(ISC)2 CC Practice Exam 1 Newest 2026 Questions
and Correct Detailed Answers Already Graded A+
Sensitivity is a measure of the ...: - CORRECT ANSWER-... importance assigned
to information by its owner, or the purpose of representing its need for
protection.
(Sensitivity is also defined as the measure of the importance assigned to
information by its owner, or the purpose of representing its need for protection)
The process of verifying or proving the user's identification is known as: -
CORRECT ANSWER-Authentication
(Authentication is the verification of the identity of a user, process or device, as a
prerequisite to allowing access to the resources in a given system. In contrast,
authorization refers to the permission granted to users, processes or devices to
access specific assets. Confidentiality and integrity are properties of information
and systems, not processes.)
,Which of the following Cybersecurity concepts guarantees that information is
accessible only to those authorized to access it? - CORRECT ANSWER-
Confidentiality
(Confidentiality, Integrity and Availability are known as the CIA triad, from the
model that guides policies for information security. Confidentiality is the property
of data or information not being made available or disclosed, which leads to
sensitive information being protected from unauthorized access. Integrity refers
to the preservation of the consistency, accuracy and trustworthiness of data.
Availability is the property of data being consistently and readily accessible to the
parties authorized to access it. Finally, non-repudiation refers to the inability to
deny the production, approval or transmission of information.)
Which of these has the PRIMARY objective of identifying and prioritizing critical
business processes? - CORRECT ANSWER-Business Impact Analysis
(The term 'Business Impact Plan' does not exist. A Business Impact Analysis (BIA)
is a technique for analyzing how disruptions can affect an organization, and
determines the criticality of all business activities and associated resources. A
Business Continuity Plan (BCP) is a pre-determined set of instructions describing
how the mission/business processes of an organization will be sustained during
,and after a significant disruption. A Disaster Recovery Plan is a written plan for
recovering information systems in response to a major failure or disaster.
Topic: PE1-2.1 Business Continuity (BC) - Chapter 2.1, Domain 2.1)
Which of these is the most efficient and effective way to test a business continuity
plan? - CORRECT ANSWER-Simulations
(Simulations are full re-enactments of business continuity procedures and can
involve most, if not all, of your workforce. They also tend to take place on-site in
the relevant business areas. Thus, they are an exceptionally effective way to test
your business continuity plan. Walkthroughs verbally carry out specific recovery
steps stipulated in the business Continuity plan. Discussion and reviews are static
ways of testing the business continuity plan.)
Which of these is the PRIMARY objective of a Disaster Recovery Plan? -
CORRECT ANSWER-Restore company operation to the last-known reliable
operation state
(A Disaster Recovery Plan (DRP) is a plan for processing and restoring operations
in the event of a significant hardware or software failure, or of the destruction of
the organization's facilities. The primary goal of a DRP is to restore the business to
the last-known reliable state of operations (see Chapter 2 ISC2 Study Guide,
, module 4, under The Goal of Disaster Recovery). Maintaining crucial operations is
the goal of the Business Continuity Plan (BCP). The remaining options may be
included in a DRP, but are not its primary objective.)
After an earthquake disrupting business operations, which document contains the
procedures required to return business to normal operation? - CORRECT
ANSWER-The Disaster Recovery Plan
(A Disaster Recovery Plan (DRP) is a plan for processing and restoring operations
in the event of a significant hardware or software failure, or of the destruction of
the organization's facilities. The primary goal of a DRP is to restore the business to
the last-known reliable state of operations (see Chapter 2 ISC2 Study Guide,
module 4, under The Goal of Disaster Recovery). The term 'Business Impact Plan'
does not exist. A Business Continuity Plan (BCP) is a pre-determined set of
instructions describing how an organization's mission/business processes will be
sustained during and after a significant disruption. A Business Impact Analysis
(BIA) is a technique for analyzing how disruptions can affect an organization.
