CS/IT MCQ Collections

ISC2 CC Exam Commonly Asked 100 MCQ Questions set-2

Pinterest LinkedIn Tumblr
Here is the collection of commonly asked MCQ Questions on CyberSecurity for the ISC2 CC exam. It is the second set within the series of top 100 MCQ questions created for ISC2 CC exam preparation. It includes objective questions including the fundamental concepts of cybersecurity principles, risk management process, different types of security controls, governance elements, and the ISC2 code of ethics.

Please practice with the questions below first and then view the correct answer by clicking on the “View Answer” button. It includes the correct answer along with the explanation for the answer. This may help you to improve your preparation for the ISC2 CC exam.

1. Which type of attack consists of compromising the availability of a system or service through a malicious overload of requests?
A. Cross-site scripting
B. Trojans
C. Phishing
D. Denial of service

Answer: D. Denial of service

Explanation: Denial of service is a type of attack which consists of compromising the availability of a system or service through a malicious overload of requests, which causes the activation of safety mechanisms that delay or limit the availability of that system or service.

2. Which type of attack tries to maintain privilege-level access while concealing malicious activity?
A. Cross-site scripting
B. Rootkits
C. Phishing
D. Trojans

Answer: B. Rootkits

Explanation: Rootkits try to maintain privilege level access while concealing malicious activity. They often replace system files, so they are activated even the system is restarted.

3. Which tool is commonly used for password security auditing and password recovery?
A. nslookup
B. Wireshark
C. John the Ripper
D. Burp suite

Answer: C. John the Ripper

Explanation: John the Ripper is a famous open source password security auditing and password recovery tool.

4. Which of the following tools is used for querying the Domain Name System?
A. nslookup
B. Wireshark
C. John the Ripper
D. Burp suite

Answer: A. nslookup

Explanation: NSlookup is a network administration command-line tool for querying the Domain Name System that obtains the mapping between the domain name, IP address, or other DNS records.

5. The high-level documents that frame all ongoing activities of an organization are known as.
A. Procedures
B. Policies
C. Standards
D. Procedures

Answer: B. Policies

Explanation: Policies are the high-level documents that frame all ongoing activities of an organization

Read Also: Solved MCQ on TCP/IP and UDP in Computer Networks set-1

6. Which of the following documents are created by governing or professional bodies to support regulations?
A. Procedures
B. Policies
C. Standards
D. Regulations

Answer: C. Standards

Explanation: Standards are created by governing or professional bodies to support regulations

7. Which of the following documents are created outside of the organization?
A. Regulations
B. Standards
C. Both A and B
D. None of the above

Answer: C. Both A and B

Explanation: Both regulations and standards are created outside of the organization

8. Which device is used to filter traffic coming from the internet?
A. Firewall
B. Router
C. HIDS
D. SIEM

Answer: A. Firewall

Explanation: A firewall is a device that is used to filter traffic coming from the internet.

9. Which port is used for SMTP protocol?
A. 443
B. 25
C. 80
D. 69

Answer: B. 25

Explanation: Port 25 is used for SMTP protocol while port 80 is used for HTTP, port 443 is used for HTTPS and port 69 is used for TFTP.

10. Which of these has a written plan for recovering information systems in response to a major failure or disaster?
A. Business Continuity Plan
B. Business Impact Plan
C. Business Impact Analysis
D. Disaster Recovery Plan

Answer: D. Disaster Recovery Plan

Explanation: A disaster recovery plan is a written plan for recovering information systems in response to a major failure or disaster.

Read Also: Objective Questions on Transport Layer in OSI Model set-1

11. Which of the following is defined as a circumstance or event that can adversely impact organizational operations?
A. Likelihood
B. Impact
C. Threat
D. Vulnerability

Answer: C. Threat

Explanation: A threat is defined as a circumstance or event that can adversely impact organization operations.

12. Which of the following is an example of a technical security control?
A. No entry signs
B. Badge readers
C. Acceptable use policies
D. Access control lists

Answer: D. Access control lists

Explanation: An access control list is a type of technical security control while badge reader and “No entry” sign are examples of physical security controls. Policies are the examples of administrative security controls.

13. In change management, which component formalizes the change from the stakeholders’ point of view?
A. Recover from disaster
B. Rollback
C. Request for change
D. Request for approval

Answer: C. Request for change

Explanation: In change management, request for change (RFC) formalizes the change from the stakeholders point of view.

14. Which device has the PRIMARY objective of filtering incoming traffic?
A. SIEM
B. Routers
C. Firewalls
D. Hubs

Answer: C. Firewalls

Explanation: Among the options only the firewalls filters incoming traffic while routers and hubs only receive and forward traffic. Security Information and Event Management (SIEM) gather data from the components for information system.

15. Which of the following devices broadcast packets between ports so that all segments of LAN can see all packets?
A. Switches
B. Routers
C. Firewalls
D. Hubs

Answer: D. Hubs

Explanation: Hubs broadcast packets between ports so that all segments of LAN can see all packets while a switch can forward packets between network segments.

16. If you need to communicate privately within a public network, which network will you use?
A. VPN
B. Internal Network
C. DMZ
D. Intranet

Answer: A. VPN

Explanation: A virtual private network (VPN) creates secure tunnel between endpoints of public network through a dedicated private connection.

17. A written plan for recovering information systems in response to a major failure or disaster is known as.
A. Business Continuity Plan
B. Business Recovery Plan
C. Disaster Recovery Plan
D. Business Impact Analysis

Answer: C. Disaster Recovery Plan

Explanation: A written plan for recovering information systems in response to a major failure or disaster is known as Disaster Recovery Plan.

18. A cloud computing model where the cloud infrastructure is dedicated to a single organization is known as
A. Private Cloud
B. Community Cloud
C. Multi-tenant
D. Hybrid Cloud

Answer: A. Private Cloud

Explanation: A private cloud computing model where the cloud infrastructure is dedicated to a single organization.

19. Which of the following protocols should be used for speed and efficiency over reliability?
A. UDP
B. DHCP
C. SNMP
D. TCP

Answer: A. UDP

Explanation: UDP is used for speed and efficiency over reliability, so it cannot ensure a reliable connection.

20. A flaw causing an application to produce an unintended or unexpected result is a
A. Risk
B. Vulnerability
C. Bug
D. Threat

Answer: C. Bug

Explanation: A bug is a flaw causing an application to produce an unintended or unexpected result that may be exploitable.

We have created a YouTube video on these questions. Please watch it, subscribe to our channel for future videos, and comment at the comment session below.

ISC2 CC Exam Commonly Asked 100 MCQ Questions Part 2: Ace Your Certification Preparation

Read Also: Top 100 MCQ Questions to Ask for ISC2 CC Certification set-1

Please follow and like us:
RSS
Follow by Email
X (Twitter)
Visit Us
Follow Me
YouTube
YouTube
LinkedIn
linkedIn | ISC2 CC Exam Commonly Asked 100 MCQ Questions set-2
Share

Author

Shuseel Baral is a web programmer and the founder of InfoTechSite has over 8 years of experience in software development, internet, SEO, blogging and marketing digital products and services is passionate about exceeding your expectations.

Write A Comment

RSS
Follow by Email
X (Twitter)
Visit Us
Follow Me
YouTube
YouTube
LinkedIn
Share