ISC2 – CC EXAM 2025 WITH 100%
CORRECT ANSWERS
Application Server - CORRECT ANSWER✔✔A computer responsible for hosting applications to
user workstations. NIST SP 800-82 Rev.2
Asymmetric Encryption - CORRECT ANSWER✔✔An algorithm that uses one key to encrypt and a
different key to decrypt the input plaintext.
Checksum - CORRECT ANSWER✔✔A digit representing the sum of the correct digits in a piece of
stored or transmitted digital data, against which later comparisons can be made to detect errors
in the data.
Ciphertext - CORRECT ANSWER✔✔The altered form of a plaintext message so it is unreadable
for anyone except the intended recipients. In other words, it has been turned into a secret.
Classification - CORRECT ANSWER✔✔Classification identifies the degree of harm to the
organization, its stakeholders or others that might result if an information asset is divulged to an
unauthorized person, process or organization. In short, classification is focused first and
foremost on maintaining the confidentiality of the data, based on the data sensitivity.
Configuration management - CORRECT ANSWER✔✔A process and discipline used to ensure that
the only changes made to a system are those that have been authorized and validated.
Cryptanalyst - CORRECT ANSWER✔✔One who performs cryptanalysis which is the study of
mathematical techniques for attempting to defeat cryptographic techniques and/or information
systems security. This includes the process of looking for errors or weaknesses in the
implementation of an algorithm or of the algorithm itself.
,Cryptography - CORRECT ANSWER✔✔The study or applications of methods to secure or protect
the meaning and content of messages, files, or other information, usually by disguise,
obscuration, or other transformations of that content and meaning.
Data Loss Prevention (DLP) - CORRECT ANSWER✔✔System capabilities designed to detect and
prevent the unauthorized use and transmission of information.
Decryption - CORRECT ANSWER✔✔The reverse process from encryption. It is the process of
converting a ciphertext message back into plaintext through the use of the cryptographic
algorithm and the appropriate key for decryption (which is the same for symmetric encryption,
but different for asymmetric encryption). This term is also used interchangeably with the
"deciphering."
Degaussing - CORRECT ANSWER✔✔A technique of erasing data on disk or tape (including video
tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to
reconstruct data.
Digital Signature - CORRECT ANSWER✔✔The result of a cryptographic transformation of data
which, when properly implemented, provides the services of origin authentication, data
integrity, and signer non-repudiation. NIST SP 800-12 Rev. 1
Egress Monitoring - CORRECT ANSWER✔✔Monitoring of outgoing network traffic.
Encryption - CORRECT ANSWER✔✔The process and act of converting the message from its
plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are
sometimes used interchangeably in literature and have similar meanings.
Encryption System - CORRECT ANSWER✔✔The total set of algorithms, processes, hardware,
software, and procedures that taken together provide an encryption and decryption capability.
, Hardening - CORRECT ANSWER✔✔A reference to the process of applying secure configurations
(to reduce the attack surface) and locking down various hardware, communications systems,
and software, including operating system, web server, application server, application, etc.
Hardening is normally performed based on industry guidelines and benchmarks, such as those
provided by the Center for Internet Security (CIS).
Hash Function - CORRECT ANSWER✔✔An algorithm that computes a numerical value (called
the hash value) on a data file or electronic message that is used to represent that file or
message and depends on the entire contents of the file or message. A hash function can be
considered to be a fingerprint of the file or message. NIST SP 800-152
Hashing - CORRECT ANSWER✔✔The process of using a mathematical algorithm against data to
produce a numeric value that is representative of that data. Source CNSSI 4009-2015
Information Sharing - CORRECT ANSWER✔✔The requirements for information sharing by an IT
system with one or more other IT systems or applications, for information sharing to support
multiple internal or external organizations, missions, or public programs. NIST SP 800-16
Ingress Monitoring - CORRECT ANSWER✔✔Monitoring of incoming network traffic.
Message Digest - CORRECT ANSWER✔✔A digital signature that uniquely identifies data and has
the property such that changing a single bit in the data will cause a completely different
message digest to be generated. NISTIR-8011 Vol.3
Operating System - CORRECT ANSWER✔✔The software "master control application" that runs
the computer. It is the first program loaded when the computer is turned on, and its main
component, the kernel, resides in memory at all times. The operating system sets the standards
for all application programs (such as the Web server) that run in the computer. The applications
communicate with the operating system for most user interface and file management
operations. NIST SP 800-44 Version 2
CORRECT ANSWERS
Application Server - CORRECT ANSWER✔✔A computer responsible for hosting applications to
user workstations. NIST SP 800-82 Rev.2
Asymmetric Encryption - CORRECT ANSWER✔✔An algorithm that uses one key to encrypt and a
different key to decrypt the input plaintext.
