Certified in Cybersecurity ISC CC
Exam 2025 With 100% Correct
Answers
Adequate Security - CORRECT ANSWER✔✔Security commensurate with the risk and the
magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of
information.
Administrative Controls - CORRECT ANSWER✔✔Controls implemented through policy and
procedures. Examples include access control processes and requiring multiple personnel to
conduct a specific operation. Administrative controls in modern environments are often
enforced in conjunction with physical and/or technical controls, such as an access-granting
policy for new users that requires login and approval by the hiring manager.
Artificial Intelligence - CORRECT ANSWER✔✔The ability of computers and robots to simulate
human intelligence and behavior.
Asset - CORRECT ANSWER✔✔Anything of value that is owned by an organization. Assets include
both tangible items such as information systems and physical property and intangible assets
such as intellectual property.
Authentication - CORRECT ANSWER✔✔Access control process validating that the identity being
claimed by a user or entity is known to the system, by comparing one (single factor or SFA) or
more (multi-factor authentication or MFA) factors of identification.
Authorization - CORRECT ANSWER✔✔The right or a permission that is granted to a system
entity to access a system resource. NIST 800-82 Rev.2
,Token - CORRECT ANSWER✔✔A physical object a user possesses and controls that is used to
authenticate the user's identity. Source: NISTIR 7711
Vulnerability - CORRECT ANSWER✔✔Weakness in an information system, system security
procedures, internal controls or implementation that could be exploited by a threat source.
Source: NIST SP 800-30 Rev 1
Threat - CORRECT ANSWER✔✔Any circumstance or event with the potential to adversely
impact organizational operations (including mission, functions, image or reputation),
organizational assets, individuals, other organizations or the nation through an information
system via unauthorized access, destruction, disclosure, modification of information and/or
denial of service. Source: NIST SP 800-30 Rev 1
Threat Vector - CORRECT ANSWER✔✔An individual or a group that attempts to exploit
vulnerabilities to cause or force a threat to occur.
Technical Controls - CORRECT ANSWER✔✔Security controls (i.e., safeguards or
countermeasures) for an information system that are primarily implemented and executed by
the information system through mechanisms contained in the hardware, software or firmware
components of the system.
System Integrity - CORRECT ANSWER✔✔The quality that a system has when it performs its
intended function in an unimpaired manner, free from unauthorized manipulation of the
system, whether intentional or accidental. Source: NIST SP 800-27 Rev. A
Availability - CORRECT ANSWER✔✔Ensuring timely and reliable access to and use of
information by authorized users.
Single-Factor Authentication - CORRECT ANSWER✔✔Use of just one of the three available
factors (something you know, something you have, something you are) to carry out the
authentication process being requested.
, Baseline - CORRECT ANSWER✔✔A documented, lowest level of security configuration allowed
by a standard or organization.
State - CORRECT ANSWER✔✔The condition an entity is in at a point in time.
Bot - CORRECT ANSWER✔✔Malicious code that acts like a remotely controlled "robot" for an
attacker, with other Trojan and worm capabilities.
Sensitivity - CORRECT ANSWER✔✔A measure of the importance assigned to information by its
owner, for the purpose of denoting its need for protection. Source: NIST SP 800-60 Vol 1 Rev 1
Classified or Sensitive Information - CORRECT ANSWER✔✔Information that has been
determined to require protection against unauthorized disclosure and is marked to indicate its
classified status and classification level when in documentary form.
Risk Treatment - CORRECT ANSWER✔✔The determination of the best way to address an
identified risk.
Confidentiality - CORRECT ANSWER✔✔The characteristic of data or information when it is not
made available or disclosed to unauthorized persons or processes. NIST 800-66
Security Controls - CORRECT ANSWER✔✔The management, operational and technical controls
(i.e., safeguards or countermeasures) prescribed for an information system to protect the
confidentiality, integrity and availability of the system and its information. Source: FIPS PUB 199
Criticality - CORRECT ANSWER✔✔A measure of the degree to which an organization depends
on the information or information system for the success of a mission or of a business function.
