Question 1: Correct

A company is deploying a new application that requires secure communication between

clients and the server.
Which of the following protocols would BEST meet this requirement?
Explanation
Ans: HTTPS(Hypertext Transfer Protocol Secure)

HTTPS is provide security communication between client & server

Question 2: Correct
What goal of security is enhanced by a STRONG business continuity program?
Explanation
ANS: Availability

Question 3: Correct
What term describes RISKS that originate inside the organization?
Explanation
Ans: Internal

Question 4: Correct
If Alice wants to send a message to Bob using symmetric cryptography, what key does
she use to encrypt the message?
Explanation
Ans: Shared secret key

Question 5: Incorrect
You are a member of the team that has been selected to create your organization's
business continuity plan. What is the most vital document in this plan?

Explanation
Ans: Business impact analysis (BIA)

Question 6: Correct
Sam Is Searching For A Forum Where He Can Share Threat Intelligence Information
With Others From His Industry In A Collaborative, Industry-Specific Forum. What Type
Of Organization Would Best Meet His Needs?

Explanation
Ans: Information Sharing & Analysis (ISACs)
Question 7: Incorrect
The purpose of mandatory vacations as a security measure is to discover which of the
following?
Explanation
Mandatory vacations are an administrative control which provides operational security
by forcing employees to take vacations and reinforces job rotation principles adding the
advantage that an employee sharing that job may determine if unethical occurrences
have been made.

Question 8: Correct
What is the minimum acceptable temperature for a data center?
Explanation
Ans: 64.4 degrees Fahrenheit

Question 9: Incorrect
What access management concept defines what rights or privileges a user has?
Explanation
Ans: Authorization

Question 10: Correct

Quantified harm caused when a vulnerability is exploited is known as what?
Explanation
Ans: Impact

Question 11: Correct

What is the purpose of hot and cold aisles?

Explanation
Ans: to control airflow in the data center

Question 12: Correct

You are training several IT professionals on security and access control. You need to
explain to the professionals the most common form of identification and authentication.

What identification and authentication mechanism should you explain?

Explanation
Ans: user identification with reusable password

Question 13: Incorrect

You are providing end-user security awareness training. As part of this training, you
explain why the organization uses asymmetric encryption and how it works.
What is used to decrypt a file in this type of encryption?
Explanation
Ans: private key
Question 14: Correct
Which of the following is not defined in RFC 1918 as one of the private IP address
ranges that are not routed on the Internet?
Explanation
Ans: The address range 169.172.0.0–169.191.255.255 is not listed in RFC 1918 as a
public IP address range.

Question 15: Incorrect

Confidentiality is dependent upon which of the following?
Explanation
Ans: Integrity

Without integrity, confidentiality cannot be maintained.

Question 16: Incorrect

What was the primary purpose of Separation of duties in an organizations?

Explanation
Main purpose of Separation of duties is Data Integrity. Data can"t modified by
unauthorized person

Question 17: Correct

You need to remove data from a storage media that is used to store confidential
information.

Which method is NOT recommended?

Explanation
Ans: formatting

Question 18: Correct

Which of the following is an example of a security control that provides accountability?
Explanation
Ans: Audit logs

Audit log will give clear picture, who has made change in system and make them
accountable.

Other Options are not relevant here.

Question 19: Incorrect

A cloud-based service that provides account provisioning, management, authentication,
authorization, reporting, and monitoring capabilities is known as what type of service?
Explanation
Ans: Identity as a service (IDaaS)

Identity as a service (IDaaS) provides capabilities such as account provisioning,

management, authentication, authorization, reporting, and monitoring. Platform as a
service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS)

Question 20: Correct

What is the process that occurs when the Session layer removes the header from data
sent by the Transport layer?
Explanation
Ans: De-encapsulation

Question 21: Correct

What is the purpose of the backup of electronically stored data on hdd?
Explanation
Main purpose is to keep data available whenever needed i.e during hdd crash

Question 22: Correct

A risk has been determined to have a low probability but very high impact.
What methodology was used to evaluate this risk?

Explanation
Ans: Qualitative

Question 23: Correct

What network port is used for SSL/TLS VPN connections?

Explanation
Ans: 443

Port 443: HTTPS

Port 88 : Kerberos
Port 80: HTTP
Port 1521 : SQL Port

Question 24: Correct

Bob has been tasked with writing a policy that describes how long data should be kept
and when it should be purged. What concept does this policy deal with?
Explanation
Ans:Record retention

Question 25: Incorrect

What process is typically used to ensure data security for workstations that are being
removed from service but that will be resold or otherwise reused?

Explanation
When done properly, a sanitization process fully ensures that data is not remnant on the
system before it is reused. Clearing and erasing can both be failure prone, and of
course destruction wouldn’t leave a machine or device to reuse

Question 26: Correct

Raj’s new employer has hired him for a position with access to their trade secrets and
confidential internal data. What legal tool should they use to help protect their data if he
chooses to leave to work at a competitor?

Explanation
Ans: NDA

A nondisclosure agreement (NDA) is a legal agreement between two parties that

specifies what data they will not disclose.

Question 27: Correct

Which one of the following is an example of a manmade disaster?

