CERTIFIED-IN-CYBERSECURITY Practice Questions
788 real CERTIFIED-IN-CYBERSECURITY exam questions with expert-verified answers and explanations. Page 3 of 16.
- Question #101Risk Management
In the context of risk management, which information does ALE outline?
Risk ManagementAnnualized Loss ExpectancyQuantitative Risk AnalysisRisk Assessment - Question #102Access Controls Concepts
Which of these is NOT a best practice in access management? ()
Access ManagementBest PracticesAccess Control PrinciplesLeast Privilege - Question #103Security Principles
A poster reminding the best password management practices is an example of which type of learning activity?
Security AwarenessPassword ManagementUser EducationSecurity Controls - Question #104Security Operations
Which of these is NOT a feature of a SIEM (Security Information and Event Management)?
SIEMLog ManagementSecurity OperationsCybersecurity Tools - Question #105Access Controls Concepts
Which of these types of credentials is NOT used in multi-factor authentication?
Multi-Factor AuthenticationAuthentication FactorsAccess ControlCybersecurity Basics - Question #106Security Principles
Which of these cloud deployment models is a combination of public and private cloud storage?
Cloud ComputingCloud Deployment ModelsHybrid CloudCloud Architecture - Question #107Network Security
Which of these addresses is commonly reserved specifically for broadcasting?
IPv4 AddressingNetworking FundamentalsBroadcast Address - Question #108Security Principles
Which of these statements is TRUE about cybersquatting? ()
CybersquattingCyber LawLegal ConceptsIntellectual Property - Question #1091.6 Understand Common Security Threats
Which of these types of malware self-replicates without the need for human intervention?
MalwareWormsSelf-replicationCybersecurity Threats - Question #110Network Security
What does the term LAN refer to?
LANNetworking FundamentalsNetwork Types - Question #111Security Principles
A high-level executive of an organization receives a malicious email that tries to trick him. Which attack is the perpetrator using?
Social EngineeringPhishingWhalingEmail Security - Question #112Security Principles
As an (ISC)?member, you are expected to perform with due care. What does 'due care' specifically mean?
Due CareProfessional Ethics(ISC)2 Code of EthicsCybersecurity Professionalism - Question #113Access Controls Concepts
The name, age, location and job title of a person are all examples of:
Identity and Access Management (IAM)User AttributesIdentity ManagementPersonal Identifiable Information (PII) - Question #114Security Principles
Which of these terms refers to threats with unusually high technical and operational sophistication, spanning months or even years?
Advanced Persistent ThreatsThreat ActorsCyberattacksThreat types - Question #115Access Controls Concepts
Which of these is NOT a best practice in access management?
Access ManagementLeast PrivilegeSecurity Best PracticesUser Permissions - Question #116Security Principles
Which of these CANNOT be a corrective security control?
Security ControlsCorrective ControlsPhysical SecurityControl Types - Question #117Security Operations
Which of these is NOT a characteristic of an MSP implementation?
Managed Service Provider (MSP)IT ServicesOutsourcingSecurity Operations - Question #118Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
The primary objective of a Business Continuity Plan (BCP) is:
Business Continuity PlanDisaster RecoveryRisk Management - Question #119Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
A backup that captures the changes made since the latest full backup is an example of:
Backup typesData recoveryDisaster recoveryCybersecurity fundamentals - Question #120Secure Systems Principles
Which of these properties is NOT guaranteed by a Message Authentication Code (MAC)? ()
MACCryptographySecurity PropertiesNon-repudiation - Question #121Security Principles
When analyzing risks, which of these activities is required? ()
Risk AnalysisRisk ManagementLikelihoodRisk Assessment Process - Question #122Security Principles
Which of these is NOT a security principle?
Security PrinciplesSecurity AwarenessLeast PrivilegeZero Trust - Question #123Network Security Concepts
Which of these statements about the security implications of IPv6 is NOT true? ()
IPv6 SecurityNetwork SecurityNATIPv6 Addressing - Question #124Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which department in a company is NOT typically involved in a Disaster Recovery Plan (DRP)?
DRPBCPOrganizational RolesCrisis Management - Question #125Access Controls Concepts
Requiring a specific user role to access resources is an example of which access control model:
Access Control ModelsRBACRole-Based Access Control - Question #126Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
On an Incident Response team, which role acts as the team's main link to Senior Management?
