Certified in Cybersecurity
Braindump CC ISC2
Braindump CC ISC2
Fichier Détails
| Cartes-fiches | 200 |
|---|---|
| Utilisateurs | 19 |
| Langue | English |
| Catégorie | Informatique |
| Niveau | Université |
| Crée / Actualisé | 18.08.2023 / 11.06.2025 |
| Lien de web |
https://card2brain.ch/box/20230818_certified_in_cybersecurity
|
| Intégrer |
<iframe src="https://card2brain.ch/box/20230818_certified_in_cybersecurity/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
At which of the OSI layers do TCP and UDP work?
A. Physical Layer
B. Application Layer
C. Transport Layer
D. Session Layer
C
Which of these is an example of a privacy breach?
A. Any observable occurrence in a network or system
B. Access of private information by an unauthorized person
C. Being exposed to the possibility of attack
D. Unavailability of critical systems
B
During the investigation of an incident, which security policies are more likely to cause difficulties?
A. Configuration standards
B. Incident response policies
C. Communication policies
D. Retention policies
D
For many organizations, retention policies entail keeping data only for a limited time. Because of the high costs of data storage capacity, organizations maintain specific logs only for a short period of time and keep other data records for more extended periods (months to years).
What is the primary goal of a Change Management Policy?
A. To guarantee that system changes are performed without negatively affecting business operations
B. To standardize the creation of the organization's network and computer systems
C. To standardize the usage of the organization's network and computer systems
D. To guarantee that systems are up to date with the latest security patch
A
The PRIMARY objective of a business continuity plan is:
A. To assess the impact of disruption to the business
B. To sustain business operations while recovering from a disruption
C. To restore the business to the full last-known reliable state of operations
D. To regularly verify whether the organization complies with applicable regulations
B
In the event of non-compliance, which of these can have considerable financial consequences for an
organization?
A. Regulations
B. Standards
C. Guidelines
D. Policies
A
Which of these documents is MORE directly related to what can be done with a system or with its
information?
A. MOA
B. MOU
C. SLA
D. ROE
B
Which of these enables point-to-point online communication over an untrusted network?
A. Router
B. VPN
C. Firewall
D. VLAN
B
A USB pen with data passed around the office is an example of:
A. Data in use
B. Data in motion
C. Data in transit
D. Data at rest
D
Data at rest is stored data that resides on hard drives, on tapes, in the cloud, or on other storage media like (in this case) a USB pen
Which of these is included in an SLA document?
A. Instructions on data ownership and destruction
B. A plan to prepare the organization for the continuation of critical business functions
C. Instructions to detect, respond to, and limit the consequences of a cyber-attack
D. A plan to keep business operations going while recovering from a significant disruption
A
A Service Level Agreement (SLA) is a contract between a service provider and a customer which defines the level of service that the provider will deliver. It must include instructions on data ownership and destruction, in order to ensure that sensitive data is properly protected.
An organization needs a network security tool that detects and acts in the event of malicious activity.
Which of these tools will BEST meet their needs?
A. Firewall
B. Router
C. IDS
D. IPS
D
Which of these types of layers is NOT part of the TCP/IP model?
A. Internet
B. Physical
C. Application
D. Transport
B
When analyzing risks, which of these activities is required?
A. Accepting all evaluated risks
B. Selecting the appropriate controls
C. Identifying risks associated with loss of confidentiality
D. Determining the likelihood of occurrence of a set of risks
D
Determining the likelihood of occurrence of a set of risks involves estimating the likelihood that the identified risks will occur, along with the potential impact it could have on the organization. Once the likelihood of occurrence has been determined, the next step is to select the appropriate controls to mitigate those risks, such as encryption, access controls, or administrative controls
A backup that captures the changes made since the latest full backup is an example of:
A. A backup snapshot
B. A full backup
C. A differential backup
D. An incremental backup
C
Which of these is an attack whose PRIMARY goal is to gain access to a target system through falsified
identity?
A. Ransomware
B. Amplification
C. Spoofing
D. DDoS
C
A poster reminding the best password management practices is an example of which type of learning
activity?
A. Education
B. Schooling
C. Training
D. Awareness
D
A high-level executive of an organization receives a malicious email that tries to trick him. Which attack
is the perpetrator using?
A. DDOS
B. Phishing
C. Spear phishing
D. Whaling
D
Which of these addresses is commonly reserved specifically for broadcasting?
