CERTIFIED-IN-CYBERSECURITY Practice Questions
788 real CERTIFIED-IN-CYBERSECURITY exam questions with expert-verified answers and explanations. Page 5 of 16.
- Question #201Security Principles
What is the term for retaining and maintaining information for as long as it is needed?
Record RetentionInformation GovernanceData LifecycleCompliance - Question #202Security Principles
Digital signatures provide which of the following security benefits?
Digital SignaturesData IntegrityNon-repudiationCryptography - Question #203Security Principles
What is the PRIMARY object of security baselines?
Security BaselinesSecurity ConfigurationsSecurity StandardsConfiguration Management - Question #204Security Principles
Which risk management strategy is a company applying when the cost of implementing controls for a natural disaster outweighs the benefits?
Risk ManagementRisk AcceptanceRisk StrategiesCybersecurity Principles - Question #205Access Controls Concepts
How is personally identifiable information (PII) access limited to only essential information?
Access ControlNeed to Know PrinciplePII ProtectionData Privacy - Question #206Network Security Concepts
What is the name of the network tool that changes and maps source addresses of client requests for client anonymity? ()
Proxy serversNetwork anonymityNetwork security toolsNetworking fundamentals - Question #207Security Principles
What is the likelihood of an earthquake in the downtown area of Paris, if the records show that a big earthquake happens every 100 years?
ProbabilityLikelihoodRisk Assessment Basics - Question #208Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
When developing a business impact analysis, what should be the next step after creating a list of assets?
Business Impact AnalysisBIA ProcessAsset ValuationBusiness Continuity - Question #209Access Controls Concepts
Which of the following logical access control models uses a set of rules to determine whether a subject can access a specific object?
Access Control ModelsRule-Based Access ControlLogical Access ControlSecurity Concepts - Question #210Access Controls Concepts
Which one of the following is PRIMARILY used for identification purposes and is not suitable for use as an authenticator?
IdentificationAuthenticationAccess Control FundamentalsUser Management - Question #211Security Principles
What is the PRIMARY goal of security training?
Security TrainingSecurity AwarenessHuman Factors - Question #212Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which type of disaster recovery test has the LEAST possible impact on regular information system operations?
Disaster Recovery (DR)Business Continuity (BC)DR TestingIncident Response - Question #213Security Operations
What term is used to describe a large collection of unrelated patches released together?
Software patchingService packsSystem maintenanceUpdate types - Question #214Security Principles
What is the main purpose of an Acceptable Use Policy (AUP)?
Acceptable Use PolicyCybersecurity PolicyUser ResponsibilitySecurity Governance - Question #215Security Principles
Which of the following is NOT a principle of the ISC2 code of ethics?
ISC2 Code of EthicsProfessional EthicsEthical PrinciplesProfessional Conduct - Question #216Security Principles
The Memorandum of Understanding (MOU)/Memorandum of Agreement (MOA) is ...
MOU/MOAFormal AgreementsGovernanceBusiness Agreements - Question #217Security Principles
What responsibility do you have as a member of the data protection team?
Data ProtectionPrivacy LawsOrganizational ComplianceResponsibilities - Question #218Domain 1: Security Principles
Why is it important to conduct security awareness training regularly?
Security Awareness TrainingEmployee EducationThreat AwarenessSecurity Best Practices - Question #219Access Controls Concepts
What security principle is being adhered to when a user's access request is declined, despite meeting the necessary security clearance, because there is no business justification f...
Access ControlSecurity PrinciplesNeed to KnowInformation Security - Question #220Security Principles
Which of the following documents is developed by governments or industry regulators to enforce specific requirements for cybersecurity?
RegulationsLegal and ComplianceCybersecurity Governance - Question #221Access Controls Concepts
What type of control is commonly exemplified by dogs, guards, and fences?
Physical SecuritySecurity ControlsAccess Control - Question #222Security Principles
Which ISC2 Code of Ethics Canon emphasizes a security analyst's duty to avoid harm and uphold public well- being?
ISC2 Code of EthicsProfessional EthicsSocietal ProtectionCybersecurity Principles - Question #223Security Principles
Data at rest is TYPICALLY vulnerable to which type of security risk? ()
Data at restData breachConfidentialitySecurity risks - Question #224Security Principles
What cloud service provides the highest level of flexibility and customization for the organization?