Incident Response Team RolesIncident CommunicationOrganizational Roles - Question #127Security Principles
A security consultant hired to design the security policies for the PHI within an organization will be primarily handling:
PHIData ClassificationHealthcare ComplianceSecurity Policies - Question #128Security Principles
Acting ethically is mandatory for (ISC)?members. Which of these is NOT considered unethical?
Ethics(ISC)² Code of EthicsProfessional ConductSecurity Principles - Question #129Security Principles
Which of these documents is MORE directly related to what can be done with a system or with its information?
Legal AgreementsInformation GovernanceData SharingOrganizational Agreements - Question #130Security Operations
Which of these terms refers to a collection of fixes?
Software updatesPatch managementVulnerability managementCybersecurity terminology - Question #131Incident Response Concepts
In an incident response process, which phase uses indicators of compromise and log analysis as part of a review of events?
Incident ResponseIncident DetectionIndicators of CompromiseLog Analysis - Question #132Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
What does redundancy mean in the context of cybersecurity?
RedundancyFault ToleranceHigh AvailabilitySystem Design - Question #133Network Security Concepts
At which of the OSI layers do TCP and UDP work?
OSI ModelTCP/UDPNetworking ProtocolsTransport Layer - Question #134Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
During the investigation of an incident, which security policies are more likely to cause difficulties?
Incident InvestigationData RetentionSecurity PoliciesEvidence Management - Question #135Access Controls Concepts
Which of these access control models is commonly used in the military?
Access Control ModelsMandatory Access Control (MAC)Military Security - Question #136Security Principles
Which type of attack attempts to mislead the user into exposing personal information by sending fraudulent emails?
PhishingSocial EngineeringAttack TypesEmail Security - Question #137Security Principles
Which type of security control does NOT include CCTV cameras?
Security ControlsPhysical SecurityCCTVControl Types - Question #138Security Principles
Which of the following is an implementation of an administrative control? ()
Administrative ControlsSecurity ControlsControl TypesCybersecurity Fundamentals - Question #139Risk Management
When looking for cybersecurity insurance, which of these is the MOST IMPORTANT objective?
Risk ManagementCybersecurity InsuranceRisk TransferenceRisk Mitigation - Question #140Access Controls Concepts
Suppose that an organization wants to implement measures to strengthen its detective access controls. Which one of these tools should they implement?
Detective ControlsAccess ControlsIntrusion Detection System (IDS)Security Controls - Question #141Security Principles
Which of these types of documents is usually THE LEAST formal?
Governance DocumentsSecurity PrinciplesComplianceOrganizational Security - Question #142Network Security Concepts
Which of these devices has the PRIMARY objective of determining the most efficient path for the traffic to flow across the network
Network DevicesRoutersNetworking FundamentalsTraffic Flow - Question #143Security Operations
Which one of these tools is MOST likely to detect an XSS vulnerability?
XSSWeb Application SecurityVulnerability ScanningSecurity Tools - Question #144Security Principles
While performing background checks on new employees, which of these can NEVER be an attribute for discrimination?
HR SecurityDiscriminationLegal & EthicsBackground Checks - Question #145Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which kind of document outlines the procedures ensuring that vital company systems keep running during business-disrupting events?
Business ContinuityDisaster RecoveryRisk Management - Question #146Network Security Concepts
Which method is COMMONLY used to map live hosts in the network?
Network DiscoveryHost IdentificationPing SweepNetwork Scanning - Question #147Security Principles
What is the most important difference between Mandatory Access Control (MAC) and Discretionary Access Control (DAC)?
Access ControlMACDACSecurity Models - Question #148Access Controls Concepts
Which of these technologies is the LEAST effective means of preventing shared accounts?
AuthenticationShared AccountsAccount SecurityAccess Control - Question #149Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which of these is NOT a typical component of a comprehensive Business Continuity Plan (BCP)?
Business Continuity Plan (BCP)Disaster Recovery (DR)Organizational ResilienceIncident Management - Question #150Security Principles
Which of these is an attack whose PRIMARY goal is to gain access to a target system through falsified identity?
SpoofingIdentity FalsificationAccess AttacksCyber Attack Types