ISC2 "Certified in Cybersecurity" Questions & Answers {Part -1}

                                       ISC2 Certified in Cybersecurity Exam Questions

Q1: Is it possible to avoid risk?

A. Yes

B. No

C. Sometimes

D. Never

Q2: What is meant by non-repudiation?

A. If a user does something, they can’t later claim that they didn’t do it.

B. Controls to protect the organization’s reputation from harm due to inappropriate social media postings

by employees, even if on their private accounts and personal time.

C. It is part of the rules set by administrative controls.

D. It is a security feature that prevents session replay attacks.

Q3: Which of the following is very likely to be used in a disaster recovery effort?

A. Guard dogs

B. Data backups

C. Contract personnel

D. Antimalware solutions

Q4: Which of the following is very likely to be used in a disaster recovery effort?

A. Guard dogs

B. Data backups

C. Contract personnel

D. Antimalware solutions

Q5: Which of these components is very likely to be instrumental to any disaster recovery (DR) effort?

A. Routers

B. Laptops

C. Firewalls

D. Backups

Q6: Which of the following is a subject?

A. file

B. fence

C. filename

D. user

Q7: Common network device used to connect networks?

A. Server

B. Endpoint

C. Router

D. Switch

Q8: A common network device used to filter traffic?

A. Server

B. Endpoint

C. Ethernet

D. Firewall

Q9: Who is responsible for publishing and signing the organization’s policies?

A. The security office

B. Human resources

C. Senior management

D. The legal department

Q10: A set of security controls or system settings used to ensure uniformity of configuration through the IT environment?

A. Patches

B. Inventory

C. Baseline

D. Policy

Q12: Mike is concerned that users on her network may be storing sensitive information, such as Social Security numbers, on their hard drives without proper authorization or security controls. What third-party security service can she implement to BEST detect this activity?

A. IDS

B. IPS

C. DLP

D. TLS

Q13: Which one of the following types of agreements is the MOST formal document that contains expectations about availability and other performance parameters between a service provider and a customer?

A. Service-Level Agreement (SLA)

B. Operational-Level Agreement (OLA)

C. Memorandum of Understanding (MOU)

D. Statement of Work (SOW)

Q14: which of the following is a feature of the rule-based access control?

A. The use of a profile.

B. The use of information flow labels.

C. The use of a data flow diagram.

D. The use of tokens.

Q15: which of the following attacks could be the MOST successful when the security technology is properly implemented and configured?

A. Logical attacks.

B. Physical attacks

C. Social Engineering attacks

D. Trojan Horse attacks

Q16: what are the primary approaches ids take to analyze events to detect attacks?

A. Misuse detection and anomaly detection.

B. Log detection and anomaly detection.

C. Misuse detection and early drop detection.

D. Scan detection and anomaly detection.

Q17: what encryption algorithm is BEST suited for communication with handheld wireless devices?

A. ECC

B. RSA

C. SHA

D. RC4

Q18: which of the following layers supervises the control rate of packet transfers in an open systems interconnections (osi) implementation?

A. Physical

B. Session

C. Transport

D. Network

Q19: which of the following is responsible for the MOST security issues?

A. Outside espionage

B. Hackers

C. Personnel

D. Equipment failure

Q20: which of the following is a DISADVANTAGE of a memory only card?

A. High cost to develop

B. High cost to operate.

C. Physically infeasible.

D. Easy to counterfeit.

Q21: Devid’s team recently implemented a new system that gathers information from a variety of different log sources, analyses that information, and then triggers automated playbooks in response to security events. what term BEST describes this technology?

A. SIEM

B. Log Repository

C. IPS

D. SOAR

.

Q22: Derrick logs on to a system in order to read a file. In this example, Derrick is the ___?

A. Subject

B. Object

C. Process

D. Predicate

Q23: Tanja is designing a backup strategy for her organization’s file server. She would like to perform a backup every weekday that has the smallest possible storage footprint. What type of backup should she perform? Select the MOST appropriate options.

A. Incremental Backup

B. Full Backup

C. Differential Backup

D. Transaction Log Backup

Q25: John joined the ISC2 Organizations, his manager asked to check the authentications in the security module. What would John use to ensure a certain control is working as he wants and expects it to?

A. Security Testing

B. Security assessment

C. Security audit

D. Security walkthrough

Q26: DevOps team has updated the application source code, Tom has discovered that many unauthorized changes have been made. What is the BEST control Tom can implement to prevent a recurrence of this problem?

A. Backup

B. File labels

C. Security audit

D. Hashing

Q27: Walmart has a large e-commerce presence in the world. Which of these solutions would ensure the LOWEST possible latency for the customers using their services?

