CERTIFIED-IN-CYBERSECURITY Practice Questions
788 real CERTIFIED-IN-CYBERSECURITY exam questions with expert-verified answers and explanations. Page 8 of 16.
- Question #351Network Security Concepts
Which type of network attack involves an attacker intercepting and potentially altering the communication between two parties without their knowledge?
Network AttacksMan-in-the-Middle (MITM)Cybersecurity FundamentalsAttack Types - Question #352Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which of the following controls safeguards an organization during a blackout power outage?
Business ContinuityPower ManagementPhysical SecurityDisaster Recovery - Question #353Access Controls Concepts
Which attacks involve an attacker using a list of pre-computed hashes to find a matching hash value for a user's password? ()
Rainbow TablePassword AttackHashingAuthentication Attacks - Question #354Legal, Regulatory, and Compliance
What is the term for the GDPR requirement allowing individuals to request the termination of their data dissemination? ()
GDPRData PrivacyIndividual RightsRight to be forgotten - Question #355Security Principles
In the context of risk management, what is the purpose of risk mitigation?
Risk ManagementRisk MitigationSecurity ControlsCountermeasures - Question #356Security Operations
Which one of the following security tools would be in the best position to detect malicious behavior in a device (e.g., your personal computer)?
Security ToolsIntrusion DetectionHost Security - Question #357Access Controls Concepts
What type of authentication factor is voice pattern recognition?
Authentication factorsBiometricsInherence factorVoice recognition - Question #358Security Principles
Which of the following is an example of a threat actor?
Threat ActorsCybersecurity FundamentalsAttacker Types - Question #359Access Controls Concepts
Which of the following is a logical access control method that verifies the identity of a user before granting access to a system?
AuthenticationAccess ControlIdentity VerificationLogical Security - Question #360Security Principles
Which of the following types of information is considered PII?
PIIData ClassificationPrivacyInformation Types - Question #361Access Controls Concepts
What type of factor is a callback to a mobile phone?
Authentication FactorsMulti-Factor Authentication (MFA)Possession FactorAccess Control - Question #362Network Security
What network security device allows remote users to securely connect to a private network over the public Internet by encrypting their communications?
VPNNetwork SecurityRemote AccessEncryption - Question #363Security Principles
What term is used to describe phishing attacks that specifically target company administrators?
PhishingSocial EngineeringWhalingCybersecurity Threats - Question #364Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
What is the primary goal of a Disaster Recovery Plan (DRP)?
Disaster RecoveryBusiness ContinuityRecovery PlanningOperational Resilience - Question #365Security Principles
A security analyst discovers a vulnerability in a client's system but decides to withhold the information, fearing negative publicity for the client. Which ISC2 Code of Ethics Cano...
ISC2 Code of EthicsProfessional responsibilityVulnerability management ethicsEthical conduct - Question #366Security Principles
What attribute is NOT associated with a hashing algorithm?
Hashing AlgorithmsCryptographic HashesHash Function Properties - Question #367Access Controls Concepts
What technology is used to ensure authorized software is used within an organization? ()
Application whitelistingSoftware authorizationAccess control - Question #368Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
During which phase of the incident response process would be most appropriate to implement long-term fixes to prevent similar incidents in the future?
Incident ResponseRecovery PhasePreventative Measures - Question #369Network Security Concepts
What is the PRIMARY purpose of a firewall?
FirewallNetwork SecuritySecurity ControlsThreat Prevention - Question #370Access Controls Concepts
Which of the following is a primary objective of implementing physical access controls in an organization?
Physical SecurityAccess ControlSecurity ObjectivesUnauthorized Access Prevention - Question #371Security Principles
What is the cloud computing model where customers share computing infrastructure without knowing each other's identity?
Cloud Computing ModelsPublic CloudShared InfrastructureCloud Concepts - Question #372Security Principles
Alice and Bob are good friends and want to exchange messages securely. Alice receives a message from Bob. What key does Alice use to decrypt the encrypted message she received?