NIST SP 800-60 Vol. 1, Rev. 1
Exam 2025 With 100% Correct
Answers
Adequate Security - CORRECT ANSWER✔✔Security commensurate with the risk and the
magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of
information.
Administrative Controls - CORRECT ANSWER✔✔Controls implemented through policy and
procedures. Examples include access control processes and requiring multiple personnel to
conduct a specific operation. Administrative controls in modern environments are often
enforced in conjunction with physical and/or technical controls, such as an access-granting
policy for new users that requires login and approval by the hiring manager.
Artificial Intelligence - CORRECT ANSWER✔✔The ability of computers and robots to simulate
human intelligence and behavior.
Asset - CORRECT ANSWER✔✔Anything of value that is owned by an organization. Assets include
both tangible items such as information systems and physical property and intangible assets
such as intellectual property.
Authentication - CORRECT ANSWER✔✔Access control process validating that the identity being
claimed by a user or entity is known to the system, by comparing one (single factor or SFA) or
more (multi-factor authentication or MFA) factors of identification.
Authorization - CORRECT ANSWER✔✔The right or a permission that is granted to a system
entity to access a system resource. NIST 800-82 Rev.2
,Token - CORRECT ANSWER✔✔A physical object a user possesses and controls that is used to
authenticate the user's identity. Source: NISTIR 7711
Vulnerability - CORRECT ANSWER✔✔Weakness in an information system, system security
procedures, internal controls or implementation that could be exploited by a threat source.
Source: NIST SP 800-30 Rev 1
Threat - CORRECT ANSWER✔✔Any circumstance or event with the potential to adversely
impact organizational operations (including mission, functions, image or reputation),
organizational assets, individuals, other organizations or the nation through an information
system via unauthorized access, destruction, disclosure, modification of information and/or
denial of service. Source: NIST SP 800-30 Rev 1
Threat Vector - CORRECT ANSWER✔✔An individual or a group that attempts to exploit
vulnerabilities to cause or force a threat to occur.
Technical Controls - CORRECT ANSWER✔✔Security controls (i.e., safeguards or
countermeasures) for an information system that are primarily implemented and executed by
the information system through mechanisms contained in the hardware, software or firmware
components of the system.
System Integrity - CORRECT ANSWER✔✔The quality that a system has when it performs its
intended function in an unimpaired manner, free from unauthorized manipulation of the
system, whether intentional or accidental. Source: NIST SP 800-27 Rev. A
Availability - CORRECT ANSWER✔✔Ensuring timely and reliable access to and use of
information by authorized users.
Single-Factor Authentication - CORRECT ANSWER✔✔Use of just one of the three available
factors (something you know, something you have, something you are) to carry out the
authentication process being requested.
, Baseline - CORRECT ANSWER✔✔A documented, lowest level of security configuration allowed
by a standard or organization.
State - CORRECT ANSWER✔✔The condition an entity is in at a point in time.
Bot - CORRECT ANSWER✔✔Malicious code that acts like a remotely controlled "robot" for an
attacker, with other Trojan and worm capabilities.
Sensitivity - CORRECT ANSWER✔✔A measure of the importance assigned to information by its
owner, for the purpose of denoting its need for protection. Source: NIST SP 800-60 Vol 1 Rev 1
Classified or Sensitive Information - CORRECT ANSWER✔✔Information that has been
determined to require protection against unauthorized disclosure and is marked to indicate its
classified status and classification level when in documentary form.
Risk Treatment - CORRECT ANSWER✔✔The determination of the best way to address an
identified risk.
Confidentiality - CORRECT ANSWER✔✔The characteristic of data or information when it is not
made available or disclosed to unauthorized persons or processes. NIST 800-66
Security Controls - CORRECT ANSWER✔✔The management, operational and technical controls
(i.e., safeguards or countermeasures) prescribed for an information system to protect the
confidentiality, integrity and availability of the system and its information. Source: FIPS PUB 199
Criticality - CORRECT ANSWER✔✔A measure of the degree to which an organization depends
on the information or information system for the success of a mission or of a business function.
NIST SP 800-60 Vol. 1, Rev. 1
