CERTIFIED-IN-CYBERSECURITY Practice Questions
788 real CERTIFIED-IN-CYBERSECURITY exam questions with expert-verified answers and explanations. Page 1 of 16.
- Question #1Security Principles
An entity that acts to exploit a target organization's system vulnerabilities is a:
Cybersecurity TerminologyThreat ActorSecurity ConceptsVulnerabilities - Question #2Security Principles
Security posters are an element PRIMARILY employed in: ()
Security AwarenessUser EducationSecurity CultureHuman Factors - Question #3Security Operations
A best practice of patch management is to:
Patch ManagementVulnerability ManagementSecurity OperationsBest Practices - Question #4Domain 1: Security Principles - Understand Common Attack Types
Which of the following is NOT a social engineering technique? ()
Social EngineeringAttack TechniquesSecurity ThreatsSecurity Awareness - Question #5Security Principles
Governments can impose financial penalties as a consequence of breaking a:
RegulationsComplianceSecurity GovernanceLegal Consequences - Question #6Security Principles
Malicious emails that aim to attack company executives are an example of:
WhalingSocial EngineeringPhishingEmail Attacks - Question #7Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
Which of these is the PRIMARY objective of a Disaster Recovery Plan?
Disaster RecoveryDRP ObjectivesIT Systems Recovery - Question #8Network Security Concepts
Which of the following is NOT a protocol of the OSI Level 3?
OSI ModelNetwork ProtocolsLayer 3SNMP - Question #9Network Security Concepts
Which type of attack attempts to trick the user into revealing personal information by sending a fraudulent message?
PhishingSocial EngineeringCyber AttacksThreats - Question #10Security Principles
Which of the following documents contains elements that are NOT mandatory?
Security DocumentationPolicies and ProceduresGuidelinesGovernance - Question #11Access Controls Concepts
The process of verifying or proving the user's identification is known as:
AuthenticationIdentity VerificationAccess ControlSecurity Fundamentals - Question #12Security Operations
Which of these is NOT a change management component?
Change ManagementSecurity OperationsIT ProcessRisk Control - Question #13Security Principles
Which type of key can be used to both encrypt and decrypt the same message?
CryptographySymmetric EncryptionKey ManagementEncryption Concepts - Question #14Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which of these has the PRIMARY objective of identifying and prioritizing critical business processes?
Business Impact AnalysisBusiness ContinuityDisaster RecoveryRisk Management - Question #15Network Security
How many layers does the OSI model have?
OSI ModelNetworking FundamentalsNetwork ArchitectureProtocol Stacks - Question #16Security Principles
Which type of attack embeds malicious payload inside a reputable or trusted software?
MalwareTrojanCyber attacksThreat types - Question #17Security Principles
A security safeguard is the same as a:
Security ControlsSafeguardsCybersecurity TerminologyRisk Management Basics - Question #18Security Principles
Which of the following properties is NOT guaranteed by Digital Signatures?
Digital SignaturesCryptographySecurity ServicesNon-repudiation - Question #19Security Principles
According to the canon "Provide diligent and competent service to principals", (ISC)?professionals are to:
(ISC)² Code of EthicsProfessional EthicsConflicts of Interest - Question #20Access Controls Concepts
Which of the following is an example of 2FA?
Two-Factor AuthenticationAuthentication FactorsOne-Time Passwords - Question #21Security Principles
Which of the following principles aims primarily at fraud detection?
Security PrinciplesSeparation of DutiesFraud DetectionInternal Controls - Question #22Security Principles
Which cloud deployment model is suited to companies with similar needs and concerns?
Cloud Deployment ModelsCommunity CloudCloud Concepts - Question #23Understand Incident Response Team (IRT) models and their characteristics.
Which of the following is NOT a possible model for an Incident Response Team (IRT)?
Incident ResponseIRT ModelsCybersecurity OperationsTeam Structure - Question #24Network Security Concepts
A web server that accepts requests from external clients should be placed in which network?
