ISC2 CC (Certified in CyberSecurity) Practice Questions
Certification Success - Unofficial By Certification Terminal
(Part 1)
4.1 In the realm of information security, what constitutes the utmost crucial element of
privacy?
A. Protecting personal information from unauthorized access or disclosure
B. Ensuring data is accurate and unchanged
C. Making sure data is always accessible when needed
D. All of the above - Correct Answer A. Protecting personal information from
unauthorized access or disclosure
4.2 Choose the BEST example for a preventive control from the following:
A. A firewall
B. A backup generator
C. An intrusion detection system
D. An antivirus software - Correct Answer A. A firewall
4.3 What distinguishes a private cloud from a public cloud?
A. A public cloud is less secure than a private cloud
B. A private cloud is more expensive than a public cloud
C. A public cloud is hosted by a third-party provider, while a private cloud is dedicated to
a single organization
D. A private cloud is only accessible from a single location - Correct Answer C. A public
cloud is hosted by a third-party provider, while a private cloud is dedicated to a single
organization
4.4 What security principle asserts that a user should possess only the requisite
permissions to perform a task?
A. Separation of Duties
B. Defense in Depth
C. Least Privilege
,D. Privileged Accounts - Correct Answer C. Least Privilege
4.5 What is the objective of implementing a security awareness and training initiative?
A. To develop technical specifications for security controls
B. To educate employees about security policies and procedures
C. To investigate and respond to security incidents
D. To enforce disciplinary actions for security violations - Correct Answer B. To educate
employees about security policies and procedures
4.6 In your roles as a cybersecurity analyst, your supervisor tasks you with producing a
document that delineates the sequential procedure for setting up firewall rules within the
organization's network infrastructure. What specific type of document are you creating?
A. Guideline
B. Policy
C. Procedure
D. Standard - Correct Answer C. Procedure
4.7 What is the term used to denote the process of eliminating or neutralizing malicious
software (malware) from a computer?
A. Firewall configuration
B. Decryption
C. Encryption
D. Malware Removal - Correct Answer D. Malware Removal
4.8 What distinguishes an incident response plan from a disaster recovery plan?
A. An incident response plan focuses on recovering from security incidents, while a
disaster recovery plan focuses on recovering from natural disasters.
B. An incident response plan focuses on preventing security incidents, while a disaster
recovery plan focuses on mitigating the impact of natural disasters
C. An incident response plan focuses on detecting and responding to security incidents,
while a disaster recovery plan focuses on restoring IT systems and infrastructure
D. An incident response plan focuses on restoring critical systems and data, while a
disaster recovery plan focuses on restoring business operations. - Correct Answer C. An
,incident response plan focuses on detecting and responding to security incidents, while a
disaster recovery plan focuses on restoring IT systems and infrastructure
4.9 What is the main objective of Business Continuity (BC)?
A. To minimize expenses during unexpected events
B. To maintain operations during unexpected events
C. To maximize profits during unexpected events
D. To maintain the status quo during unexpected events - Correct Answer B. To maintain
operations during unexpected even
4.10 Which of the options below is an example that does NOT represent a possible model
for an Incident Response Team (IRT)?
A. Leveraged
B. Dedicated
C. Hybrid
D. Pre-existing - Correct Answer D. Pre-existing
4.11 What is the objective of a risk assessment procedure?
A. To assign risk priorities to identified risks
B. To assess the potential impact of risks on the organization
C. To implement controls and measures to reduce or eliminate risks
D. To provide a structured approach for conducting risk assessments - Correct Answer D.
To provide a structured approach for conducting risk assessments
4.12 In risk management, what does the term "impact" refer to?
A. The actions taken to transfer or mitigate risks
B. Confidentiality
C. The severity or consequences of a risk event
D. the potential vulnerabilities in a system or process. - Correct Answer C. The severity or
consequences of a risk event
4.13 How do you define integrity in the context of Information Security?
, A. The maintenance of a known configuration and unexpected operational function as the
system processes information
B. The maintenance of a random configuration and unpredictable operational function as
the system processes information
C. The maintenance of a known bad configuration and unexpected operational function
as the system processes information
D. The maintenance of a known good configuration and expected operational function as
the system processes information - Correct Answer D. The maintenance of a known good
configuration and expected operational function as the system processes information
4.14 What is the primary objective of risk assessment?
A. To identify critical business functions
B. To evaluate the potential impact of threats to the organization
C. To define recovery time objectives for critical systems and data
D. To establish procedures for restoring critical systems and data - Correct Answer B. To
evaluate the potential impact of threats to the organization
4.15 Which of the following options exemplifies an administrative control?
A. Firewall
B. Network-based intrusion detection system
C. Physical locks on doors
D. Background checks for employees - Correct Answer D. Background checks for
employees
4.16 Which of these is primarily focused on identifying and prioritizing critical business
processes?
A. Business Continuity Plan
B. Disaster Recovery Plan
C. Business Impact Analysis
D. Business Impact Plan - Correct Answer C. Business Impact Analysis
4.17 What term pertains to an individual's capacity to mange the sharing of their personal
information?
