ISC2-CC Cybersecurity Certified Exam Dumps and Braindumps

Which type of malicious software is seen most often in common system infections?

• ❏ A. Trojans

• ❏ B. Ransomware

• ❏ C. Worms

• ❏ D. Viruses

Which stakeholder group is least likely to have a formal agreement with a cloud provider?

• ❏ A. Vendors

• ❏ B. Managed service providers

• ❏ C. Regulators

Evergreen Financial has categorized its datasets by confidentiality but applies access permissions unevenly across projects and storage buckets. What risk arises from failing to apply access controls consistently?

• ❏ A. Storage costs may rise due to uncontrolled data growth

• ❏ B. Sensitive records could be accessed by users without permission

• ❏ C. Data could be changed by users who lack proper authorization

• ❏ D. Critical files might be removed accidentally by users with excessive privileges

Which physical access control best prevents an unauthorized person from following an employee into a restricted area?

• ❏ A. Access control doors with card readers

• ❏ B. Security turnstiles

• ❏ C. Security guards

As part of business continuity planning, Pinebridge Systems is evaluating an alternative facility for its primary datacenter and requires critical services to be restored within 45 minutes after an outage. Which type of disaster recovery site meets this requirement?

• ❏ A. Cold site

• ❏ B. Mobile site

• ❏ C. Hot site

• ❏ D. Warm site

Which privacy framework defines ten core privacy principles and can be used in a SOC 2 audit?

• ❏ A. NIST Privacy Framework

• ❏ B. ISO 27018

• ❏ C. Generally Accepted Privacy Principles

Which building safety control offers the most effective combination of automatic detection and active fire suppression?

• ❏ A. Manual fire extinguishers

• ❏ B. Smoke and heat detection alarms

• ❏ C. Fire compartmentation walls

• ❏ D. Automatic sprinkler system

Which example best represents an exploit in computer security?

• ❏ A. Malware

• ❏ B. Exploit

• ❏ C. Vulnerability

Northbridge Solutions is preparing a major software rollout across its operations and wants to reduce potential project risks. Which risk management approach should the team choose to lower the likelihood that risks will impact the project outcomes?

• ❏ A. Google Cloud managed services

• ❏ B. Implementing controls to reduce the probability of risks materializing

• ❏ C. Transferring project risk to an external party

• ❏ D. Attempting to remove every possible risk from the project

Which network design principle defines and enforces who can access resources in a secure architecture?

• ❏ A. Network segmentation

• ❏ B. Access control

• ❏ C. Encryption

All question come from the certificationexams.pro practice exams website and my ISC2-CC Udemy Course.

Which cloud service model requires the smallest amount of internal management and operational support from the customer organization?

• ❏ A. Platform as a Service (PaaS)

• ❏ B. Software Defined Networking (SDN)

• ❏ C. Infrastructure as a Service (IaaS)

• ❏ D. Software as a Service (SaaS)

Which of these is not a recognized category of personally identifiable information?

• ❏ A. Contractual PII

• ❏ B. Non-classified PII

• ❏ C. Protected health information

How do formal education programs training courses and awareness initiatives differ in their goals and primary focus within a company?

• ❏ A. Education targets practical proficiency while training delivers conceptual knowledge and awareness promotes a security culture

• ❏ B. Education centers on policy summaries training is limited to compliance procedures and awareness aims to teach technical skills

• ❏ C. Education emphasizes theoretical foundations training builds hands on abilities and awareness cultivates a security mindset while informing about risks and policies

• ❏ D. Education provides broad conceptual understanding training develops task specific skills and awareness raises general knowledge about policies procedures and threats

How do a business continuity plan and a disaster recovery plan differ in focus and purpose?

• ❏ A. Continuity provides a high level strategy while recovery maintains critical services

• ❏ B. Continuity ensures ongoing critical business operations and recovery restores IT systems and communications

• ❏ C. Continuity focuses on incident response and forensics while recovery documents procedural steps

You are a systems administrator at the Midtown Transit Authority and you must implement controls that decide which users and services can access resources in the organization’s information systems. What category of security control restricts who or what may view or use resources in an information system?

• ❏ A. Virtual private network

• ❏ B. Data encryption

• ❏ C. Network firewall

• ❏ D. Access control

Which cloud service model provides a hosted email application that users access through a web browser?

• ❏ A. Infrastructure as a Service

• ❏ B. Software as a Service

• ❏ C. Platform as a Service

A network engineer at Meridian Cloud is mapping protocols to OSI layers and asks which of these protocols does not operate at OSI layer three?

• ❏ A. IGMP

• ❏ B. ICMP

• ❏ C. IP

• ❏ D. SNMP

Which technique is not a phishing method?

• ❏ A. Smishing

• ❏ B. Tailgating

• ❏ C. Spear phishing

Maya, an information security engineer at NovaWave, notices a production server has not been patched for about five months which leaves it open to a known exploit. What has Maya identified?

• ❏ A. A risk

• ❏ B. A threat

• ❏ C. A vulnerability

• ❏ D. An incident

What is the primary objective of a defense in depth strategy?

• ❏ A. Prevent all security incidents

• ❏ B. Reduce the likelihood of a successful compromise by using overlapping security layers

• ❏ C. Centralize all security controls into a single management point

The correct answer is: Viruses

The correct answer is: Regulators

The correct answer is: Sensitive records could be accessed by users without permission.

The correct answer is: Security turnstiles

The correct answer is: Hot site

The correct answer is Generally Accepted Privacy Principles

The correct answer is: Automatic sprinkler system

The correct answer is: Exploit

The correct answer is Implementing controls to reduce the probability of risks materializing.

The correct answer is: Access control.

The correct answer is: Software as a Service (SaaS)

The correct answer is: Non-classified PII

The correct answer is: Education emphasizes theoretical foundations training builds hands on abilities and awareness cultivates a security mindset while informing about risks and policies

The correct answer is: Continuity ensures ongoing critical business operations and recovery restores IT systems and communications

The correct answer is: Access control

The correct answer is: Software as a Service

The correct answer is: SNMP

The correct answer is: Tailgating.

The correct answer is: A vulnerability