CERTIFIED-IN-CYBERSECURITY Practice Questions
788 real CERTIFIED-IN-CYBERSECURITY exam questions with expert-verified answers and explanations. Page 6 of 16.
- Question #251Security Principles
What is the PRIMARY purpose of encryption?
EncryptionData ProtectionConfidentialitySecurity Principles - Question #252Understanding Cybersecurity Threats and Attacks
What type of attack is an APT attack?
APTCyber AttacksThreat TypesCybersecurity Terminology - Question #253Security Principles
What is the final phase of the data handling life cycle?
Data lifecycleData handlingData destructionInformation security - Question #254Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which of the following concepts is exemplified by a load balancer that spans across multiple regions and boosts website availability and performance? ()
Load BalancingHigh AvailabilityDistributed SystemsMulti-region Deployment - Question #255Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
In disaster recovery planning, which of the following would typically be considered examples of natural disasters? (I) Hacking incident, (II) Tsunami, (III) Forest fire, (IV) Terro...
Disaster Recovery PlanningNatural DisastersIncident ClassificationBusiness Continuity - Question #256Access Controls Concepts
What model is utilized in Mandatory Access Control (MAC)?
Mandatory Access Control (MAC)Lattice-based Security ModelAccess Control ModelsSecurity Models - Question #257Security Principles
What statement regarding the ISC2 code of ethics is not TRUE?
(ISC)2 Code of EthicsProfessional EthicsCertification RequirementsProfessional Conduct - Question #258Network Security Concepts
What type of attack is a Distributed Denial of Service (DDoS) attack?
DDoSDenial of ServiceAttack TypesNetwork Attacks - Question #259Network Security
What is a PRIMARY objective of a Virtual Local Area Network (VLAN)?
VLANNetwork SegmentationNetworking Fundamentals - Question #260Access Controls Concepts
How many are the authentication factors employed by an organization requiring a username, PIN, token, and retina scan during login?
Authentication FactorsMulti-factor AuthenticationAccess ControlIdentity Management - Question #261Security Principles
HIPAA primarily oversees the use of:
HIPAAPHIData PrivacyRegulatory Compliance - Question #262Security Principles
The CIA Triad is a foundational security model that includes which three key principles?
CIA TriadSecurity PrinciplesInformation Security ModelsFoundational Concepts - Question #263Security Principles
Which one of the following security principles is PRIMARILY at risk when a device is lost or stolen?
ConfidentialitySecurity PrinciplesData LossDevice Security - Question #264Security Principles
What is the other name given to security controls?
Security ControlsTerminologyCybersecurity FundamentalsRisk Management - Question #265Security Principles
Which of the following is a set of best practices, guidelines, or requirements that is widely accepted within an industry and helps organizations maintain a consistent level of sec...
Security StandardsSecurity GovernanceBest PracticesIndustry Guidelines - Question #266Security Operations
What instrument assists system administrators by providing secure configuration templates for operating systems and applications?
Baseline ConfigurationSystem HardeningConfiguration ManagementSecurity Controls - Question #267Access Controls
What is the term for an instance in which a logged-in user can perform specific activities within an application or system?
AuthorizationAccess ControlIdentity and Access ManagementPermissions - Question #268Security Operations
What is the best technology for enforcing uniform security settings on multiple mobile devices in an organization? ()
Mobile Device ManagementEndpoint SecuritySecurity ControlsAsset Management - Question #269Security Principles
What is the main purpose of a Service-Level Agreement (SLA)?
Service-Level Agreement (SLA)Vendor ManagementManaged Service Provider (MSP)Service Management - Question #270Security Principles
Which of the following enables message recipients to prove the authenticity of the message sender to a third party?
Non-repudiationSecurity ServicesInformation Security Concepts - Question #271Security Principles
What is a side-channel attack?
Side-channel attacksAttack typesPassive attacksCybersecurity threats - Question #272Security Principles
Which of the following is an example of a technical security control?
Security ControlsTechnical ControlsControl TypesSecurity Principles - Question #273Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
Which of the following is a best practice for data backup policies?
Data BackupEncryptionConfidentialityIntegrity - Question #274Security Principles and Concepts
What is the main difference between PII and PHI?
PIIPHIData ClassificationData Privacy - Question #275Security Principles
Which of the following is a PRIMARY purpose of using digital signatures?
Digital SignaturesData IntegrityCryptographySecurity Principles - Question #276Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
What is the recommended approach for assessing risks when designing a Business Continuity Plan (BCP) that considers tangible and intangible assets?
