CERTIFIED-IN-CYBERSECURITY Practice Questions
788 real CERTIFIED-IN-CYBERSECURITY exam questions with expert-verified answers and explanations. Page 7 of 16.
- Question #301Network Security Concepts
Which network security device is PRIMARILY responsible for monitoring network traffic and detecting potential threats based on predefined rules or signatures?
Network Security DevicesIntrusion Detection System (IDS)Threat DetectionNetwork Monitoring - Question #302Network Security
What network security device filters incoming and outgoing network traffic based on predefined rules and is designed to prevent unauthorized access to or from a protected network?
FirewallNetwork SecurityTraffic FilteringSecurity Devices - Question #303Security Principles
Which of the following principle states that individuals should be held to a standard of doing what a reasonable person would do under similar circumstances?
Due CareLegal & ComplianceSecurity PrinciplesGovernance - Question #304Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
is the primary purpose of a forensic investigation during the analysis phase of an incident response?
Incident ResponseDigital ForensicsEvidence CollectionChain of Custody - Question #305Security Principles
In the risk management process, which of the following best describes the concept of 'risk acceptance'?
Risk ManagementRisk AcceptanceRisk TreatmentSecurity Concepts - Question #306Incident Response Concepts
Which of the following incident response team roles is responsible for coordinating communication between the incident response team and external stakeholders, such as law enforcem...
Incident ResponseTeam RolesExternal CommunicationStakeholder Management - Question #307Security Principles
What is the PRIMARY benefit of incorporating real-life examples and scenarios into security awareness training?
Security Awareness TrainingTraining EffectivenessEmployee Education - Question #308Cloud Security
Which of the following cloud models puts MOST responsibility on the cloud provider?
Cloud ComputingCloud Service ModelsShared Responsibility - Question #309Access Controls Concepts
Which of the options does not have attributes of a Privileged User Account?
Privileged Access ManagementUser AccountsIdentity and Access ManagementSecurity Best Practices - Question #310Security Principles
Which principle of the ISC2 Code of Ethics Canons obliges to prioritize public interest and protect critical infrastructure over personal or organizational interests?
(ISC)2 Code of EthicsEthical CanonsPublic SafetyInfrastructure Protection - Question #311Access Controls Concepts
Which type of token-based authentication generates codes at fixed intervals without a server challenge? ()
AuthenticationToken-based authenticationOne-Time Password (OTP)Synchronous authentication - Question #312Security Principles
Which of the following is a key component of the risk assessment process?
risk assessmentrisk managementlikelihood and impact - Question #313Access Controls Concepts
What type of physical access control mechanism involves the use of electronic cards or key fobs that contain unique identifying information?
Physical SecurityAccess ControlElectronic Access ControlIdentification - Question #314Access Controls Concepts
What is the primary problem typically associated with decentralized access control? ()
Access ControlDecentralized Access ControlSecurity ArchitectureAccess Control Issues - Question #315Security Principles
What is the primary goal of an Advanced Persistent Threat (APT) attack?
Advanced Persistent ThreatAPTCybersecurity ThreatsAttack Goals - Question #316Security Principles
Which principle is primarily concerned with preventing unauthorized data alteration or destruction?
Cybersecurity PrinciplesCIA TriadIntegrityData Security - Question #317Network Security Concepts
What is the PRIMARY purpose of using an intrusion detection and prevention system?
IDS/IPSNetwork SecuritySecurity Controls - Question #318Network Security Concepts
What technology prioritizes critical network traffic over browsing and social media? ()
Network Traffic PrioritizationQuality of Service (QoS)Network ManagementNetwork Security - Question #319Security Principles
In an organization, which document provides step-by-step guidance in implementing a security measure?
Security DocumentationProceduresSecurity GovernanceImplementation Guidance - Question #320Security Principles
Which of the following is a technical control?
Security ControlsTechnical ControlsAccess Control ListTypes of Controls - Question #321Security Principles
What is the PRIMARY objective of baselines?
Security baselinesSecurity controlsConfiguration managementSecurity standards - Question #322Access Controls Concepts
What is the primary purpose of a password policy?
Password PolicyPassword SecurityAccess ControlAuthentication - Question #323Security Principles
What is the primary goal of the Health Insurance Portability and Accountability Act (HIPAA)?
HIPAAData PrivacyHealthcare RegulationsCompliance - Question #324Domain 1: Security Principles
How does encryption contribute to system hardening? ()
EncryptionSystem HardeningData ProtectionConfidentiality - Question #325Access Controls Concepts
What access control model allows the owner of a file to grant access to others via an access control list?