Checksum - CORRECT ANSWER✔✔A digit representing the sum of the correct digits in a piece of
stored or transmitted digital data, against which later comparisons can be made to detect errors
in the data.
Ciphertext - CORRECT ANSWER✔✔The altered form of a plaintext message so it is unreadable
for anyone except the intended recipients. In other words, it has been turned into a secret.
Classification - CORRECT ANSWER✔✔Classification identifies the degree of harm to the
organization, its stakeholders or others that might result if an information asset is divulged to an
unauthorized person, process or organization. In short, classification is focused first and
foremost on maintaining the confidentiality of the data, based on the data sensitivity.
Configuration management - CORRECT ANSWER✔✔A process and discipline used to ensure that
the only changes made to a system are those that have been authorized and validated.
Cryptanalyst - CORRECT ANSWER✔✔One who performs cryptanalysis which is the study of
mathematical techniques for attempting to defeat cryptographic techniques and/or information
systems security. This includes the process of looking for errors or weaknesses in the
implementation of an algorithm or of the algorithm itself.
,Cryptography - CORRECT ANSWER✔✔The study or applications of methods to secure or protect
the meaning and content of messages, files, or other information, usually by disguise,
obscuration, or other transformations of that content and meaning.
Data Loss Prevention (DLP) - CORRECT ANSWER✔✔System capabilities designed to detect and
prevent the unauthorized use and transmission of information.
Decryption - CORRECT ANSWER✔✔The reverse process from encryption. It is the process of
converting a ciphertext message back into plaintext through the use of the cryptographic
algorithm and the appropriate key for decryption (which is the same for symmetric encryption,
but different for asymmetric encryption). This term is also used interchangeably with the
"deciphering."
Degaussing - CORRECT ANSWER✔✔A technique of erasing data on disk or tape (including video
tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to
reconstruct data.
Digital Signature - CORRECT ANSWER✔✔The result of a cryptographic transformation of data
which, when properly implemented, provides the services of origin authentication, data
integrity, and signer non-repudiation. NIST SP 800-12 Rev. 1
Egress Monitoring - CORRECT ANSWER✔✔Monitoring of outgoing network traffic.
Encryption - CORRECT ANSWER✔✔The process and act of converting the message from its
plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are
sometimes used interchangeably in literature and have similar meanings.
Encryption System - CORRECT ANSWER✔✔The total set of algorithms, processes, hardware,
software, and procedures that taken together provide an encryption and decryption capability.
, Hardening - CORRECT ANSWER✔✔A reference to the process of applying secure configurations
(to reduce the attack surface) and locking down various hardware, communications systems,
and software, including operating system, web server, application server, application, etc.
Hardening is normally performed based on industry guidelines and benchmarks, such as those
provided by the Center for Internet Security (CIS).
Hash Function - CORRECT ANSWER✔✔An algorithm that computes a numerical value (called
the hash value) on a data file or electronic message that is used to represent that file or
message and depends on the entire contents of the file or message. A hash function can be
considered to be a fingerprint of the file or message. NIST SP 800-152
Hashing - CORRECT ANSWER✔✔The process of using a mathematical algorithm against data to
produce a numeric value that is representative of that data. Source CNSSI 4009-2015
Information Sharing - CORRECT ANSWER✔✔The requirements for information sharing by an IT
system with one or more other IT systems or applications, for information sharing to support
multiple internal or external organizations, missions, or public programs. NIST SP 800-16
Ingress Monitoring - CORRECT ANSWER✔✔Monitoring of incoming network traffic.
Message Digest - CORRECT ANSWER✔✔A digital signature that uniquely identifies data and has
the property such that changing a single bit in the data will cause a completely different
message digest to be generated. NISTIR-8011 Vol.3
Operating System - CORRECT ANSWER✔✔The software "master control application" that runs
the computer. It is the first program loaded when the computer is turned on, and its main
component, the kernel, resides in memory at all times. The operating system sets the standards
for all application programs (such as the Web server) that run in the computer. The applications
communicate with the operating system for most user interface and file management
operations. NIST SP 800-44 Version 2
