CERTIFIED-IN-CYBERSECURITY Practice Questions
788 real CERTIFIED-IN-CYBERSECURITY exam questions with expert-verified answers and explanations. Page 11 of 16.
- Question #501Access Controls Concepts
What are the three main concepts of access control?
Access ControlAccess Control ConceptsSubjectsObjectsRules - Question #502Access Controls Concepts
What is the primary benefit of using a rule-based access control (RuBAC) model? ()
Access ControlRule-Based Access Control (RuBAC)Security ModelsDynamic Access Control - Question #503Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
What should be included in the Business Continuity Plan (BCP) team members list?
Business Continuity PlanningTeam ManagementRedundancyCrisis Communication - Question #504Security Principles
The concept of data integrity refers to:
Data IntegrityCIA TriadCybersecurity PrinciplesInformation Security Basics - Question #505Security Principles
Choosing NOT to implement the needed security controls is a form of:
Risk managementRisk acceptanceSecurity controlsRisk treatment - Question #506Network Security Concepts
Which of the following BEST describes a security solution that enforces policies on devices attempting to access network resources?
Network Access ControlNetwork SecurityAccess ControlPolicy Enforcement - Question #507Network Security
What information can be obtained by using the 'ping' command?
Network CommandsPingNetwork TroubleshootingICMP - Question #508Security Principles
What concept is at the center in the concentric circles model of defense in depth? ()
Defense in DepthSecurity ArchitectureCybersecurity ModelsAsset Protection - Question #509Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
What is the main goal of a Disaster Recovery Plan (DRP)?
Disaster Recovery PlanBusiness ContinuityIT ResilienceRecovery Objectives - Question #510Network Security Concepts
What is a Local Area Network (LAN)?
LANNetworking fundamentalsNetwork types - Question #511Business Continuity and Disaster Recovery
Until the generators start up and stabilize, what do battery backups need to be properly sized to carry?
Battery BackupUPSCritical LoadBusiness Continuity - Question #512Network Security Concepts
Which of the following options best describes the concept of Ethernet?
Networking FundamentalsEthernetWired NetworksLAN Technologies - Question #513Security Principles
Audit trail logs showed that a bank employee accessed customer accounts and transferred funds to a personal bank account. Which of the following describes this action?
Insider threatThreat actorsCybercrimeRisk management - Question #514Security Principles
What is the PRIMARY goal of a Denial of Service (DoS) attack?
DoS AttackCybersecurity ThreatsAttack GoalsAvailability - Question #515Network Security Concepts
What is the PRIMARY goal of a firewall on a network?
FirewallNetwork SecurityTraffic FilteringSecurity Devices - Question #516Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
What should be done if one person is unavailable during an emergency?
Incident ResponseEmergency ProceduresBusiness ContinuityRoles and Responsibilities - Question #517Security Principles
Which of the following statements is TRUE about ransomware?
RansomwareMalwareCyber threatsEncryption - Question #518Access Controls Concepts
Which is one PRIMARY benefit of having the least privilege principle?
Least PrivilegeAccess ControlSecurity PrinciplesRisk Mitigation - Question #519Access Controls Concepts
How are permissions typically assigned in a role-based access control (RBAC) model?
RBACAccess ControlPermissions - Question #520Network Security
What port range refers to dynamic or private ports?
Network PortsPort RangesTCP/UDPNetworking Fundamentals - Question #521Access Controls Concepts
What are three common methods of authentication?
AuthenticationSecurity FundamentalsAccess ControlAuthentication Factors - Question #522Security Principles
What three intents are found in the ISC2 Code of Ethics?
(ISC)2 Code of EthicsProfessional EthicsEthical ConductCybersecurity Principles - Question #523Access Controls Concepts
What is the purpose of the two-person rule in a security strategy?
Two-person rulePhysical securityAccess controlSecurity strategy - Question #524Security Principles
What is the difference between risk mitigation and risk acceptance?
Risk ManagementRisk MitigationRisk Acceptance - Question #525Network Security Concepts
What are the two PRIMARY transport layer protocols?
