CERTIFIED-IN-CYBERSECURITY Practice Questions
788 real CERTIFIED-IN-CYBERSECURITY exam questions with expert-verified answers and explanations. Page 9 of 16.
- Question #401Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
What is the difference between a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP)?
Business Continuity PlanDisaster Recovery PlanOrganizational ResilienceRisk Management - Question #402Domain 1: Security Principles
What is the purpose of a procedure?
ProceduresDocumentationInformation Security GovernanceGRC Fundamentals - Question #403Security Principles
What is a definition for cloud computing?
Cloud ComputingCloud ConceptsService ModelsFoundational IT - Question #404Access Controls Concepts
Which factor should be considered when choosing an access control system?
Access Control SystemsSystem SelectionPerformance MetricsSecurity Design - Question #405Threats, Attacks, and Vulnerabilities
Which of the following is NOT a type of attack that can be used to gain access to an organization's network?
Attack typesAccess attacksDenial of ServiceCredential attacks - Question #406Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Which of the following is NOT a common component of a comprehensive Business Continuity Plan (BCP)?
Business Continuity PlanningDisaster RecoveryOrganizational ResilienceCrisis Management - Question #407Security Principles
What is the most critical factor when implementing access controls for a physical site?
Access ControlsPhysical SecurityRisk ManagementCost-Benefit Analysis - Question #408Security Principles
Which of the following is an example of a standard?
StandardsISO 27001Security FrameworksSecurity Policies - Question #409Security Principles
What does a well-designed security policy aim to achieve?
Security PolicyRisk ManagementSecurity GoalsInformation Security Principles - Question #410Security Operations
Which of these is not one of the four components of change management according to ISC2?
Change ManagementConfiguration ManagementSecurity OperationsIT Process - Question #411Security Principles
What is the term used to describe the combination of the likelihood of a threat and the potential impact of the threat?
Risk ManagementThreat AssessmentLikelihoodImpact - Question #412Incident Response Concepts
What is the typical response when someone is detected trying to access a database without permission?
Incident ResponseAccess ControlSecurity LoggingThreat Mitigation - Question #413Security Operations
What is the FIRST activity in the Change Management components?
Change ManagementIT OperationsSecurity OperationsProcess Flow - Question #414Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
In the incident response process, who is NOT typically involved in forensic investigations? ()
Incident ResponseDigital ForensicsRoles and ResponsibilitiesCybersecurity Teams - Question #415Security Principles
What is the PRIMARY goal of enforcing defense in depth?
Defense in depthSecurity principlesLayered securityRisk mitigation - Question #416Security Principles
What is ransomware?
ransomwaremalwarecyber threatdata security - Question #417Security Principles
Which ISC2 Code of Ethics Canon focuses on a security analyst's responsibility to prevent harm and maintain public well-being?
ISC2 Code of EthicsEthical PrinciplesProfessional ResponsibilityPublic Trust - Question #418Security Principles
Which of the following is an example of an invasion of privacy?
PrivacyConfidentialityData ProtectionEthics - Question #419Access Controls Concepts
Which of the following is an example of biometric authentication?
Biometric AuthenticationAuthentication MethodsAccess Control - Question #420Security Principles
What are cloud-based resources?
Cloud ComputingCloud ResourcesDefinitionsBasic Concepts - Question #421Security Principles
Which method involves writing multiple patterns across all storage media?
Data SanitizationOverwritingSecure Data DisposalStorage Media - Question #422Security Principles
What are the two main options for a data center?
Data Center OperationsInfrastructure DeploymentCloud Computing - Question #423Access Controls Concepts
When implementing authentication, which of the following is considered a best practice?
AuthenticationMulti-Factor Authentication (MFA)Security Best PracticesAccess Control - Question #424Access Controls Concepts
Access controls are ...
Access ControlAuthorizationSecurity MechanismsLeast Privilege - Question #425Security Principles
What is the main difference between risk avoidance and risk transference?
