, and security
awareness programs.
Question 4
Grampon municipal code requires that all
companies that operate within city limits will have a
set of processes to ensure employees are safe while
working with hazardous materials. Triffid
Corporation creates a checklist of activities
employees must follow while working with
hazardous materials inside Grampon city limits. The
municipal code is a ______, and the Triffid checklist
is a ________.
A) Law, procedure
B) Standard, law
