InfoTechSite|IT Tutorials, MCQs, and Quizzes

CS/IT MCQ Collections

ISC2 CC Exam Preparation: Top 100 Must-Know Questions Set-3

Pinterest LinkedIn Tumblr Reddit WhatsApp
Are you preparing for the ISC2 CC exam or planning to attend the ISC2 CC certification exam? In this article, I will present the most important questions I have practiced during my ISC2 CC exam preparation. It is the third set of the top 100 ISC2 CC exam preparation questions. It consists of objective questions about fundamental cybersecurity principles, the risk management process, several security measures, governance elements, and the ISC2 code of ethics.

Please practice the questions below before clicking the “View Answer” button to see the right answer. It contains both the right response and the justification for it. You might be able to better prepare for the ISC2 CC exam with this.

1. Which security principle specifies that no user should ever be granted sufficient privileges to abuse the system?
A. Defense in Depth
B. Least Privilege
C. Separation of Duties
D. Privileged Accounts

Answer: C. Separation of Duties

Explanation: Separation of duties states that no user should ever be granted sufficient privileges to abuse the system.

2. Which access control model leaves a certain level of access control to the object owner’s discretion?
A. DAC
B. MAC
C. RBAC
D. ABAC

Answer: A. DAC

Explanation: Discretionary Access Control (DAC) leaves a certain level of access control to the object owner’s discretion.

3. In risk management, the lowest priority is given to a risk where:
A. The likelihood of occurrence is low, but the expected impact is high.
B. The possibility of occurrence is high, but the potential impact is low.
C. The frequency of occurrence is high, but the projected impact is low.
D. The estimated chance of occurrence and possible impact are both low.

Answer: D. The estimated chance of occurrence and possible impact are both low.

Explanation: The highest priority is given to risks estimated to have a high impact and high probability whereas the lowest priority is given to risks having a low probability of occurrence and having a low impact.

4. A type of software that appears authentic but has hidden malicious tasks is an example of …
A. Rootkits
B. Whaling
C. Trojans
D. Phishing

Answer: C. Trojans

Explanation: Trojans are software programs that look authentic but actually perform harmful tasks that circumvent security measures.

5. Which type of attack attempts to compromise the availability of a system or service through a malicious overload of requests?
A. Trojans
B. Denials of service
C. Cross-site scripting
D. Phishing

Answer: B. Denials of service

Explanation: A denial of service attack (DOS) is defined as compromising the availability of a system or service by a malicious overload of requests, which causes safety systems to hold off or prevent the system’s or service’s availability.

Read Also: Top 100 Must-Know MCQ Questions for ISC2 CC Exam Preparation set-1

6. Which cloud model enables the provisioning of applications, programming libraries, services, and tools?
A. IaaS
B. PaaS
C. FaaS
D. SaaS

Answer: B. PaaS

Explanation: Platform as a service (PaaS) enables the provisioning of applications, programming libraries, services, and tools.

7. How many layers exist in the TCP/IP model?
A. 5
B. 6
C. 4
D. 7

Answer: C. 4

Explanation: The TCP/IP model consists of four layers: the Network Layer, the Internet Layer, the Transport Layer, and the Application Layer.

8. Which protocol uses two-way communication?
A. SNMP
B. UDP
C. TCP
D. SMTP

Answer: D. SMTP

Explanation: Simple Mail Transfer Protocol (SMTP) uses a two-way handshake to send emails.

9. Which of the following is an administrative security control example?
A. Bollards
B. Fences
C. Turnstiles
D. Guidelines

Answer: D. Guidelines

Explanation: Guidelines are the type of administrative security controls while bollards, fences and turnstiles are the physical security controls.

10. The inability to dispute the production, approval, or transmission of information is known as?
A. Authentication
B. Non-Repudiation
C. Confidentiality
D. Integrity

Answer: B. Non-Repudiation

Explanation: Non-repudiation is the inability to dispute the production, approval, or transfer of information.

Read Also: ISC2 CC Exam Preparation: 100 Frequently Asked MCQ Questions set-2

11. Which cybersecurity concept concerns the maintenance of data consistency, correctness, and trustworthiness?
A. Accessibility
B. Authentication
C. Confidentiality
D. Integrity

Answer: D. Integrity

Explanation: In cybersecurity, Integrity concerns the maintenance of data consistency, correctness, and trustworthiness of data.

12. The property of data being consistently and readily accessible to the parties authorized to access it is known as?
A. Availability
B. Accessibility
C. Confidentiality
D. Non-repudiation

Answer: A. Availability

Explanation: Availability is the property of data being consistently and readily accessible to the parties authorized to access.

13. Which of the following is a Disaster Recovery Plan?
A. A plan for data ownership and destruction.
B. A plan to detect, respond to, and minimize the adverse effects of a cyber-attack
C. A plan for maintaining business operations while recovering after a substantial disruption.
D. A plan to prepare the organization for the continuance of vital business functions.

Answer: D. A plan to prepare the organization for the continuance of vital business functions.

Explanation: A plan to prepare the organization for the continuance of vital business functions is called a Disaster Recovery Plan.

14. Requiring a complex attribute rule to access resources is an example of:
A. DAC
B. RBAC
C. ABAC
D. MAC

Answer: C. ABAC

Explanation: Attribute-Based Access Control (ABAC) needs a complex attribute rule to access resources.

15. Which of these malicious features listens for commands on a specific logical port?
A. Backdoor
B. Trojan
C. Keylogger
D. Logic Bomb

Answer: A. Backdoor

Explanation: A backdoor is a malicious feature that listens for commands on a specific logical port.

16. Which of the following devices routes all incoming data packets to all connected devices?
A. Switches
B. Hubs
C. Routers
D. Firewalls

Answer: B. Hubs

Explanation: Hubs can’t route data based on destination address, as a result, all connected devices receive all incoming data packets.

17. Which of these types of malware do not replicate themselves and need human intervention?
A. Rootkits
B. Virus
C. Trojan
D. Worm

Answer: C. Trojan

Explanation: Trojans do not replicate themselves and need human intervention for relying.

18. In the access control list (ACL), the element that is user or process run by a user, which inherits the user authorization is
A. The rule
B. The firmware
C. The object
D. The subject

Answer: D. The subject

Explanation: The subject is a user or process run by a user, which inherits the user authorization.

19. Which type of recovery site requires space, power, network connectivity, systems, and data to be put in place to take over operations?
A. Cold site
B. Warm site
C. Cloud site
D. Hot site

Answer: A. Cold site

Explanation: A cold site requires space, power, network connectivity, systems, and data to be put in place and take over operations.

20. In an incident response process, which phase involves the removal of artifacts related to the incident?
A. Containment
B. Identification
C. Eradication
D. Preparation

Answer: C. Eradication

Explanation: The Eradication phase involves the removal of artifacts related to the incident and containment limits both the scope and the impact of the incident.

We’ve made a YouTube video about these questions. Please watch it, subscribe to our channel for future videos, and share your thoughts in the comments below.

Author

Shuseel Baral is a web programmer and the founder of InfoTechSite has over 8 years of experience in software development, internet, SEO, blogging and marketing digital products and services is passionate about exceeding your expectations.

Write A Comment