Asymmetric EncryptionPublic Key CryptographyKey ManagementConfidentiality - Question #373Security Principles
Which is the second phase of the data handling life cycle?
Data LifecycleData HandlingInformation ManagementData Storage - Question #374Access Controls Concepts
What is the situation that occurs when a user accumulates system privileges that exceed the requirements of the user's job?
Privilege CreepAccess ControlUser PrivilegesLeast Privilege - Question #375Access Controls Concepts
What is the primary purpose of using a mantrap in physical access control?
Physical SecurityAccess ControlMantrapTailgating Prevention - Question #376Security Principles
What security principle can help detect fraudulent behavior, such as employees transferring funds to their personal accounts?
Fraud DetectionInternal ControlsAdministrative ControlsSecurity Principles - Question #377Threats, Vulnerabilities, and Attacks
What does the acronym APT stand for?
APTThreat ActorsCybersecurity Terminology - Question #378Security Principles
Which of the following is a definition of phishing?
PhishingSocial EngineeringCybersecurity ThreatsSecurity Awareness - Question #379Security Principles
Which of the following is an example of collusion?
CollusionSegregation of DutiesFraud PreventionInternal Controls - Question #380Network Security Concepts
In a network environment, which of the following is an example of a security control?
Security controlsNetwork securityFirewalls - Question #381Security Principles
To protect sensitive information, when is sanitization or destruction required?
Data sanitizationData destructionAsset disposalInformation lifecycle management - Question #382Security Operations
In a data center, what is NOT a typical issue related to airflow?
Data Center OperationsPhysical SecurityEnvironmental ControlsCooling - Question #383Security Principles
What is the European Union's General Data Protection Regulation (GDPR)?
GDPRData ProtectionPrivacy RegulationsLegal Compliance - Question #384Security Principles
A vulnerability is ...
vulnerabilitysecurity fundamentalsrisk componentscybersecurity definitions - Question #385Security Principles
Non-repudiation is ...:
Non-repudiationSecurity PrinciplesInformation Security ConceptsCybersecurity Fundamentals - Question #386Security Principles
Data remanence is known as:
Data remanenceData sanitizationData disposalInformation protection - Question #387Network Security Concepts
What is an endpoint in a network?
Networking FundamentalsNetwork ComponentsEndpoint - Question #388Access Control Concepts
What is Role-based Access Control (RBAC)?
RBACAccess ControlPermissions - Question #389Network Security Concepts
Which of the following options BEST describes the concept of a network?
Network fundamentalsNetwork definitionBasic networking - Question #390Access Controls Concepts
What is the primary difference between DAC and MAC?
Access ControlDACMACSecurity Models - Question #391Access Controls Concepts
Who controls access in a Mandatory Access Control (MAC) system?
Access ControlMandatory Access Control (MAC)Security AdministratorsSecurity Models - Question #392Security Principles
What does SaaS offer consumers?
SaaSCloud ComputingCloud Service ModelsSoftware as a Service - Question #393Access Controls Concepts
Physical access controls are employed to:
Physical SecurityAccess ControlAsset ProtectionSecurity Fundamentals - Question #394Security Operations
What is the recommended temperature range for optimized data center uptime and hardware life?
Data center operationsEnvironmental controlsPhysical securityHardware longevity - Question #395Security Operations Concepts
In change management, what is the purpose of a rollback plan?
Change ManagementRollback PlanSystem RecoveryIT Operations - Question #396Security Principles
What is the difference between a standard and a regulation?
StandardsRegulationsComplianceGovernance - Question #397Security Principles
What is the definition of a Risk?
Risk ManagementCybersecurity ConceptsDefinitionsSecurity Principles - Question #398Security Principles
What is privacy?
PrivacyData ProtectionInformation Rights - Question #399Security Operations
For a rack in a data center, how many temperature sensors are recommended?
Data Center OperationsEnvironmental MonitoringRack MonitoringPhysical Security - Question #400Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
What term describes the activities that must be performed to ensure the incident is properly handled?
Incident ResponseSecurity OperationsIncident Handling