Certified in Cybersecurity
Braindump CC ISC2
Braindump CC ISC2
Fichier Détails
| Cartes-fiches | 200 |
|---|---|
| Utilisateurs | 19 |
| Langue | English |
| Catégorie | Informatique |
| Niveau | Université |
| Crée / Actualisé | 18.08.2023 / 11.06.2025 |
| Lien de web |
https://card2brain.ch/box/20230818_certified_in_cybersecurity
|
| Intégrer |
<iframe src="https://card2brain.ch/box/20230818_certified_in_cybersecurity/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
Requiring a specific user role to access resources is an example of:
A. DAC
B. ABAC
C. MAC
D. RBAC
D
Which of these types of malware self-replicates without the need for human intervention?
A. Worm
B. Virus
C. Trojan
D. Rootkit
A
Which of these is NOT a characteristic of an MSP implementation?
A. Manage all- in-house IT infrastructure
B. Monitor and respond to security incidents
C. Utilize expertise for the implementation of a product or service
D. Mediate, execute and decide top-level decisions
A
C
PCI-DSS (Payment Card Industry Data Security Standard) is a standard used in the payment card industry.
Which of these is LEAST likely to be installed by an infection?
A. Backdoor
B. Trojan
C. Logic Bomb
D. Keylogger
C
A logic bomb is a piece of code intentionally inserted into software that will activate after specific conditions are met. Logic bombs are typically embedded in legitimate software.
Which department in a company is NOT typically involved in a Disaster Recovery Plan (DRP)?
A. IT
B. Public Relations
C. Executive
D. Financial
D
An organization that uses a layered approach when designing its security architecture is using which of
these security approaches?
A. Network Control Access
B. Zero trust
C. Network Layers
D. Defense in depth
D
The PRIMARY objective of a security baseline is to establish ...
A. a minimum understood and acceptable level of security requirements
B. a maximum understood and an acceptable level of security requirements
C. security and configuration requirements
D. a minimum understood and a good level of security requirements
A
Which type of security control does NOT include CCTV cameras?
A. Deterrent
B. Detective
C. Corrective
D. Preventive
C
Acting ethically is mandatory for (ISC)² members. Which of these is NOT considered unethical?
A. Having fake social media profiles and accounts
B. Seeking to gain unauthorized access to resources on thae internet
C. Disrupting the intended use of the internet
D. Compromising the privacy of users
A
Which of these cannot be a corrective access control?
A. Patches
B. Backups
C. Bollards
D. CCTV cameras
C
Which of these Access Control Systems is commonly used in the military?
A. RBAC
B. DAC
C. ABAC
D. MAC
D
What is the PRIMARY objective of a degaussing?
A. Reducing noisy data on a disk
B. Preventing magnetic side-channel attacks
C. Retaining the data on a disk
D. Erasing the data on a disk
D
Which of these is not a common goal of a cybersecurity attacker?
A. Allocation
B. Alteration
C. Denial
D. Disclosure
A
Which of these is NOT a security principle?
A. Zero Trust model
B. Separation of Duties
C. Least Privilege
D. Security in Depth (SID)
D
Security in Depth (SID) is not a security principle, but a security model that involves implementing multiple layers of security controls, so as to protect against threats and reduce the risk of a successful attack. In Security in Depth, the idea is to create a multi-layered defense system that includes both technical controls (such as firewalls and intrusion detection systems) and administrative controls (such as policies and procedures).
Which cloud service model provides the most suitable environment for customers who want to install
their custom operating system?
A. IaaS
B. SLA
C. SaaS
D. PaaS
A
Infrastructure as a Service (IaaS) is a cloud service model that allows the customer to manage the computing resources (including the operating systems).
When looking for cybersecurity insurance, which of these is the MOST IMPORTANT objective?
A. Risk transference
B. Risk spreading
C. Risk avoidance
D. Risk acceptance
A
The purpose of any insurance is to transfer risk from one party to another. The insurer is obligated to indemnify the insured for a loss caused by an unexpected event, over the course of a definite and mutually-agreed period of time.
A security professional should report violations of a company's security policy to:
A. Company management
B. The ISC Ethics Committee
C. National authorities
D. A court of law
A
Which of these statements is TRUE about cybersquatting?
A. It is an illegal practice
B. It is s a legal practice
C. Its an unethical practice but everyone does it
D. It is partially illegal practice
A
Cybersquatting (also known as domain squatting) is the practice of speculatively registering and then selling (typically at a high price) a domain name, with the intent of profiting from someone else's trademark.
Which kind of document outlines the procedures ensuring that vital company systems keep running
during business-disrupting events?
A. Business Impact Plan
B. Business Continuity Plan
C. Business Impact Analysis
D. Disaster Recovery Plan
B
A Business Continuity Plan (BCP) is a predetermined set of instructions describing how an organization's business processes will be sustained during and after a significant disruption
While performing background checks on new employees, which of these can NEVER be an attribute for
discrimination?