Access Control ModelsDiscretionary Access ControlACLsFile Permissions - Question #326Security Operations
Which of the following tools would be the BEST to prevent unauthorized data exfiltration from a corporate network? ()
Data Loss Prevention (DLP)Data ExfiltrationSecurity ToolsData Security - Question #327Domain 4: Network Security
Which type of network attack involves an attacker sending specially crafted malicious data to an application or system, causing it to crash or become unresponsive? ()
Buffer OverflowNetwork AttacksVulnerability ExploitationApplication Security - Question #328Security Principles
What is the primary difference between a threat and a vulnerability?
ThreatsVulnerabilitiesCybersecurity ConceptsRisk Management - Question #329Access Controls Concepts
Which of the following physical access control methods is designed to authenticate the identity of individuals entering a facility?
Physical Access ControlAuthenticationPhysical SecurityAccess Control Methods - Question #330Security Principles
In the context of the risk management process, what does the term 'residual risk' refer to?
Residual RiskRisk ManagementCybersecurityControls - Question #331Network Security Concepts
To which OSI layer does a MAC address belong to?
OSI ModelMAC AddressNetworking FundamentalsData Link Layer - Question #332Security Principles
Which category of cloud services does a ready-to-use email service fall into?
Cloud ComputingCloud Service ModelsSaaSEmail Services - Question #333Security Principles
Which of the following documents establishes context and sets out strategic direction and priorities?
Security PoliciesGovernanceStrategic DirectionOrganizational Documents - Question #334Security Principles
What type of malware is designed to replicate itself and spread to other devices without any user intervention?
Malware typesWormsCyber threatsSelf-replication - Question #335Security Principles
Which of the following is an example of a threat vector?
Threat VectorsPhishingAttack MethodsCybersecurity Fundamentals - Question #336Security Operations
Which of the following is NOT a common system hardening practice?
System HardeningSecurity ControlsCybersecurity Best Practices - Question #337Security Principles
Which of the following is NOT considered an insider threat?
Insider ThreatsThreat ActorsCybersecurity ThreatsThreat Identification - Question #338Security Principles
To ensure cybersecurity practices remain effective, which documents should be regularly updated and reviewed?
Cybersecurity GovernancePoliciesDocumentationCompliance - Question #339Network Security Concepts
Which technology is BEST for port-based authentication to ensure that network clients authenticate before use?
Network Access Control802.1XPort AuthenticationNetwork Security - Question #340Security Operations
Which of the following is the MOST effective method to destroy a data tape disk?
Data DestructionDegaussingData SanitizationMagnetic Media - Question #341Security Principles
Which of the following is an example of a measure to protect confidentiality?
ConfidentialityCIA TriadAccess ControlsEncryption - Question #342Security Principles
Which policy will outline if personally owned equipment is permitted for business purposes?
BYOD PolicySecurity PoliciesInformation Security GovernanceAsset Management - Question #343Security Principles
What type of attack attempts to misdirect legitimate users to malicious websites by abusing URLs or hyperlinks in emails?
PhishingSocial EngineeringEmail SecurityAttack Types - Question #344Access Controls Concepts
Which of the following is NOT a recommended practice for password protection according to the security awareness training examples?
Password SecuritySecurity AwarenessAccess ControlBest Practices - Question #345Security Principles
What type of network attack involves an attacker creating a malicious email that appears to come from a legitimate source to trick recipients into revealing sensitive information o...
PhishingSocial EngineeringEmail SecurityAttack Types - Question #346Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
What is the primary objective of a Business Continuity Plan (BCP) in the context of incident response, business continuity, and disaster recovery concepts?
Business Continuity PlanDisaster RecoveryIncident Response - Question #347Security Principles
Which of the following security measures is most effective in protecting PII stored on a laptop in case of theft?
PII ProtectionData EncryptionEndpoint SecurityTheft Protection - Question #348Security Principles
Digital signatures primarily rely on which cryptographic technique?
Digital SignaturesAsymmetric CryptographyCryptographic PrinciplesInformation Assurance - Question #349Security Operations
What is the MOST formal document between a service provider and a customer that sets expectations FOR performance parameters?
Service-level agreementIT Service ManagementVendor managementContractual agreements - Question #350Security Principles
Which aspect ensures that authorized users have timely and reliable access to information and resources?
AvailabilityCIA TriadSecurity Principles