Certification Success - Unofficial By Certification Terminal
(Part 1)
4.1 In the realm of information security, what constitutes the utmost crucial element of
privacy?
A. Protecting personal information from unauthorized access or disclosure
B. Ensuring data is accurate and unchanged
C. Making sure data is always accessible when needed
D. All of the above - Correct Answer A. Protecting personal information from
unauthorized access or disclosure
4.2 Choose the BEST example for a preventive control from the following:
A. A firewall
B. A backup generator
C. An intrusion detection system
D. An antivirus software - Correct Answer A. A firewall
4.3 What distinguishes a private cloud from a public cloud?
A. A public cloud is less secure than a private cloud
B. A private cloud is more expensive than a public cloud
C. A public cloud is hosted by a third-party provider, while a private cloud is dedicated to
a single organization
D. A private cloud is only accessible from a single location - Correct Answer C. A public
cloud is hosted by a third-party provider, while a private cloud is dedicated to a single
organization
4.4 What security principle asserts that a user should possess only the requisite
permissions to perform a task?
A. Separation of Duties
B. Defense in Depth
C. Least Privilege
,D. Privileged Accounts - Correct Answer C. Least Privilege
4.5 What is the objective of implementing a security awareness and training initiative?
A. To develop technical specifications for security controls
B. To educate employees about security policies and procedures
C. To investigate and respond to security incidents
D. To enforce disciplinary actions for security violations - Correct Answer B. To educate
employees about security policies and procedures
4.6 In your roles as a cybersecurity analyst, your supervisor tasks you with producing a
document that delineates the sequential procedure for setting up firewall rules within the
organization's network infrastructure. What specific type of document are you creating?
A. Guideline
B. Policy
C. Procedure
D. Standard - Correct Answer C. Procedure
4.7 What is the term used to denote the process of eliminating or neutralizing malicious
software (malware) from a computer?
A. Firewall configuration
B. Decryption
C. Encryption
D. Malware Removal - Correct Answer D. Malware Removal
4.8 What distinguishes an incident response plan from a disaster recovery plan?
A. An incident response plan focuses on recovering from security incidents, while a
disaster recovery plan focuses on recovering from natural disasters.
B. An incident response plan focuses on preventing security incidents, while a disaster
recovery plan focuses on mitigating the impact of natural disasters
C. An incident response plan focuses on detecting and responding to security incidents,
while a disaster recovery plan focuses on restoring IT systems and infrastructure
D. An incident response plan focuses on restoring critical systems and data, while a
disaster recovery plan focuses on restoring business operations. - Correct Answer C. An
,incident response plan focuses on detecting and responding to security incidents, while a
disaster recovery plan focuses on restoring IT systems and infrastructure
4.9 What is the main objective of Business Continuity (BC)?
A. To minimize expenses during unexpected events
B. To maintain operations during unexpected events
C. To maximize profits during unexpected events
D. To maintain the status quo during unexpected events - Correct Answer B. To maintain
operations during unexpected even
4.10 Which of the options below is an example that does NOT represent a possible model
for an Incident Response Team (IRT)?
A. Leveraged
B. Dedicated
C. Hybrid
D. Pre-existing - Correct Answer D. Pre-existing
4.11 What is the objective of a risk assessment procedure?
A. To assign risk priorities to identified risks
B. To assess the potential impact of risks on the organization
C. To implement controls and measures to reduce or eliminate risks
D. To provide a structured approach for conducting risk assessments - Correct Answer D.
To provide a structured approach for conducting risk assessments
4.12 In risk management, what does the term "impact" refer to?
A. The actions taken to transfer or mitigate risks
B. Confidentiality
C. The severity or consequences of a risk event
D. the potential vulnerabilities in a system or process. - Correct Answer C. The severity or
consequences of a risk event
4.13 How do you define integrity in the context of Information Security?
, A. The maintenance of a known configuration and unexpected operational function as the
system processes information
B. The maintenance of a random configuration and unpredictable operational function as
the system processes information
C. The maintenance of a known bad configuration and unexpected operational function
as the system processes information
D. The maintenance of a known good configuration and expected operational function as
the system processes information - Correct Answer D. The maintenance of a known good
configuration and expected operational function as the system processes information
4.14 What is the primary objective of risk assessment?
A. To identify critical business functions
B. To evaluate the potential impact of threats to the organization
C. To define recovery time objectives for critical systems and data
D. To establish procedures for restoring critical systems and data - Correct Answer B. To
evaluate the potential impact of threats to the organization
4.15 Which of the following options exemplifies an administrative control?
A. Firewall
B. Network-based intrusion detection system
C. Physical locks on doors
D. Background checks for employees - Correct Answer D. Background checks for
employees
4.16 Which of these is primarily focused on identifying and prioritizing critical business
processes?
A. Business Continuity Plan
B. Disaster Recovery Plan
C. Business Impact Analysis
D. Business Impact Plan - Correct Answer C. Business Impact Analysis
4.17 What term pertains to an individual's capacity to mange the sharing of their personal
information?
