Please practice with the questions below at first and then view the correct answer with clicking on “View Answer” button. It incldes the correct answer along with the explanation for the answer. This may help you to improve your preparation for CC certification exam.
1. The address 7a12:2471:7c62:ec1d:2612:c38b:812b is an
A. IPV4 address
B. IPV6 address
C. MAC address
D. Web address
Answer: B. IPV6 address
Explanation: An IPV6 address have a sequence of eight groups of 16 bit hexadecimal values with the total 128 bit.
2. Which one of the following is NOT an ethical canon of the ISC2?
A. Protect the public trust confidence and the intelligence.
B. Act honorably, honestly, justly, responsibly and legally.
C. Provide diligent and competent service to principles.
D. Advance and protect the profession.
Answer: A. Protect the public trust confidence and the intelligence
Explanation: “Protect society, the common good, necessary public trust and confidence and the infrastructure” is the first cannon of ISC2.
3. Which of the following is NOT a private IP?
A. 10.16.126.1
B. 192.168.126.1
C. 172.32.126.1
D. 10.221.126.1
Answer: C. 172.32.126.1
Explanation: The IP address ranges 10.0.0.0 to 10.255.255.254, 172.16.0.0 to 172.31.255.254 and 192.168.0.0 to 19.168.255.254 are the private IP addresses.
4. Which of the following is NOT classified as sensitive information?
A. Trade Secrets
B. Business Plan
C. Intellectual Property
D. Public notice
Answer: D. Public notice
Explanation: Sensitive information includes trade secrets, business plan and intellectual property. Public notice is not classified as sensitive information.
5. Which of the following are the data handling procedures?
A. Classify, Categorize and Label
B. Classify, Categorize and Transform
C. Collect, Classify and Categorize
D. Encode, Encrypt and Backup
Answer: A. Classify, Categorize and Label
Explanation: Classify, Categorize, Label, Store, Encrypt, Backup and Destroy are the data handling procedures.
Read Also: Solved MCQ on TCP/IP and UDP in Computer Networks set-1
6. Which of the following device is used to detect an intrusion on the computer connected to the network?
A. Routers
B. NIDS
C. HIDS
D. Firewalls
Answer: C. HIDS
Explanation: Host Intrusion Detection System (HIDS) are the applications which monitor the computer system for detecting intrusion.
7. Which concept dictates that users should be given only those privileges required to complete their specific task?
A. Privileged Accounts
B. Separation of duties
C. Defense in depth
D. Least Privilege
Answer: D. Least Privilege
Explanation: The principle of least privilege dictates that users should be given only those privileges required to complete their specific tasks.
8. ……. are class of accounts that have permissions exceeding those of regular users, such as manager and administrator accounts.
A. Privileged Accounts
B. Super Accounts
C. Specialized Accounts
D. Managing Accounts
Answer: A. Privileged Accounts
Explanation: Privileged Accounts are a class of accounts that have permissions exceeding those of regular users such as manager and administrator accounts.
9. Which access control is least effective at protecting a door against unauthorized access?
A. Barriers
B. Turnstiles
C. Locks
D. Fences
Answer: B. Turnstiles
Explanation: Turnstiles are physical barriers that can be easily overcome. It is common knowledge that intruders can easily jump over a turnstile.
10. Which of the following can execute code with the same permissions as the scripts generated by the target website?
A. Trojans
B. Cross-Site Scripting
C. Rootkits
D. Backdoors
Answer: B. Cross-Site Scripting
Explanation: Cross-site scripting can execute code with the same permissions as the scripts generated by the target website, compromising the confidentiality and integrity of data transfers between the website and the client.
Read Also: Objective Questions on Transport Layer in OSI Model set-1
11. Which of the following is a protocol of OSI level 3?
A. TCP
B. IP
C. UDP
D. HTTP
Answer: B. IP
Explanation: Internet Protocol (IP), Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP) are the protocols of OSI layer 3.
12. Which of the following is a protocol of OSI level 4?
A. FTP
B. HTTP
C. UDP
D. SMTP
Answer: C. UDP
Explanation: Transmission control protocol (TCP) and User Datagram Protocol (UDP) are the protocols of OSI layer 4.
13. Which of the following consists in stopping activities and exposures that can negatively affect an organization and it’s assets?
A. Risk Tolerance
B. Risk Mitigation
C. Risk Transfer
D. Risk Avoidance
Answer: D. Risk Avoidance
Explanation: Risk avoidance consists in stopping activities and exposures that can negatively affect an organization and it’s assets.
14. The process of providing permission to users, processes or devices to access specific assets is known as …
A. Authorization
B. Authentication
C. Integrity
D. Confidentiality
Answer: A. Authorization
Explanation: Authorization is the process of providing permission to users, processes or devices to access specific assets.
15. The IGMP operates at which layer of TCP/IP model?
A. Application Layer
B. Transport Layer
C. Internet Layer
D. Network Interface Layer
Answer: C. Internet Layer
Explanation: Internet Protocol (IP), Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP) operates at Internet Layer of TCP/IP model.
16. The capacity to identify, track, prioritize and eliminate vulnerabilities in systems and device is known as …
A. Inventory Management
B. Configuration Management
C. Vulnerability Management
D. Change Management
Answer: C. Vulnerability Management
Explanation: Vulnerability Management refers to the capacity to identify, track, prioritize and eliminate vulnerabilities in systems and device.
17. The collection of activities with the purpose of establishing and maintaining the integrity of information systems is known as …
A. Inventory Management
B. Configuration Management
C. Vulnerability Management
D. Change Management
Answer: B. Configuration Management
Explanation: Configuration Management is the collection of activities with the purpose of establishing and maintaining the integrity of information systems.
18. In which access control model, subject can grant privileges to other subjects?
A. Attribute Based Access Control (ABAC)
B. Discretionary Access Control (DAC)
C. Mandatory Access Control (MAC)
D. Role Based Access Control (RBAC)
Answer: B. Discretionary Access Control (DAC)
Explanation: In Discretionary Access Control (DAC) model subject can grant privileges to other subjects and change some of the security attributes of the objects they have access to.
19. Which of the following is NOT an example of a technical security control?
A. Security Camera
B. Firewalls
C. NIPS
D. SIEM
Answer: A. Security Camera
Explanation: Security camera is a physical security control and all the other controls listed above are technical security controls.
20. Which type of attack is used to initiate attacks by redirecting the user to fake websites?
A. Rootkits
B. Cross-Site Scripting
C. Phishing
D. Trojans
Answer: C. Phishing
Explanation: Phishing is used to initiate attacks by redirecting the user to fake websites.