Certified in Cybersecurity
Braindump CC ISC2
Braindump CC ISC2
Kartei Details
| Zusammenfassung | This flashcard set covers university-level cybersecurity concepts, focusing on access controls, security models, and risk management. It delves into various security principles like the CIA Triad, types of attacks such as phishing and ransomware, and technologies like firewalls and intrusion detection systems. Ideal for students and professionals aiming to enhance their understanding of cybersecurity practices and protocols, this flashcard set provides a comprehensive overview of essential security measures and ethical considerations in the field. |
|---|---|
| Karten | 200 |
| Lernende | 19 |
| Sprache | English |
| Kategorie | Informatik |
| Stufe | Universität |
| Erstellt / Aktualisiert | 18.08.2023 / 03.01.2026 |
| Weblink |
https://card2brain.ch/box/20230818_certified_in_cybersecurity
|
| Einbinden |
<iframe src="https://card2brain.ch/box/20230818_certified_in_cybersecurity/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
Lernkarteien erstellen oder kopieren
Mit einem Upgrade kannst du unlimitiert Lernkarteien erstellen oder kopieren und viele Zusatzfunktionen mehr nutzen.
Melde dich an, um alle Karten zu sehen.
While performing background checks on new employees, which of these can NEVER be an attribute for
discrimination?
A. References, education, political affiliation, employment history
B. Credit history, employment history, references
C. Criminal Records, credit history, references
D. Employment history, references, criminal records
A
A best practice when hiring new staff is to perform a background check, so as to minimize risks. A company can use discriminatory factors such as references, academic degrees, and employment, criminal, or credit history (although this is not very common). However, it is illegal to inquire about potential or current employees' political preferences
Which of these technologies is the LEAST effective means of preventing shared accounts?
A. Password complexity requirements
B. Requiring a one-time password via an application
C. Requiring biometric authentication
D. Requiring one-time passwords via a token
A
Which of these is an attack that encrypts the organization's information, and then demands payment for
the decryption code?
A. DDoS
B. Spoofing
C. Ransomware
D. Phishing
C
Which of these is NOT a best practice in access management?
A. Giving only the right amount of permission
B. Periodically assessing whether user permissions still apply
C. Requesting a justification when upgrading permission
D. Trust but verify
D
Which of these devices has the PRIMARILY objective of determining the most efficient path for the traffic
to flow across the networks?
A. Hubs
B. Switches
C. Firewalls
D. Routers
D
Which method is COMMONLY used to map live hosts in the network?
A. Wireshark
B. Ping sweep
C. Geolocation
D. Traceroute
B
Which type of attack attempts to mislead the user into exposing personal information by sending
fraudulent emails?
A. Denial of Service
B. Trojans
C. Phishing
D. Cross-Site Scripting
C
Which part of the CIA Triad will be PRIMARILY jeopardized in a Distributed Denial Of Service (DDOS)
attack?
A. Integrity
B. Availability
C. Confidentiality
D. Accountability
B
When an incident occurs, which of these is not a PRIMARY responsibility of an organization's response
team?
A. Determining whether any confidential information has been compromised over the course of the
entire incident
B. Implementing the recovery procedures necessary to restore security and recover from any incident -
related damage
C. Communicating with top management regarding the circumstances of the cybersecurity event
D. Determining the scope of the damage caused by the incident
C
While communicating with top management about the circumstances of the cybersecurity event is always important, it is not a primary responsibility of the response team. Indeed, the primary responsibility of the response team is to address the immediate impact of the incident, and to restore security as quickly as possible.
Which type of recovery site has some or most systems in place, but does not have the data needed
to take over operations?
A. A cold site
B. A cloud site
C. A hot site
D. A warm site
D
Which of these is NOT an effective way to protect an organization from cybercriminals?
A. Using firewalls
B. Removing or disabling unneeded services and protocols
C. Using up-to-date anti-malware software
D. Using intrusion detection and prevention systems
C
Which of these is part of the canons (ISC)² code of ethics?
A. Advance and protect the profession
B. Provide diligent and competent services to stakeholders
C. Act always in the best interest of your client
D. Prevent and detect unauthorized use of digital assets in a society
A
Which of these is NOT a best practice in access management?
A. Periodically assessing whether user permissions still apply
B. Giving only the right amount of permission
C. Trust but verify
D. Requesting a justification when upgrading permission
C
Which kind of physical access control is LESS effective at preventing unauthorized individual access to a
data center?
A. Bollards
B. Turnstiles
C. Barriers
D. Fences
A
Which of these types of credentials is NOT used in multi-factor authentication?
A. Something you are
B. Something you have
C. Something you trust
D. Something you know
C
'Something you know', such as a password or personal identification number (PIN); 'Something you have', such as a smart card or certificate; 'Something you are', which would be based on your physical characteristics, in which biometric reading may be used.
On a BYOD model, which of these technologies is best suited to keep corporate data and applications
separate from personal?
A. Full-device encryption
B. Containerization
C. Context-aware authentication
D. Biometrics
B
What is the most important difference between MAC and DAC?
A. In MAC, security administrators set the roles for the users; in DAC, roles are set at the object
owner’s discretion
B. In MAC, security administrators assign access permissions; in DAC, security administrators set user
roles
C. In MAC, access permissions are set at the object owner’s discretion; in DAC, it is up to security
administrators to assign access permissions
D. In MAC, security administrators assign access permissions; in DAC, access permissions are set at
the object owner’s discretion
D
In MAC systems, access to resources is granted or denied based on the resource's sensitivity and the user's clearance level, as determined by a central authority. This means that users cannot grant resource access to other users. In contrast, discretionary access control (DAC) is a type of access control in which access to resources is based on the discretion of the owner of the resource.
Which of these techniques is PRIMARILY used to ensure data integrity?
A. Backups
B. Hashing
C. Content Encryption
D. Message Digest
D
Which of these cloud deployment models is a combination of public and private cloud storage?
A. Community
B. Public
C. Private
D. Hybrid
D
Suppose that an organization wants to implement measures to strengthen its detective access controls.
Which one of these tools should they implement?
A. Backups
B. Patches
C. IDS
D. Encryption
C
Which of the following Cybersecurity concepts guarantees that information is accessible only to those authorized to access it?
Which type of attack has the PRIMARY objective of encrypting devices and their data, and then demanding a ransom payment for the decryption key?
In the event of a disaster, which of these should be the PRIMARY objective? ( )
According to ISC2, which are the six phases of data handling?
Which devices have the PRIMARY objective of collecting and analyzing security events?
Which of these is the PRIMARY objective of a Disaster Recovery Plan?
Which of the following areas is the most distinctive property of PHI?
Which of the following properties is NOT guaranteed by Digital Signatures?
A biometric reader that grants access to a computer system in a data center is a:
Which of the following documents contains elements that are NOT mandatory?
Which of the following are NOT types of security controls?
After an earthquake disrupting business operations, which document contains the procedures required to return business to normal operation?
Which of the following is NOT an ethical canon of the ISC2?
How many data labels are considered good practice?
Risk Management is:
According to the canon "Provide diligent and competent service to principals", ISC2 professionals are to:
Which of these is NOT a change management component?
Which of the following is not a protocol of the OSI Level 3?
Which of the following principles aims primarily at fraud detection?
Which tool is commonly used to sniff network traffic? ( )
-
- 1 / 200
-