Topic: Understanding Disaster Recovery (DR))
In the event of a disaster, which of these should be the PRIMARY objective? (★) -
CORRECT ANSWER-Guarantee the safety of people
and Correct Detailed Answers Already Graded A+
Sensitivity is a measure of the ...: - CORRECT ANSWER-... importance assigned
to information by its owner, or the purpose of representing its need for
protection.
(Sensitivity is also defined as the measure of the importance assigned to
information by its owner, or the purpose of representing its need for protection)
The process of verifying or proving the user's identification is known as: -
CORRECT ANSWER-Authentication
(Authentication is the verification of the identity of a user, process or device, as a
prerequisite to allowing access to the resources in a given system. In contrast,
authorization refers to the permission granted to users, processes or devices to
access specific assets. Confidentiality and integrity are properties of information
and systems, not processes.)
,Which of the following Cybersecurity concepts guarantees that information is
accessible only to those authorized to access it? - CORRECT ANSWER-
Confidentiality
(Confidentiality, Integrity and Availability are known as the CIA triad, from the
model that guides policies for information security. Confidentiality is the property
of data or information not being made available or disclosed, which leads to
sensitive information being protected from unauthorized access. Integrity refers
to the preservation of the consistency, accuracy and trustworthiness of data.
Availability is the property of data being consistently and readily accessible to the
parties authorized to access it. Finally, non-repudiation refers to the inability to
deny the production, approval or transmission of information.)
Which of these has the PRIMARY objective of identifying and prioritizing critical
business processes? - CORRECT ANSWER-Business Impact Analysis
(The term 'Business Impact Plan' does not exist. A Business Impact Analysis (BIA)
is a technique for analyzing how disruptions can affect an organization, and
determines the criticality of all business activities and associated resources. A
Business Continuity Plan (BCP) is a pre-determined set of instructions describing
how the mission/business processes of an organization will be sustained during
,and after a significant disruption. A Disaster Recovery Plan is a written plan for
recovering information systems in response to a major failure or disaster.
Topic: PE1-2.1 Business Continuity (BC) - Chapter 2.1, Domain 2.1)
Which of these is the most efficient and effective way to test a business continuity
plan? - CORRECT ANSWER-Simulations
(Simulations are full re-enactments of business continuity procedures and can
involve most, if not all, of your workforce. They also tend to take place on-site in
the relevant business areas. Thus, they are an exceptionally effective way to test
your business continuity plan. Walkthroughs verbally carry out specific recovery
steps stipulated in the business Continuity plan. Discussion and reviews are static
ways of testing the business continuity plan.)
Which of these is the PRIMARY objective of a Disaster Recovery Plan? -
CORRECT ANSWER-Restore company operation to the last-known reliable
operation state
(A Disaster Recovery Plan (DRP) is a plan for processing and restoring operations
in the event of a significant hardware or software failure, or of the destruction of
the organization's facilities. The primary goal of a DRP is to restore the business to
the last-known reliable state of operations (see Chapter 2 ISC2 Study Guide,
, module 4, under The Goal of Disaster Recovery). Maintaining crucial operations is
the goal of the Business Continuity Plan (BCP). The remaining options may be
included in a DRP, but are not its primary objective.)
After an earthquake disrupting business operations, which document contains the
procedures required to return business to normal operation? - CORRECT
ANSWER-The Disaster Recovery Plan
(A Disaster Recovery Plan (DRP) is a plan for processing and restoring operations
in the event of a significant hardware or software failure, or of the destruction of
the organization's facilities. The primary goal of a DRP is to restore the business to
the last-known reliable state of operations (see Chapter 2 ISC2 Study Guide,
module 4, under The Goal of Disaster Recovery). The term 'Business Impact Plan'
does not exist. A Business Continuity Plan (BCP) is a pre-determined set of
instructions describing how an organization's mission/business processes will be
sustained during and after a significant disruption. A Business Impact Analysis
(BIA) is a technique for analyzing how disruptions can affect an organization.
Topic: Understanding Disaster Recovery (DR))
In the event of a disaster, which of these should be the PRIMARY objective? (★) -
CORRECT ANSWER-Guarantee the safety of people
