Please practice with the questions below first and then view the correct answer by clicking on the “View Answer” button. It includes the correct answer along with the explanation for the answer. This may help you to improve your preparation for the ISC2 CC exam.
1. Which type of attack consists of compromising the availability of a system or service through a malicious overload of requests?
A. Cross-site scripting
B. Trojans
C. Phishing
D. Denial of service
Answer: D. Denial of service
Explanation: Denial of service is a type of attack which consists of compromising the availability of a system or service through a malicious overload of requests, which causes the activation of safety mechanisms that delay or limit the availability of that system or service.
2. Which type of attack tries to maintain privilege-level access while concealing malicious activity?
A. Cross-site scripting
B. Rootkits
C. Phishing
D. Trojans
Answer: B. Rootkits
Explanation: Rootkits try to maintain privilege level access while concealing malicious activity. They often replace system files, so they are activated even the system is restarted.
3. Which tool is commonly used for password security auditing and password recovery?
A. nslookup
B. Wireshark
C. John the Ripper
D. Burp suite
Answer: C. John the Ripper
Explanation: John the Ripper is a famous open source password security auditing and password recovery tool.
4. Which of the following tools is used for querying the Domain Name System?
A. nslookup
B. Wireshark
C. John the Ripper
D. Burp suite
Answer: A. nslookup
Explanation: NSlookup is a network administration command-line tool for querying the Domain Name System that obtains the mapping between the domain name, IP address, or other DNS records.
5. The high-level documents that frame all ongoing activities of an organization are known as.
A. Procedures
B. Policies
C. Standards
D. Procedures
Answer: B. Policies
Explanation: Policies are the high-level documents that frame all ongoing activities of an organization
Read Also: Solved MCQ on TCP/IP and UDP in Computer Networks set-1
6. Which of the following documents are created by governing or professional bodies to support regulations?
A. Procedures
B. Policies
C. Standards
D. Regulations
Answer: C. Standards
Explanation: Standards are created by governing or professional bodies to support regulations
7. Which of the following documents are created outside of the organization?
A. Regulations
B. Standards
C. Both A and B
D. None of the above
Answer: C. Both A and B
Explanation: Both regulations and standards are created outside of the organization
8. Which device is used to filter traffic coming from the internet?
A. Firewall
B. Router
C. HIDS
D. SIEM
Answer: A. Firewall
Explanation: A firewall is a device that is used to filter traffic coming from the internet.
9. Which port is used for SMTP protocol?
A. 443
B. 25
C. 80
D. 69
Answer: B. 25
Explanation: Port 25 is used for SMTP protocol while port 80 is used for HTTP, port 443 is used for HTTPS and port 69 is used for TFTP.
10. Which of these has a written plan for recovering information systems in response to a major failure or disaster?
A. Business Continuity Plan
B. Business Impact Plan
C. Business Impact Analysis
D. Disaster Recovery Plan
Answer: D. Disaster Recovery Plan
Explanation: A disaster recovery plan is a written plan for recovering information systems in response to a major failure or disaster.
Read Also: Objective Questions on Transport Layer in OSI Model set-1
11. Which of the following is defined as a circumstance or event that can adversely impact organizational operations?
A. Likelihood
B. Impact
C. Threat
D. Vulnerability
Answer: C. Threat
Explanation: A threat is defined as a circumstance or event that can adversely impact organization operations.
12. Which of the following is an example of a technical security control?
A. No entry signs
B. Badge readers
C. Acceptable use policies
D. Access control lists
Answer: D. Access control lists
Explanation: An access control list is a type of technical security control while badge reader and “No entry” sign are examples of physical security controls. Policies are the examples of administrative security controls.
13. In change management, which component formalizes the change from the stakeholders’ point of view?
A. Recover from disaster
B. Rollback
C. Request for change
D. Request for approval
Answer: C. Request for change
Explanation: In change management, request for change (RFC) formalizes the change from the stakeholders point of view.
14. Which device has the PRIMARY objective of filtering incoming traffic?
A. SIEM
B. Routers
C. Firewalls
D. Hubs
Answer: C. Firewalls
Explanation: Among the options only the firewalls filters incoming traffic while routers and hubs only receive and forward traffic. Security Information and Event Management (SIEM) gather data from the components for information system.
15. Which of the following devices broadcast packets between ports so that all segments of LAN can see all packets?
A. Switches
B. Routers
C. Firewalls
D. Hubs
Answer: D. Hubs
Explanation: Hubs broadcast packets between ports so that all segments of LAN can see all packets while a switch can forward packets between network segments.
16. If you need to communicate privately within a public network, which network will you use?
A. VPN
B. Internal Network
C. DMZ
D. Intranet
Answer: A. VPN
Explanation: A virtual private network (VPN) creates secure tunnel between endpoints of public network through a dedicated private connection.
17. A written plan for recovering information systems in response to a major failure or disaster is known as.
A. Business Continuity Plan
B. Business Recovery Plan
C. Disaster Recovery Plan
D. Business Impact Analysis
Answer: C. Disaster Recovery Plan
Explanation: A written plan for recovering information systems in response to a major failure or disaster is known as Disaster Recovery Plan.
18. A cloud computing model where the cloud infrastructure is dedicated to a single organization is known as
A. Private Cloud
B. Community Cloud
C. Multi-tenant
D. Hybrid Cloud
Answer: A. Private Cloud
Explanation: A private cloud computing model where the cloud infrastructure is dedicated to a single organization.
19. Which of the following protocols should be used for speed and efficiency over reliability?
A. UDP
B. DHCP
C. SNMP
D. TCP
Answer: A. UDP
Explanation: UDP is used for speed and efficiency over reliability, so it cannot ensure a reliable connection.
20. A flaw causing an application to produce an unintended or unexpected result is a
A. Risk
B. Vulnerability
C. Bug
D. Threat
Answer: C. Bug
Explanation: A bug is a flaw causing an application to produce an unintended or unexpected result that may be exploitable.
Read Also: Top 100 MCQ Questions to Ask for ISC2 CC Certification set-1
