CERTIFIED-IN-CYBERSECURITY Practice Questions
788 real CERTIFIED-IN-CYBERSECURITY exam questions with expert-verified answers and explanations. Page 4 of 16.
- Question #151Network Security
Which of these enables point-to-point online communication over an untrusted network?
VPNNetwork SecuritySecure Communication - Question #152Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
When an incident occurs, which of the following is NOT a primary responsibility of an organization's incident response team?
Incident ResponseIncident Response TeamRoles and ResponsibilitiesCommunication - Question #153Access Controls Concepts
Which of these pairs does NOT constitute Multi-Factor Authentication (MFA)?
Multi-Factor AuthenticationAuthentication FactorsAccess ControlSecurity Controls - Question #154Security Principles
Which of these entities is responsible for signing an organization's policies?
Policy GovernanceRoles and ResponsibilitiesOrganizational PolicyManagement Responsibility - Question #1551.5 Understand the Role of Security Controls
Which of these is a type of corrective security control?
Security ControlsCorrective ControlsPatch Management - Question #156Security Principles
Which of these is a COMMON mistake made when implementing record retention policies?
Record RetentionData GovernanceComplianceInformation Management - Question #157Data Protection and Privacy
When a company collects PII, which policy is required?
PIIPrivacy PolicyData PrivacyCompliance - Question #158Security Operations
On a BYOD model, which of these technologies is best suited to keep corporate data and applications separate from personal?
BYODContainerizationData SeparationEndpoint Security - Question #159Security Operations
What is the primary goal of a Change Management Policy?
Change ManagementIT OperationsPolicyBusiness Continuity - Question #160Access Control Concepts
In a DAC policy scenario, which of these tasks can only be performed by a subject granted access to information?
Discretionary Access Control (DAC)Access Control ModelsPermissions ManagementSecurity Attributes - Question #161Security Principles
In the event of non-compliance, which of these can have considerable financial consequences for an organization?
RegulationsComplianceFinancial ConsequencesGovernance - Question #162Security Principles
A USB pen with data passed around the office is an example of: ()
Data StatesData SecurityData ClassificationStorage Security - Question #163Security Principles - Risk Management Concepts
Which of the following is NOT a part of 'Risk assessment'? ()
Risk AssessmentRisk ManagementCybersecurity FundamentalsSecurity Principles - Question #164Domain 1: Security Principles
Which of these is NOT one of the (ISC)?ethics canons?
(ISC)² ethicsEthics canonsProfessional conduct - Question #165Security Principles
The PRIMARY objective of a security baseline is to establish ...
Security BaselinesSecurity RequirementsMinimum Security - Question #166Security Operations
What technology is MOST LIKELY to conserve the storage space required for video recordings? ()
Video SurveillanceMotion DetectionStorage ManagementPhysical Security - Question #167Network Security
An organization needs a network security tool that detects and acts in the event of malicious activity. Which of these tools will BEST meet their needs?
Network SecurityIPSIDSSecurity Tools - Question #168Domain 1: Security Principles
Which of these social engineering attacks sends emails that target specific individuals?
Social engineeringPhishingEmail securityCybersecurity threats - Question #169Security Principles
Which of these is an attack that encrypts the organization's information, and then demands payment for the decryption code?
RansomwareMalwareCyber AttacksThreats - Question #170Network Security Concepts
The BEST defense method to stop a 'Replay Attack' is to: ()
Replay AttackIPSec VPNNetwork SecurityAttack Mitigation - Question #171Security Principles
Which is the PRIMARY focus of the ISO 27002 standard? ()
ISO 27002ISMSInformation Security Standards - Question #172Access Controls Concepts
Which of these is a type of detective access control?
Access ControlPhysical SecurityDetective ControlsSecurity Controls - Question #173Threats and Vulnerabilities
Which of these is NOT a common goal of a cybersecurity attacker?
Cybersecurity Attack GoalsAttacker MotivationsThreats and Vulnerabilities - Question #174Security Principles
A security professional should report violations of a company's security policy to:
Reporting violationsSecurity policiesProfessional responsibilityOrganizational ethics - Question #175Network Security Concepts
Which of these attacks take advantage of inadequate input validation in websites?