Risk AssessmentBusiness Continuity Planning (BCP)Tangible AssetsIntangible Assets - Question #277Security Operations
Which of the following system hardening techniques involves reducing the attack surface by removing unnecessary software and services? ()
System HardeningAttack Surface ReductionSecurity ConfigurationLeast Functionality - Question #278Security Principles
Which of the following is a best practice to support regulatory and contractual obligations?
Regulatory complianceContractual obligationsLegal requirementsSecurity governance - Question #279Access Controls Concepts
What is the term for the random value added to a password to prevent rainbow table attacks? ()
Password SecurityHashingSaltRainbow Table Attacks - Question #280Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which of the following is a key component of a Disaster Recovery Plan (DRP)?
Disaster RecoveryDRP ComponentsBusiness Continuity PlanningOrganizational Roles - Question #281Security Principles
Which ISC2 Code of Ethics Canon is being enacted when an employee refuses a bribe by a vendor to recommend their product and reports the incident?
ISC2 Code of EthicsProfessional EthicsEthical ConductBribery - Question #282Security Principles
Which principle of the ISC2 Code of Ethics Canons highlights the importance of providing quality service to clients or employers?
ISC2 Code of EthicsProfessional EthicsClient ServiceProfessional Responsibility - Question #283Access Controls Concepts
An organization wants to decrease the number of help desk cases related to password changes. What measure can the organization take? ()
Password managementSelf-serviceHelp desk efficiencyAccess control management - Question #284Security Principles
What is the primary purpose of implementing role-based access control (RBAC)?
Role-Based Access ControlAccess ControlAuthorizationSecurity Principles - Question #285Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
What is the recommended appropriate frequency for testing an organization's Business Continuity Plan (BCP)?
Business Continuity Plan (BCP)BCP TestingDisaster RecoveryOrganizational Resilience - Question #286Business Continuity, Disaster Recovery & Incident Response Concepts
Which of the following is a key component of a Business Continuity Plan (BCP)?
Business Continuity PlanDisaster RecoveryOperational ResilienceRisk Management - Question #287Business Continuity and Disaster Recovery
How does a Business Impact Analysis (BIA) contribute to the disaster recovery planning process?
Business Impact AnalysisDisaster RecoveryBusiness ContinuityCriticality Assessment - Question #288Access Controls Concepts
In the context of physical access controls, what is the purpose of implementing a mantrap?
Physical SecurityAccess ControlMantrapTailgating Prevention - Question #289Security Operations
What access control problems arise if during an audit it is found that an IT manager retains permission access to shared folders from his previous company roles? ()
Access ControlPrivilege ManagementIdentity and Access Management (IAM)Security Audit - Question #290Security Principles
Defense in depth is a strategy that ...:
Defense in DepthLayered SecuritySecurity ArchitectureCybersecurity Principles - Question #291Security Principles
Which U.S. government agency within the Department of Commerce publishes and makes available for free download a wide variety of technical standards, including those for informatio...
NISTInformation Security StandardsGovernment AgenciesCybersecurity Frameworks - Question #292Access Controls Concepts
When developing a banking website, what is the advised method to confirm user identities?
Multi-Factor AuthenticationAuthenticationWeb SecurityAccess Control - Question #293Security Principles
What is the main difference between symmetric and asymmetric encryption?
Symmetric EncryptionAsymmetric EncryptionCryptography - Question #294Access Control Concepts
What is created when permissions are listed for individual users on a Unix file system?
File PermissionsAccess Control Lists (ACLs)Access Control Entry (ACE)Unix/Linux Security - Question #295Network Security Concepts
Which three OSI model layers correspond to the TCP/IP model's Application layer?
OSI ModelTCP/IP ModelNetwork LayersProtocol Architectures - Question #296Security Principles
Which of the following best describes non-repudiation in the context of digital signatures?
Non-repudiationDigital SignaturesCryptographySecurity Services - Question #297Access Controls Concepts
What is the PRIMARY identity and access management function you use when providing a user ID and password?
AuthenticationIdentity and Access ManagementUser Credentials - Question #298Access Controls Concepts
Which of the following options is NOT an access control layer?
Access Control LayersSecurity ControlsAdministrative ControlsPhysical Controls - Question #299Domain 1: Security Principles
In the context of the CIA Triad, which of the following security controls would primarily enhance data availability? ()
CIA TriadAvailabilitySecurity ControlsData Backup - Question #300Security Operations
Which of the following is not a physical control?
Physical SecuritySecurity ControlsAccess Control