A. CDN

B. SaaS

C. Load Balancing

D. Decentralized Data Centers

Q28: Communication between end systems is encrypted using a key, often known as ______?

A. Temporary Key

B. Section Key

C. Public Key

D. Session Key

Q29: Shaun is planning to protect their data in all states(Rest, Motion, use), defending against data leakage. What would be the BEST solution to implement?

A. End-to-end encryption.

B. Hashing

C. DLP

D. Threat Modeling

Q30: Which of the following is the least secure communications protocol?

A. CHAP

B. Ipsec

C. PAP

D. EAP

Q31: Which type of encryption uses only one shared key to encrypt and decrypt?

A. Public key

B. Asymmetric

C. Symmetric

D. TCB key

Q32: Which of the following is NOT one of the three main components of a SQL database?

A. Views

B. Schemas

C. Tables

D. Object-oriented interfaces

Q33: Which penetration testing technique requires the team to do the MOST work and effort?

A. White box

B. Blue box

C. Gray box

D. Black box

Q34: Devid is worried about distributed denial of service attacks against his company’s primary web application. which of the following options will provide the MOST resilience against large-scale DDoS attacks?

A. Implement a CDN

B. Increase the number of servers in the web application server cluster

C. Contract for DDoS mitigation services via the company’s IPS

D. Increase the amount of bandwidth available from one or more ISPs

.

Q35: TCP and UDP reside at which layer of the OSI model?

A. Session

B. Transport

C. Data link

D. Presentation

.

Q36: Which type of network is set up similar to the internet but is private to an organization? Select the MOST appropriate.

A. Extranet

B. VLAN

C. Intranet

D. VPN

.

Q37: IDS can be described in terms of what fundamental functional components?

A. Response

B. Information Sources

C. Analysis

D. All of the choices.

Q38: Which of the following best describes the type of technology the team should implement to increase the work effort of buffer overflow attacks?

A. Address space layout randomization

B. Memory induction application

C. Input memory isolation

D. Read-only memory integrity checks

Q39: Which of the following types of vulnerabilities cannot be discovered in the course of a routine vulnerability assessment?

A. Zero-day vulnerability

B. Kernel flaw

C. Buffer overflow

D. File and directory permissions

Q40: The Finance Server and Transactions Server have restored their original facility after a disaster. what should be moved in FIRST?

A. Management

B. Most critical systems

C. Most critical functions

D. Least critical functions

.

Q41: Juli is listening to network traffic and capturing passwords as they are sent to the authentication server. She plans to use the passwords as part of a future attack. What type of attack is this?

A. Brute-force attack

B. Dictionary attack

C. Social engineering attack

D. Replay attack

Q42: When the ISC2 Mail server sends mail to other mail servers it becomes ----?

A. SMTP Server

B. SMTP Peer

C. SMTP Master

D. SMTP Client

Q43: Which layer provides the services to a user?

A. Application layers

B. Session Layers

C. Presentation Layer

D. Physical Layer

Q44: Which type of authentication is something which you are expected to have?

A. Type 1

B. Type 2

C. Type 3

D. Type 4

Q45: information security is not built on which of the following?

A. Confidentiality

B. Availability

C. Accessibility

D. Integrity

Q46: Which type of database combines related records and fields into a logical tree structure?

A. Relational

B. Hierarchical

C. Object-oriented

D. Network

Q47: How many bits represent the organization’s unique identifier (oui) in Mac addresses?

A. 16 Bits

B. 48 Bits

C. 24 Bits

D. 32 Blts

Q48: What is the purpose of non-repudiation in information security?

A. To ensure data is always accessible when needed

B. To protect data from unauthorized access

C. To prevent the sender or recipient of a message from denying having sent or received the message

D. To ensure data is accurate and unchanged

Q49: What does Personally Identifiable Information (PII) pertain to?

A. Information about an individual’s health status

B. Data about an individual that could be used to identify them

C. Trade secrets, research, business plans, and intellectual property

D. The importance assigned to information by its owner

Q50: Which one of the following cryptographic algorithms does not depend upon the prime factorization problem?

A. RSA - Rivest-Shamir-Adleman

B. GPG- GNU Privacy Guard

C. ECC - Elliptic curve cryptosystem

D. PGP Pretty Good Privacy

Answer Sheet
Question Number	Answer
1	A
2	A
3	B
4	B
5	D
6	D
7	C
8	D
9	C
10	C
11
12	C
13	A
14	A
15	C
16	A
17	A
18	C
19	C
20	D
21	D
22	A
23	A
24	A
25	A
26	D
27	A
28	D
29	C
30	C
31	C
32	D
33	D
34	A
35	B
36	B
37	D
38	A
39	A
40	D
41	D
42	D
43	A
44	C
45	C
46	B
47	C
48	C
49	B
50	C