Web SecurityInput ValidationCross-Site ScriptingWeb Application Attacks - Question #176Security Principles
Which of the following is not typically installed as a result of an infection?
Malware TypesCyber ThreatsLogic BombMalware Delivery - Question #177Security Principles
Which of these is NOT an effective way to protect an organization from cybercriminals?
Security ControlsMalware ProtectionSystem HardeningNetwork Security - Question #178Security Principles
What is NOT an example of a technical control?
Security ControlsTechnical ControlsAdministrative ControlsData Security - Question #179Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
What type of disaster recovery test involves activating the alternate processing facility while keeping the primary site operational?
Disaster Recovery TestingBusiness ContinuityParallel Test - Question #180Network Security Concepts
Which of the following is a valid public IP?
IP AddressingIPv4Public IPPrivate IP - Question #181Access Controls
How can organizations effectively combine different types of physical access controls to enhance security?
Physical Access ControlLayered SecuritySecurity ControlsDefense-in-Depth - Question #182Domain 1: Security Principles
Which one of the ISC2 Code of Ethics canons emphasizes the importance of continuous professional development?
(ISC)2 Code of EthicsProfessional DevelopmentEthics in CybersecurityCybersecurity Professionalism - Question #183Access Controls Concepts
Which option below does NOT represent a type of biometric data?
BiometricsAuthentication FactorsAccess ControlSecurity Fundamentals - Question #184Access Controls
Which access control model is more flexible and scalable between Mandatory Access Control (MAC)l and Discretionary Access Control (DAC)?
Access Control ModelsDACMACFlexibility and Scalability - Question #185Security Principles
Which of the following is NOT a typical physical security requirement for wiring closets? ()
Physical SecurityWiring ClosetsEnvironmental SafetyAccess Control - Question #186Security Principles
What is an 'on-path' attack?
On-path attackMan-in-the-MiddleNetwork securityAttack types - Question #187Access Controls Concepts
Access is based on which three elements:
Access ControlSecurity FundamentalsAuthorization - Question #188Security Principles
Which of the following is an administrative security control?
Security ControlsAdministrative ControlsControl Types - Question #189Network Security
A flood of inbound connections from various global locations suggests what kind of attack?
Denial of ServiceDDoSAttack typesNetwork attacks - Question #190Access Controls Concepts
Which access control type does NOT involve a lock among the following options?
Access ControlSecurity ControlsDirective ControlsPhysical Security - Question #191Access Controls Concepts
What process should the company undertake to verify that an employee has the necessary privileges, considering their roles in HR, payroll, and customer service?
Access ControlUser Access ReviewPrivilege ManagementRole-Based Access Control - Question #192Access Controls Concepts
What access control principle prevents someone from both creating a new user account and assigning that account superuser privileges within the same system?
Access ControlSeparation of DutiesPrivilege ManagementUser Account Management - Question #193Network Security
What type of attack involves attackers intercepting a connection between a user and a genuine website?
Man-in-the-middleNetwork attacksCybersecurity threats - Question #194Physical Security
What is the most effective physical security measure for a recently established unstaffed computing facility, featuring motion detectors and secondary authentication?
Physical SecuritySurveillanceFacility SecurityAccess Control - Question #195Security Principles
Which of the following best describes the PRIMARY goal of Security Awareness activities within an organization?
Security AwarenessHuman FactorsOrganizational SecuritySecurity Programs - Question #196Access Controls Concepts
What is the PRIMARY goal of a spoofing attack?
Spoofing attacksCyber threatsIdentity compromiseAccess control bypass - Question #197Access Controls Concepts
What access control model is common in firewalls?
FirewallsAccess Control ModelsRule-based Access ControlNetwork Security - Question #198Network Security
What is the PRIMARY objective of a Virtual Private Network (VPN)?
VPNNetwork SecuritySecure Remote Access - Question #199Cryptography
Which requirement is not necessary for a cryptographic hash function?
Cryptographic HashesCryptography PrinciplesHash Function Properties - Question #200Security Principles
Which of the following documents outlines the specific step-by-step instructions to achieve a task or process?
Documentation TypesProceduresInformation Security GovernanceSecurity Principles