Risk ManagementRisk AvoidanceRisk TransferenceCybersecurity Risk - Question #426Security Operations
What does Configuration Management guarantee?
Configuration ManagementChange ManagementSecurity OperationsSystem Integrity - Question #427Security Principles
What is the primary purpose of the ISC2 Code of Ethics?
ISC2 Code of EthicsEthical conductProfessional responsibility - Question #428Security Principles
What are the six components in the data lifecycle?
Data LifecycleData ManagementInformation SecurityData Protection - Question #429Security Principles
Which of the following is NOT commonly included in an Acceptable Use Policy (AUP)?
Acceptable Use PolicySecurity PoliciesInformation Governance - Question #430Network Security Concepts
Which device determines the most efficient route for traffic flow on a network?
Networking FundamentalsNetwork DevicesRoutersTraffic Routing - Question #431Security Operations
Which of the following is NOT an example of a cyber attack?
Cyber Attack TypesMalwareSocial EngineeringDenial of Service - Question #432Security Principles
The term "defense in depth" refers to:
Defense in depthLayered securitySecurity principlesSecurity architecture - Question #433Security Principles
Which of the following is TRUE about Denial of Service (DoS)?
Denial of ServiceCyberattacksSecurity Threats - Question #434Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Why is it a best practice to have a documented incident response plan? ()
Incident ResponseSecurity PlanningIncident ManagementCybersecurity Best Practices - Question #435Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
What is the concept of redundancy in system design?
RedundancySystem DesignFault ToleranceAvailability - Question #436Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
In the context of incident response, the term that refers to the collection and preservation of an incident is: ()
Incident ResponseEvidence CollectionDigital Forensics - Question #437Network Security
What role does a hub play in a network?
Network DevicesHubsNetworking Fundamentals - Question #438Access Controls Concepts
To monitor for potential hazards, what should NOT be integrated into the building control environment?
Physical Access ControlSystem IntegrationBuilding SecurityOperational Technology (OT) - Question #439Security Principles
What is the common mistake in records retention?
Records RetentionData GovernanceInformation Lifecycle ManagementCompliance - Question #440Access Controls Concepts
Which is not an example of biometric data?
BiometricsAuthenticationIdentity ManagementAccess Control - Question #441Security Operations
What is one of the challenges presented by a Bring Your Own Device (BYOD) policy?
BYODMobile SecurityEndpoint SecuritySecurity Policies - Question #442Business Continuity (BC), Disaster Recovery (DR) & Incident Response (IR) Concepts
In the context of business continuity planning (BCP), which of the following is an effective strategy for mitigating the risk of data loss?
Business Continuity PlanningData Loss MitigationBackup and RecoveryDisaster Recovery - Question #443Access Controls Concepts
What is the difference between SFA and MFA?
AuthenticationMFASFAAccess Control - Question #444Security Principles
What type of malware disguises itself as benign software but carries a malicious payload?
MalwareTrojan HorseCyber ThreatsSecurity Fundamentals - Question #445Security Principles
Which of the following is a law with multinational implications?
GDPRMultinational LawData Privacy RegulationCompliance - Question #446Access Controls Concepts
We can say that Mandatory Access Control (MAC) is:
Access ControlMandatory Access ControlSecurity Policies - Question #447Security Principles
What does a 'low sensitivity' label on data mean?
Data ClassificationData SensitivitySecurity ImpactData Labeling - Question #448Access Controls Concepts
What is a common method for an access control system to authenticate an individual?
Access ControlAuthenticationPhysical SecurityCredentials - Question #449Access Controls Concepts
Who dictates the access controls rules in a Discretionary Access Control (DAC)?
Discretionary Access ControlAccess Control ModelsSecurity Principles - Question #450Security Principles
What are the four cloud delivery models?
Cloud computingCloud deployment modelsBasic cloud concepts