DMZNetwork SegmentationNetwork Security Architecture - Question #25Security Operations
A device found not to comply with the security baseline should be:
Security BaselineEndpoint SecurityQuarantineRemediation - Question #26Security Principles
What is the consequence of a Denial of Service attack?
Denial of Service (DoS)Cybersecurity attacksAttack consequencesAvailability - Question #27Security Operations
The process that ensures that system changes do not adversely impact business operations is known as:
Change ManagementIT OperationsRisk Management - Question #28Security Principles
An exploitable weakness or flaw in a system or component is a:
VulnerabilityCybersecurity FundamentalsSecurity ConceptsThreats and Vulnerabilities - Question #29Security Principles
Which of the following are NOT types of security controls?
Security ControlsControl ClassificationCybersecurity Fundamentals - Question #30Security Principles
Sensitivity is a measure of the ...:
Information SensitivityInformation ClassificationData GovernanceSecurity Principles - Question #31Security Operations
What is an effective way of hardening a system?
System HardeningPatch ManagementVulnerability ManagementSecurity Best Practices - Question #32Security Principles
Which of the following is an example of a technical security control?
Security ControlsTechnical ControlsAccess Control ListsSecurity Control Types - Question #33Security Principles
In which cloud model does the cloud customer have LESS responsibility over the infrastructure? ()
Cloud ComputingCloud Service ModelsShared Responsibility ModelSaaS - Question #34Network Security Concepts
Which of the following types of devices inspect packet header information to either allow or deny network traffic?
FirewallsNetwork Security DevicesPacket InspectionTraffic Filtering - Question #35Security Principles
Which of the following areas is the most distinctive property of PHI?
PHIConfidentialityData ProtectionSecurity Principles - Question #36Security Principles
Which type of attack attempts to gain information by observing the device's power consumption? ()
Side-channel attacksPower analysisAttack typesCryptography - Question #37Security Principles
Which type of attack has the PRIMARY objective of encrypting devices and their data, and then demanding a ransom payment for the decryption key?
RansomwareMalwareCyber ThreatsAttack Types - Question #38Access Controls Concepts
Which of these types of user is LESS likely to have a privileged account?
Privileged AccessAccess ControlUser RolesLeast Privilege - Question #39Security Principles
Which regulations address data protection and privacy in Europe?
GDPRData ProtectionPrivacy RegulationsEuropean Regulations - Question #40Security Operations
What does SIEM mean?
SIEMSecurity OperationsLogging and MonitoringAcronyms - Question #41Network Security Concepts
Which of the following is a public IP?
IP addressingPublic IPPrivate IPNetwork fundamentals - Question #42Security Principles
How many data labels are considered manageable?
Data labelingData classificationData governance - Question #43Security Principles
In order to find out whether personal tablet devices are allowed in the office, which of the following policies would be helpful to read?
BYODSecurity PoliciesDevice ManagementOrganizational Security - Question #44Security Principles
In incident terminology, the meaning of Zero Day is:
Zero DayVulnerabilityCybersecurity TerminologyThreats - Question #45Security Principles
Which type of attack PRIMARILY aims to make a resource inaccessible to its intended users?
Attack typesDenial of ServiceAvailabilityCybersecurity fundamentals - Question #46Security Principles
Which of the following attacks take advantage of poor input validation in websites?
Web SecurityInput ValidationCross-Site ScriptingWeb Application Attacks - Question #47Access Controls Concepts
Which of these would be the best option if a network administrator needs to control access to a network?
Network Access Control (NAC)Access ControlNetwork SecuritySecurity Technologies - Question #48Access Controls Concepts
Which of these tools is commonly used to crack passwords? ()
Password crackingSecurity toolsAuthentication attacks - Question #492. Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
In which of the following phases of an Incident Recovery Plan are incident responses prioritized?
Incident Response PhasesIncident PrioritizationDetection and AnalysisCyber Incident Management - Question #50Security Principles
Which of the following cloud models allows access to fundamental computer resources? ()
Cloud ModelsIaaSCloud ComputingInfrastructure