CS/IT MCQ Collections

Top 100 MCQ Questions to Ask for ISC2 CC Certification set-1

Pinterest LinkedIn Tumblr
Here are the collection of MCQ Questions on CyberSecurity for ISC2 CC certification exam. It includes Multiple Choice Questions on the fundamental concepts of cybersecurity principles, risk management process, different types of security controls and the governance elements along with the questions related to ISC2 code of ethics.

Please practice with the questions below at first and then view the correct answer with clicking on “View Answer” button. It incldes the correct answer along with the explanation for the answer. This may help you to improve your preparation for CC certification exam.

1. The address 7a12:2471:7c62:ec1d:2612:c38b:812b is an
A. IPV4 address
B. IPV6 address
C. MAC address
D. Web address

Answer: B. IPV6 address

Explanation: An IPV6 address have a sequence of eight groups of 16 bit hexadecimal values with the total 128 bit.

2. Which one of the following is NOT an ethical canon of the ISC2?
A. Protect the public trust confidence and the intelligence.
B. Act honorably, honestly, justly, responsibly and legally.
C. Provide diligent and competent service to principles.
D. Advance and protect the profession.

Answer: A. Protect the public trust confidence and the intelligence

Explanation: “Protect society, the common good, necessary public trust and confidence and the infrastructure” is the first cannon of ISC2.

3. Which of the following is NOT a private IP?
A. 10.16.126.1
B. 192.168.126.1
C. 172.32.126.1
D. 10.221.126.1

Answer: C. 172.32.126.1

Explanation: The IP address ranges 10.0.0.0 to 10.255.255.254, 172.16.0.0 to 172.31.255.254 and 192.168.0.0 to 19.168.255.254 are the private IP addresses.

4. Which of the following is NOT classified as sensitive information?
A. Trade Secrets
B. Business Plan
C. Intellectual Property
D. Public notice

Answer: D. Public notice

Explanation: Sensitive information includes trade secrets, business plan and intellectual property. Public notice is not classified as sensitive information.

5. Which of the following are the data handling procedures?
A. Classify, Categorize and Label
B. Classify, Categorize and Transform
C. Collect, Classify and Categorize
D. Encode, Encrypt and Backup

Answer: A. Classify, Categorize and Label

Explanation: Classify, Categorize, Label, Store, Encrypt, Backup and Destroy are the data handling procedures.

Read Also: Solved MCQ on TCP/IP and UDP in Computer Networks set-1

6. Which of the following device is used to detect an intrusion on the computer connected to the network?
A. Routers
B. NIDS
C. HIDS
D. Firewalls

Answer: C. HIDS

Explanation: Host Intrusion Detection System (HIDS) are the applications which monitor the computer system for detecting intrusion.

7. Which concept dictates that users should be given only those privileges required to complete their specific task?
A. Privileged Accounts
B. Separation of duties
C. Defense in depth
D. Least Privilege

Answer: D. Least Privilege

Explanation: The principle of least privilege dictates that users should be given only those privileges required to complete their specific tasks.

8. ……. are class of accounts that have permissions exceeding those of regular users, such as manager and administrator accounts.
A. Privileged Accounts
B. Super Accounts
C. Specialized Accounts
D. Managing Accounts

Answer: A. Privileged Accounts

Explanation: Privileged Accounts are a class of accounts that have permissions exceeding those of regular users such as manager and administrator accounts.

9. Which access control is least effective at protecting a door against unauthorized access?
A. Barriers
B. Turnstiles
C. Locks
D. Fences

Answer: B. Turnstiles

Explanation: Turnstiles are physical barriers that can be easily overcome. It is common knowledge that intruders can easily jump over a turnstile.

10. Which of the following can execute code with the same permissions as the scripts generated by the target website?
A. Trojans
B. Cross-Site Scripting
C. Rootkits
D. Backdoors

Answer: B. Cross-Site Scripting

Explanation: Cross-site scripting can execute code with the same permissions as the scripts generated by the target website, compromising the confidentiality and integrity of data transfers between the website and the client.

Read Also: Objective Questions on Transport Layer in OSI Model set-1

11. Which of the following is a protocol of OSI level 3?
A. TCP
B. IP
C. UDP
D. HTTP

Answer: B. IP

Explanation: Internet Protocol (IP), Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP) are the protocols of OSI layer 3.

12. Which of the following is a protocol of OSI level 4?
A. FTP
B. HTTP
C. UDP
D. SMTP

Answer: C. UDP

Explanation: Transmission control protocol (TCP) and User Datagram Protocol (UDP) are the protocols of OSI layer 4.

13. Which of the following consists in stopping activities and exposures that can negatively affect an organization and it’s assets?
A. Risk Tolerance
B. Risk Mitigation
C. Risk Transfer
D. Risk Avoidance

Answer: D. Risk Avoidance

Explanation: Risk avoidance consists in stopping activities and exposures that can negatively affect an organization and it’s assets.

14. The process of providing permission to users, processes or devices to access specific assets is known as …
A. Authorization
B. Authentication
C. Integrity
D. Confidentiality

Answer: A. Authorization

Explanation: Authorization is the process of providing permission to users, processes or devices to access specific assets.

15. The IGMP operates at which layer of TCP/IP model?
A. Application Layer
B. Transport Layer
C. Internet Layer
D. Network Interface Layer

Answer: C. Internet Layer

Explanation: Internet Protocol (IP), Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP) operates at Internet Layer of TCP/IP model.

16. The capacity to identify, track, prioritize and eliminate vulnerabilities in systems and device is known as …
A. Inventory Management
B. Configuration Management
C. Vulnerability Management
D. Change Management

Answer: C. Vulnerability Management

Explanation: Vulnerability Management refers to the capacity to identify, track, prioritize and eliminate vulnerabilities in systems and device.

17. The collection of activities with the purpose of establishing and maintaining the integrity of information systems is known as …
A. Inventory Management
B. Configuration Management
C. Vulnerability Management
D. Change Management

Answer: B. Configuration Management

Explanation: Configuration Management is the collection of activities with the purpose of establishing and maintaining the integrity of information systems.

18. In which access control model, subject can grant privileges to other subjects?
A. Attribute Based Access Control (ABAC)
B. Discretionary Access Control (DAC)
C. Mandatory Access Control (MAC)
D. Role Based Access Control (RBAC)

Answer: B. Discretionary Access Control (DAC)

Explanation: In Discretionary Access Control (DAC) model subject can grant privileges to other subjects and change some of the security attributes of the objects they have access to.

19. Which of the following is NOT an example of a technical security control?
A. Security Camera
B. Firewalls
C. NIPS
D. SIEM

Answer: A. Security Camera

Explanation: Security camera is a physical security control and all the other controls listed above are technical security controls.

20. Which type of attack is used to initiate attacks by redirecting the user to fake websites?
A. Rootkits
B. Cross-Site Scripting
C. Phishing
D. Trojans

Answer: C. Phishing

Explanation: Phishing is used to initiate attacks by redirecting the user to fake websites.

Author

Shuseel Baral is a web programmer and the founder of InfoTechSite has over 8 years of experience in software development, internet, SEO, blogging and marketing digital products and services is passionate about exceeding your expectations.

Write A Comment