ISC2 Cybersecurity Certification Exams, Pre & Post
Assessments (Latest 2024/ 2025 Updates STUDY
BUNDLE PACKAGE) 100% Correct Questions and
Verified Answers| Grade A
According to the canon "Provide diligent and competent service to principals", ISC2
professionals are to: - ANSWERAvoid apparent or actual conflicts of interest.
Risk Management is: - ANSWERThe identification, evaluation and prioritization of
risks.
What is the consequence of a Denial Of Service attack? - ANSWERExhaustion of
device resources
In which cloud model does the cloud customer have LESS responsibility over the
infrastructure? - ANSWERSaaS (Software as a Service)
The SMTP protocol operates at OSI Level: - ANSWER7
Which of these would be the best option if a network administrator needs to control
access to a network? - ANSWERNAC
Which security principle states that a user should only have the necessary
permission to execute a task? - ANSWERLeast Privilege
Which of the following cloud models allows access to fundamental computer
resources? - ANSWERInfrastructure as a Service (IaaS) provides the capability to
provision processing, storage, networks, and other fundamental computing
resources
Which of these has the PRIMARY objective of identifying and prioritizing critical
business processes? - ANSWERBusiness Impact Analysis
Which access control model specifies access to an object based on the subject's role
in the organization? - ANSWERThe role-based access control (RBAC) model is well
known for governing access to objects based on the roles of individual users within
the organization.
Which of the following Cybersecurity concepts guarantees that information is
accessible only to those authorized to access it? - ANSWERConfidentiality
Which of the following are NOT types of security controls? - ANSWERStorage
controls
, Which port is used to secure communication over the web (HTTPS)? - ANSWERPort
443 is the one reserved for HTTPS connections.
In Change Management, which component addresses the procedures needed to
undo changes? - ANSWERRollback phase addresses the actions to take when the
monitoring change suggests a failure or inadequate performance.
Which type of attack attempts to gain information by observing the device's power
consumption? - ANSWERside-channel attack
is a passive and non-invasive attack aiming to extract information from a running
system
Which of the following canons is found in the ISC2 code of ethics? - ANSWER"Provide
diligent and competent service to principals" contains the accurate text of the ISC2
code of ethics.
Which of these is the PRIMARY objective of a Disaster Recovery Plan? -
ANSWERRestore company operation to the last-known reliable operation state
Which of these is not an attack against an IP network? - ANSWERSide Channel
Attacks are non-invasive attacks that extract information from devices (typically
devices running cryptographic algorithms), and therefore do not aim at IP networks
Which of the following is NOT a type of learning activity used in Security Awareness?
- ANSWERTutorial
is a form of training, but is not on the list of types of learning activities.
Which are the components of an incident response plan? - ANSWERPreparation->
Detection and Analysis -> Containment, Education and Recovery -> Post Incident
Activity
Which type of attack embeds malicious payload inside a reputable or trusted
software? - ANSWERTrojans
are a type of software that appears legitimate but has hidden malicious functions
that evade security mechanisms, typically by exploiting legitimate authorizations of
the user that invokes the program.
Which of these is the most efficient and effective way to test a business continuity
plan? - ANSWERSimulations
are full re-enactments of business continuity procedures and can involve most, if not
all, of your workforce.
Security posters are an element PRIMARILY employed in: - ANSWERSecurity
Awareness
Which of these types of user is LESS likely to have a privileged account? -
ANSWERExternal workers
Assessments (Latest 2024/ 2025 Updates STUDY
BUNDLE PACKAGE) 100% Correct Questions and
Verified Answers| Grade A
According to the canon "Provide diligent and competent service to principals", ISC2
professionals are to: - ANSWERAvoid apparent or actual conflicts of interest.
Risk Management is: - ANSWERThe identification, evaluation and prioritization of
risks.
What is the consequence of a Denial Of Service attack? - ANSWERExhaustion of
device resources
In which cloud model does the cloud customer have LESS responsibility over the
infrastructure? - ANSWERSaaS (Software as a Service)
The SMTP protocol operates at OSI Level: - ANSWER7
Which of these would be the best option if a network administrator needs to control
access to a network? - ANSWERNAC
Which security principle states that a user should only have the necessary
permission to execute a task? - ANSWERLeast Privilege
Which of the following cloud models allows access to fundamental computer
resources? - ANSWERInfrastructure as a Service (IaaS) provides the capability to
provision processing, storage, networks, and other fundamental computing
resources
Which of these has the PRIMARY objective of identifying and prioritizing critical
business processes? - ANSWERBusiness Impact Analysis
Which access control model specifies access to an object based on the subject's role
in the organization? - ANSWERThe role-based access control (RBAC) model is well
known for governing access to objects based on the roles of individual users within
the organization.
Which of the following Cybersecurity concepts guarantees that information is
accessible only to those authorized to access it? - ANSWERConfidentiality
Which of the following are NOT types of security controls? - ANSWERStorage
controls
, Which port is used to secure communication over the web (HTTPS)? - ANSWERPort
443 is the one reserved for HTTPS connections.
In Change Management, which component addresses the procedures needed to
undo changes? - ANSWERRollback phase addresses the actions to take when the
monitoring change suggests a failure or inadequate performance.
Which type of attack attempts to gain information by observing the device's power
consumption? - ANSWERside-channel attack
is a passive and non-invasive attack aiming to extract information from a running
system
Which of the following canons is found in the ISC2 code of ethics? - ANSWER"Provide
diligent and competent service to principals" contains the accurate text of the ISC2
code of ethics.
Which of these is the PRIMARY objective of a Disaster Recovery Plan? -
ANSWERRestore company operation to the last-known reliable operation state
Which of these is not an attack against an IP network? - ANSWERSide Channel
Attacks are non-invasive attacks that extract information from devices (typically
devices running cryptographic algorithms), and therefore do not aim at IP networks
Which of the following is NOT a type of learning activity used in Security Awareness?
- ANSWERTutorial
is a form of training, but is not on the list of types of learning activities.
Which are the components of an incident response plan? - ANSWERPreparation->
Detection and Analysis -> Containment, Education and Recovery -> Post Incident
Activity
Which type of attack embeds malicious payload inside a reputable or trusted
software? - ANSWERTrojans
are a type of software that appears legitimate but has hidden malicious functions
that evade security mechanisms, typically by exploiting legitimate authorizations of
the user that invokes the program.
Which of these is the most efficient and effective way to test a business continuity
plan? - ANSWERSimulations
are full re-enactments of business continuity procedures and can involve most, if not
all, of your workforce.
Security posters are an element PRIMARILY employed in: - ANSWERSecurity
Awareness
Which of these types of user is LESS likely to have a privileged account? -
ANSWERExternal workers