A. 192.299.121.254
B. 192.299.121.0
C. 192.299.121.255
D. 192.299.121.14
C
Which of these terms refers to a collection of fixes?
A. Patch
B. Service Pack
C. Hotfix
D. Downgrade
B
Which of these entities is responsible for signing an organization's policies?
A. Human Resources
B. Financial Department
C. Security engineer
D. Senior management
D
Senior management is typically responsible for setting the organization's overall direction and strategy, and for ensuring that policies and procedures are in place to support that strategy
In a DAC policy scenario, which of these tasks can only be performed by a subject granted access to
information?
A. Modifying the information
B. Changing security attributes
C. Executing the information
D. Reading the information
B
As a principle, users can perform Read, Write and Execute actions with every Access Control policy. However, in discretionary access control policies, the permissions associated with each object (files or system resources) are set by the object's owner.
Which of these types of documents is usually THE LEAST formal?
A. Regulations
B. Guidelines
C. Standards
D. Policies
B
The best defense method to stop a 'Replay Attack' is to:
A. Use an IPSec VPN
B. Use a Firewall
C. Use message digesting
D. Use password authentication
A
What does redundancy mean in the context of cybersecurity?
A. Designing systems with robust components, so that the organization has more attack resilience
B. Conceiving systems with duplicate components so that, if a failure occurs, there will be a backup
C. Conceiving systems with only the most necessary components, so that the organization has just the
necessary risks.
D. Conceiving systems with less attack surface, so that the attacker has less chance of success
B
What does the term 'data remanence' refer?
A. Data in use that can't be encrypted
B. Files saved locally that can't be remoted accessed
C. Data left over after routine removal and deletion
D. All of the data in a system
C
Which of these is an example of a MAC address?
A. 2001 : db8: 3333 : 4444 : 5555 : 6666 : 7777 : 8888
B. 0051021f58
C. 10.23.19.49
D. 00-51-02-1F-58-F6
D
Which of these attacks take advantage of inadequate input validation in websites?
A. Cross-Site Scripting
B. Rootkits
C. Trojans
D. Phishing
A
A security consultant hired to design the security policies for the PHI within an organization will be
primarily handling:
A. Personal Health information
B. Protected Health information
C. Procedural Health information
D. Public Health information
B
Which port number corresponds to the Simple Mail Transfer Protocol (SMTP)?
A. 69
B. 25
C. 22
D. 161
B
What does the term LAN refer to?
A. A device that connects multiple other devices in a network
B. A network on a building or limited geographical area
C. A tool to manage and control network traffic, as well as to protect a network.
D. A long-distance connection between geographically-distant networks
B
Which one of these tools is MOST likely to detect an XSS vulnerability?
A. Web application vulnerability scanner
B. Static application test
C. Network vulnerability scanner
D. Intrusion detection system
A
Which of these is a type of corrective security control?
A. Patches
B. Guidelines
C. Encryption
D. Intrusion detection systems
A
Which is the PRIMARY focus of the ISO 27002 standard?
A. Health Insurance Portability and Accountability Act (HIPAA)
B. Information Security Management System (ISMS)
C. Risk Management
D. Application Security
B
When a company collects PII, which policy is required?
A. Privacy Policy
B. GDPR
C. Acceptable Use Policy
D. Remote Access Policy
A
Which of these is NOT a characteristic of the cloud?
A. Zero Customer Responsibility
B. Measured Service
C. Broad Network Access
D. Rapid Elasticity
A
In the event of a disaster, what should be the PRIMARY objective?
A. Guarantee the safety of people
B. Protect the production database
C. Guarantee the continuity of critical systems
D. Apply disaster communication
A
Which of these is a COMMON mistake made when implementing record retention policies?
A. Applying shorter retention periods to the information
B. Not categorizing the type of information to be retained
C. Applying the longest retention periods to the information
D. Not labeling the type of information to be retained
C
Which of these properties is NOT guaranteed by a Message Authentication Code (MAC)?
A. Authenticity
B. Non-repudiation
C. Integrity
D. Anonymity
D
Which of these is NOT a type of malware?
A. Trojan
B. Rootkit
C. Spoofing
D. Worm
C
Spoofing is not a type of malware. Spoofing is an attack whose primary goal is to gain access to a target system through a falsified identity
In an incident response process, which phase uses indicators of compromise and log analysis as part of
a review of events?
A. Containment
B. Identification
C. Preparation
D. Eradication
B