A. References, education, political affiliation, employment history
B. Credit history, employment history, references
C. Criminal Records, credit history, references
D. Employment history, references, criminal records
A
A best practice when hiring new staff is to perform a background check, so as to minimize risks. A company can use discriminatory factors such as references, academic degrees, and employment, criminal, or credit history (although this is not very common). However, it is illegal to inquire about potential or current employees' political preferences
Which of these technologies is the LEAST effective means of preventing shared accounts?
A. Password complexity requirements
B. Requiring a one-time password via an application
C. Requiring biometric authentication
D. Requiring one-time passwords via a token
A
Which of these is an attack that encrypts the organization's information, and then demands payment for
the decryption code?
A. DDoS
B. Spoofing
C. Ransomware
D. Phishing
C
Which of these is NOT a best practice in access management?
A. Giving only the right amount of permission
B. Periodically assessing whether user permissions still apply
C. Requesting a justification when upgrading permission
D. Trust but verify
D
Which of these devices has the PRIMARILY objective of determining the most efficient path for the traffic
to flow across the networks?
A. Hubs
B. Switches
C. Firewalls
D. Routers
D
Which method is COMMONLY used to map live hosts in the network?
A. Wireshark
B. Ping sweep
C. Geolocation
D. Traceroute
B
Which type of attack attempts to mislead the user into exposing personal information by sending
fraudulent emails?
A. Denial of Service
B. Trojans
C. Phishing
D. Cross-Site Scripting
C
Which part of the CIA Triad will be PRIMARILY jeopardized in a Distributed Denial Of Service (DDOS)
attack?
A. Integrity
B. Availability
C. Confidentiality
D. Accountability
B
When an incident occurs, which of these is not a PRIMARY responsibility of an organization's response
team?
A. Determining whether any confidential information has been compromised over the course of the
entire incident
B. Implementing the recovery procedures necessary to restore security and recover from any incident -
related damage
C. Communicating with top management regarding the circumstances of the cybersecurity event
D. Determining the scope of the damage caused by the incident
C
While communicating with top management about the circumstances of the cybersecurity event is always important, it is not a primary responsibility of the response team. Indeed, the primary responsibility of the response team is to address the immediate impact of the incident, and to restore security as quickly as possible.
Which type of recovery site has some or most systems in place, but does not have the data needed
to take over operations?
A. A cold site
B. A cloud site
C. A hot site
D. A warm site
D
Which of these is NOT an effective way to protect an organization from cybercriminals?
A. Using firewalls
B. Removing or disabling unneeded services and protocols
C. Using up-to-date anti-malware software
D. Using intrusion detection and prevention systems
C
Which of these is part of the canons (ISC)² code of ethics?
A. Advance and protect the profession
B. Provide diligent and competent services to stakeholders
C. Act always in the best interest of your client
D. Prevent and detect unauthorized use of digital assets in a society
A
Which of these is NOT a best practice in access management?
A. Periodically assessing whether user permissions still apply
B. Giving only the right amount of permission
C. Trust but verify
D. Requesting a justification when upgrading permission
C
Which kind of physical access control is LESS effective at preventing unauthorized individual access to a
data center?
A. Bollards
B. Turnstiles
C. Barriers
D. Fences
A
Which of these types of credentials is NOT used in multi-factor authentication?
A. Something you are
B. Something you have
C. Something you trust
D. Something you know
C
'Something you know', such as a password or personal identification number (PIN); 'Something you have', such as a smart card or certificate; 'Something you are', which would be based on your physical characteristics, in which biometric reading may be used.
On a BYOD model, which of these technologies is best suited to keep corporate data and applications
separate from personal?
A. Full-device encryption
B. Containerization
C. Context-aware authentication
D. Biometrics
B
What is the most important difference between MAC and DAC?
A. In MAC, security administrators set the roles for the users; in DAC, roles are set at the object
owner’s discretion
B. In MAC, security administrators assign access permissions; in DAC, security administrators set user
roles
C. In MAC, access permissions are set at the object owner’s discretion; in DAC, it is up to security
administrators to assign access permissions
D. In MAC, security administrators assign access permissions; in DAC, access permissions are set at
the object owner’s discretion
D
In MAC systems, access to resources is granted or denied based on the resource's sensitivity and the user's clearance level, as determined by a central authority. This means that users cannot grant resource access to other users. In contrast, discretionary access control (DAC) is a type of access control in which access to resources is based on the discretion of the owner of the resource.
Which of these techniques is PRIMARILY used to ensure data integrity?
A. Backups
B. Hashing
C. Content Encryption
D. Message Digest
D
Which of these cloud deployment models is a combination of public and private cloud storage?
A. Community
B. Public
C. Private
D. Hybrid
D
Suppose that an organization wants to implement measures to strengthen its detective access controls.
Which one of these tools should they implement?
A. Backups
B. Patches
C. IDS
D. Encryption
C