Cloud ComputingIaaSCloud Service ModelsFlexibility - Question #225Network Security Concepts
What is the problem when a NAT router uses a 192.168.x.x subnet and has an external IP of 192.168.1.40?
NATPrivate IP AddressesRFC 1918Network Routing - Question #226Security Principles
Which cryptographic attribute is demonstrated when Alice proves that Bob's message undeniably came from him?
CryptographyNon-repudiationSecurity Principles - Question #227Security Operations
During a security incident response, where will an incident responder member find the most recent modification to a system's security settings? ()
Incident ResponseChange ManagementLoggingSecurity Settings - Question #228Security Principles
A hash function is ...:
Hash FunctionCryptography BasicsSecurity PrinciplesData Integrity - Question #229Security Principles
Which of the following is NOT considered a threat actor?
Threat ActorsCybersecurity FundamentalsThreat IntelligenceAdversary Types - Question #230Security Principles
What is a threat?
Threat DefinitionCybersecurity FundamentalsRisk Management BasicsSecurity Concepts - Question #231Access Controls Concepts
What receives a label in a MAC model?
Mandatory Access ControlAccess Control ModelsSecurity LabelsSubjects and Objects - Question #232Network Security Concepts
What ports are typically used to identify unencrypted FTP traffic by an IDS?
FTPTCP PortsNetwork ProtocolsIDS - Question #233Security Operations: Understand Data Security
What is the best technology for detecting unauthorized storage of sensitive data on hard drives? ()
Data Loss PreventionData SecurityEndpoint SecuritySensitive Data - Question #234Security Principles
What is a zero-day vulnerability?
Zero-day vulnerabilityVulnerabilityCybersecurity conceptsThreats - Question #235Access Controls Concepts
Which term is used to denote the standard permissions assigned to a user account upon creation?
Access ControlPermissionsUser AccountsSecurity Terminology - Question #236Security Principles
The PRIMARY objective of the Risk Management process is...:
Risk ManagementRisk AssessmentSecurity ControlsRisk Prioritization - Question #237Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which type of documentation is commonly created once an incident has been remediated?
Incident ResponsePost-incident ReviewLessons LearnedSecurity Documentation - Question #238Network Security Concepts
Which of the following layers is NOT a TCP Architecture layer?
TCP/IP ModelNetwork LayersNetworking Fundamentals - Question #239Business Continuity and Disaster Recovery
What term refers to a facility that is equipped with HVAC, power, and communications circuits, but does not have hardware for a business to use during a disaster?
Disaster RecoveryCold SiteBusiness ContinuityRecovery Site Types - Question #240Access Controls Concepts
What is the primary goal of a visitor management policy as part of physical access controls?
Visitor ManagementPhysical SecurityAccess ControlSecurity Policy - Question #241Security Principles
Which of the following is a common topic covered in security awareness training?
Security Awareness TrainingPhishingSocial EngineeringUser Education - Question #242Network Security
Which OSI model layer is responsible for the end-to-end transmission of data between two hosts?
OSI ModelTransport LayerNetworking FundamentalsEnd-to-End Communication - Question #243Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which of the following can be considered an example of a computer security incident?
Security IncidentsIncident ResponseUnauthorized ActivityThreats - Question #244Security Principles
What type of malware is used to take hostage a user's data and require a ransom payment for release?
MalwareRansomwareCyber threatsCybersecurity terminology - Question #245Network Security Concepts
What is the main difference between 'ingress' monitoring and 'egress' monitoring?
Ingress MonitoringEgress MonitoringNetwork TrafficNetwork Security - Question #246Security Principles
Which aspect of the CIA Triad focuses on ensuring that the information is accessible when it is needed?
CIA TriadAvailabilityInformation Security PrinciplesSecurity Fundamentals - Question #247Cloud Security Concepts
What cloud service is recommended for developers to create applications?
Cloud Service ModelsPaaSApplication DevelopmentCloud Computing - Question #248Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
What phase of the incident response process is aimed at minimizing the impact or extent of an incident?
Incident ResponseContainmentCybersecurity OperationsSecurity Incident Management - Question #249Network Security Concepts
What is the difference between Network Access Control (NAC) and a Virtual Private Network (VPN)?
Network Access ControlVirtual Private NetworkNetwork SecurityAccess Control - Question #250Security Principles
What mechanism among the following is typically NOT used as an anti-fraud measure?
Fraud preventionAdministrative controlsPersonnel security