This article includes objective questions about fundamental cybersecurity principles, the risk management process, several security measures, governance elements, and the ISC2 code of ethics from the first domain. This article also includes MCQ questions on business continuity (BC), disaster recovery (DR), incident response concepts, access control concepts, network security concepts, and security operations concepts from the second to the fifth domain.
Please practice the following questions before clicking the “View Answer” button to find the correct answer. It includes the correct answer as well as the explanation behind it. You might be able to prepare better to pass your ISC2 CC exam.
1. Addressing a problem in a software product is referred to
A. Hotfix
B. Service Pack
C. Software Patch
D. Downgrade
Answer: A. Hotfix
Explanation: A hotfix or quickfix engineering update is a cumulative package which includes information that will be used to address a problem in software product.
2. A quick repair job for a piece of programming is known as
A. Hotfix
B. Downgrade
C. Service Pack
D. Software Patch
Answer: D. Software Patch
Explanation: Software patches are rapid fixes for programming that are intended to fix problems with functionality, enhance security, and introduce new features.
3. Which of these documents is a contract between a service provider and a customer?
A. ROE
B. MOU
C. MOA
D. SLA
Answer: D. SLA
Explanation: A Service Level Agreement (SLA) is an agreement between a service provider and a customer that defines service-related guarantees or warranties.
4. Which of the following ensures that an organization does not become vulnerable to further attacks?
A. ROE
B. MOU
C. MOA
D. SLA
Answer: A. ROE
Explanation: Rules of Engagement (ROE) ensure that an organization does not become vulnerable to further attacks while defending itself from an ongoing attack.
5. Which kind of document outlines the method of analyzing how much disruptions can affect an organization?
A. Disaster Recovery Plan
B. Business Continuity Plan
C. Business Impact Plan
D. Business Impact Analysis
Answer: D. Business Impact Analysis
Explanation: A business impact analysis (BIA) is a technique used to assess the potential impact of disruptions on an organization.
Read Also: Top 100 Must-Know MCQ Questions to Pass your ISC2 CC Exam set-1
6. Which of these social engineering attacks corrupts an infrastructure service such as Domain Name System (DNS)?
A. Spear Phishing
B. Pharming
C. Vishing
D. Whaling
Answer: B. Pharming
Explanation: A pharming attack corrupts an infrastructure service such as DNS, which causes traffic to be misdirected to a forged site.
7. Which of the following is protected by regulations such as GDPR, HIPPA, and PCI-DSS?
A. Protected Health Information (PHI)
B. Secure Credit Cards Payments (SCCP)
C. Personally Identifiable Information (PII)
D. Pubically Identifiable Information (PII)
Answer: C. Personally Identifiable Information (PII)
Explanation: Personally Identifiable Information (PII) is any information that is capable of identifying an individual, which is protected by regualtions, such as GDPR (in the EU) and HIPPA and PCI-DSS (in the US).
8. Which of these is an attack whose primary goal is to demand a ransom?
A. DDOS
B. Spoofing
C. Amplification
D. Ransomware
Answer: D. Ransomware
Explanation: Ransomeware attacks typically encrypt a target systems data, and then demand a ransom in exchange for the decryption code.
9. Which of the following attacks exploits the information leaked through non-traditional channels?
A. Ping of death
B. Side-channel
C. APT
D. Rootkit
Answer: B. Side-channel
Explanation: Side-channel attacks exploit information leaked through non-traditional channels (such as power consumption, electromagnetic emissions or physical timing) in order to gain access to sensitive information or perform other malicious actions.
10. Which of these terms refers to threats that involve sending a maliciously large ping packet to the target system?
A. Ping of death
B. Side-channel
C. APT
D. Rootkit
Answer: A. Ping of death
Explanation: A ping of death is a form of denial of service (DOS) attack that includes delivering a maliciously huge ping packet to the target system in order to overload it.
Read Also: Ready to Pass your ISC2 CC Exam? Get 100 Frequently Asked Questions set-2
11. An organization needs a network security tool that detects in the event of malicious activity. Which of these tools will BEST meet their requirements?
A. Router
B. Firewall
C. IDS
D. IPS
Answer: C. IDS
Explanation: An intrusion detection system (IDS) is designed to monitor network traffic in real-time for identifying patterns or behaviors which indicates an attempted intrusion or other malicious activity.
12. Which of the following documents are created by governments or national authorities?
A. Standards
B. Guidelines
C. Regulations
D. Policies
Answer: C. Regulations
Explanation: Regulations are created by governments or national agencies and frequently result in financial penalties for violations.
13. What does the term WAN refer to?
A. A long-distance connection between geographically distant networks.
B. A device that connects multiple other devices in a network.
C. A network on a building or limited geographical area.
D. A tool to manage and control network traffic, as well as to protect the network.
Answer: A. A long-distance connection between geographically distant networks.
Explanation: A long-distance connection between geographically distant networks is called a wide area network (WAN).
14. Which of these is a type of detective security control?
A. Encryption
B. Guidelines
C. Intrusion Detection System
D. Patches
Answer: C. Intrusion Detection System
Explanation: Intrusion Detection System (IDS) are detective security controls that monitors the given system for unwanted activity.
15. Which of the following OSI layers is responsible for establishing, maintaining, and terminating connections between different devices on a network?
A. Physical Layer
B. Session Layer
C. Application Layer
D. Transport Layer
Answer: B. Session Layer
Explanation: The session layer of OSI model is responsible for establishing, maintaining, and terminating connections between different devices on a network.
Read Also: Top 100 Must-Know Questions to Pass Your ISC2 CC Exam Set-3
16. Which of the following statements about IPV6 is NOT true?
A. IPv6 can have an insecure version
B. IPv6 does not include network address translation (NAT)
C. IPv6 traffic may bypass many existing IPv4 security tools
D. Assigning static address less useful for IPv6 address
Answer: A. IPv6 can have an insecure version
Explanation: IPv6 address doesn’t have any insecure version but the IPv4 has unsecure version.
17. Which of these is an example of technical access control?
A. Firewalls
B. Turnstiles
C. Movement sensors
D. Bollards
Answer: A. Firewalls
Explanation: Firewalls are network devices used to filter network traffic. So it is considered as technical control.
18. Which cloud service model provides access to their customers, typically on a subscription-based or pay-per-use model?
A. PaaS
B. IaaS
C. SLA
D. SaaS
Answer: D. SaaS
Explanation: Software as a service (SaaS) is a model that provides customers with access to software applications, typically on a subscription-based or pay-per-use model.
19. Which of the following cloud service models provides a platform for building, deploying, and managing applications?
A. Infrastructure as a Service
B. Platform as a Service
C. Software as a Service
D. Applications as a Service
Answer: B. Platform as a Service
Explanation: Platform as a Service (PaaS) is a cloud service models provides a platform for building, deploying, and managing applications.
20. Which of the following IP addresses is commonly reserved for the network itself?
A. 192.168.20.1
B. 192.152.0.20
C. 192.299.20.0
D. 192.121.20.255
Answer: C. 192.299.20.0
Explanation: IP addresses ending with zero are reserved to represent the network itself and not a specific device on that network.