Networking FundamentalsOSI ModelTransport LayerTCP/UDP - Question #526Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
What is a Business Impact Analysis (BIA)?
Business Impact AnalysisBusiness ContinuityDisaster Recovery - Question #527Security Principles
Two healthcare organizations are planning to collaborate on a project. Which of the following can be used to formalize this collaboration agreement?
Memorandum of Understanding (MOU)Collaboration AgreementsOrganizational AgreementsSecurity Governance - Question #528Security Principles
Which method eliminates residual physical effects from writing original values?
Data SanitizationData RemanenceMedia ProtectionInformation Lifecycle Management - Question #529Access Controls Concepts
In a healthcare organization, which of the following would be an example of the principle of least privilege?
Least PrivilegeAccess ControlSecurity PrinciplesHealthcare Security - Question #530Security Principles
What is the purpose of a policy?
PolicyGovernanceComplianceStandards - Question #531Security Principles
What is the first step in classifying data stored in an Information System?
Data ClassificationData SecurityInformation Security PrinciplesData Governance - Question #532Security Principles
What term describes a potential malicious actor that may cause harm to an organization or its assets?
Cybersecurity FundamentalsThreat ConceptsSecurity TerminologyRisk Management - Question #533Security Principles
What is the primary category of information specifically regulated by HIPAA?
HIPAAPHIData ClassificationCompliance - Question #534Security Principles
What is the purpose of risk assessment?
Risk AssessmentRisk IdentificationRisk PrioritizationCybersecurity Fundamentals - Question #535Security Principles
What is the consequence of failing to adhere to the ISC2 Code of Ethics?
Professional EthicsISC2 Code of EthicsCertification PoliciesRevocation - Question #536Security Principles
What is one requirement of PCI DSS regarding credit card data?
PCI DSSData EncryptionData SecurityCompliance - Question #537Security Principles
Which of the following is an example of dual control?
Dual ControlSecurity ControlsAccess ControlGovernance - Question #538Security Operations
Why do many organizations find it challenging to maintain a separate test environment?
Test EnvironmentsIT Operations ManagementResource ConstraintsChange Management - Question #539Physical Security
Which type of fire suppression system is better for electronics but can be toxic to humans? ()
Fire SuppressionPhysical SecurityEnvironmental ControlsData Center Security - Question #540Security Principles
Which of the following is NOT a type of phishing attack?
PhishingSocial EngineeringTailgatingCyber Attack Types - Question #541Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
Which of the following would help an organization secure its network-critical server that is about to experience a significant power outage?
Physical SecurityAvailabilityPower ManagementBusiness Continuity - Question #542Access Controls Concepts
What is the term used to verify or prove the user's identity?
AuthenticationIdentity ManagementAccess ControlSecurity Fundamentals - Question #543Access Controls Concepts
What is a drawback of biometric authentication?
Biometric AuthenticationPrivacy ConcernsAuthentication DrawbacksData Privacy - Question #544Security Principles
Which of the following is a technique used to protect the confidentiality of data?
ConfidentialityEncryptionData ProtectionSecurity Principles - Question #545Access Controls Concepts
What types of cards can be used as a tool to grant access?
Access ControlAuthenticationSmart Cards - Question #546Security Operations
Why is it important to have a rollback plan in place for organizations that do not have the ability to fully test a change?
Rollback plansChange managementRisk mitigationSystem recovery - Question #547Security Principles
Which of the following is an example of the principle of least privilege?
Least PrivilegeAccess ControlSecurity Principles - Question #548Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which of the following documents are NOT commonly part of a Disaster Recovery Plan?
Disaster RecoveryBusiness ContinuityDocumentationDRP Components - Question #549Security Principles
Why is it essential for organizations to periodically review their retained records?
Records ManagementRegulatory ComplianceData GovernanceInformation Lifecycle Management - Question #550Security Principles
An European institution wants different data handling protocols depending on the type of information stored. What does the institution need to do in order to achieve this?
Data ClassificationData HandlingInformation Governance