Explanation
Ans: Transformer failure

Question 28: Correct

Which of the following are the storage types associated with IaaS?

Explanation
Ans: Volume and object

Question 29: Correct

Which role is considered the leader of the business continuity plan committee and is
responsible for the overall success of the business continuity plan?

Explanation
Ans: business continuity coordinator

Question 30: Incorrect

Which one of the following is not a possible hash length from the SHA-2 function?

Explanation
Ans: 128 bits

Question 31: Correct

Which type of control is an example of a detective control?
Explanation
Ans: Closed-circuit television (CCTV)

Question 32: Incorrect

What authentication technology can be paired with OAuth to perform identity verification
and obtain user profile information using a RESTful API?

Explanation
Ans: OpenID Connect

Question 33: Incorrect

Which element of the security policy framework includes suggestions that are not
mandatory?

Explanation
Ans: Guidelines

Question 34: Incorrect

Which of the following common use cases would address the issue of data leakage
from a side-channel attack?

Explanation
Ans: Supporting high resiliency

Question 35: Correct

After 10 years working in her organization, Helia is moving into her fourth role, this time
as a manager in the accounting department. What issue is likely to show up during an
account review if her organization does not have strong account maintenance
practices?

Explanation
Privilege creep is a common problem when employees change roles over time and their
privileges and permissions are not properly modified to reflect their new roles. Least
privilege issues are a design or implementation problem, and switching roles isn’t
typically what causes them to occur.
Question 36: Correct
Twinklena Is Implementing A Network Access Control Solution For An Open Guest
Network. She Would Like To Use An Approach That Does Not Require Installing
Software On Systems Joining The Network But Can Limit Them To A Quarantine
Network Until They Successfully Pass A Health Check. What NAC Solution Would Best
Meet Her Needs?

Explanation
Ans: Captive Portal

Question 37: Correct

What are the elements of the CIA Triad?

Explanation
Ans: Confidentiality, integrity, and availability

Question 38: Correct

What type of security control is designed to stop a security issue from occurring in the
FIRST place?

Explanation
Ans: Preventive

Question 39: Incorrect

The type of access granted to an object and the actions that you can take on or with the
object are examples of what?

Explanation
Ans: Permissions

Question 40: Correct

Fred needs to transfer files between two servers on an untrusted network. Since he
knows the network isn’t trusted, he needs to select an encrypted protocol that can
ensure that his data remains secure. What protocol should he choose?

Explanation
The Secure File Transfer Protocol (SFTP) is specifically designed for encrypted file
transfer.

Question 41: Incorrect

Purchasing server instances and configuring them to run your own software is an
example of what cloud deployment model?

Explanation
Ans: IaaS

Question 42: Correct

Which of the following AAA protocols is the most commonly used?

Explanation
Ans: TACACS+

Question 43: Correct

What UDP port is typically used by the syslog service?

Explanation
Ans: UDP 514

Question 44: Correct

What type of security policy normally describes how users may access business
information with their OWN devices?

Explanation
Ans: BYOD policy

Question 45: Correct

During an incident response, what is the highest priority of FIRST responders?

Explanation
Ans: Containing the damage

Question 46: Correct

Which one of the following disaster recovery tests involves the actual activation of the
DR site?

Explanation
Ans: Parallel test

Question 47: Correct

Which of the following is an example of a physical security control?
Explanation
Security Camera - Its hardware control.
Question 48: Correct
You have recently been hired as a security administrator for your company. In the
security documentation, it mentions that message authentication code (MAC) is
implemented.
What does this ensure?

Explanation
Ans: message integrity
Question 49: Correct
What is meant by MTBF?

Explanation
Ans: The average amount of time from one failure to the next

Question 50: Incorrect

A company wants to protect the integrity of their data. Which of the following
cryptographic concepts should they implement?

Explanation
Ans: Secure hashing algorithms

Question 51: Correct

What operation uses a cryptographic key to convert plaintext into ciphertext?

Explanation
Ans: Encryption

Question 52: Correct

What type of access control is composed of policies and procedures that support
regula?tions, requirements, and the organization’s own policies?

Explanation
Ans: Administrative

Question 53: Incorrect

Something you know is an example of what type of authentication factor?

Explanation
Ans: Type 1

A Type 1 authentication factor is something you know.

A Type 2 authentication factor is something you have, like a smartcard or hardware

token.

A Type 3 authentication factor is something you are, like a biometric identifier.

There is no such thing as a Type 4 authentication factor.

Question 54: Correct

Which type of analysis involves comparing the cost of implementing a safeguard to the
impact of a possible threat?

Explanation
Ans: risk analysis
Question 55: Incorrect
Which one of the following intellectual property protection mechanisms has the shortest
duration?

Explanation
Ans: Patents

Question 56: Correct

Which cloud deployment model exclusively uses dedicated cloud resources for a
customer?

Explanation
Ans: Private Cloud

Question 57: Incorrect

A password that requires users to answer a series of Questions like “What is your
mother’s maiden name?” or “What is your favorite color?” is known as what type of
password?

Explanation
Ans: Cognitive passwords

Question 58: Correct

Your organization has just expanded its network to include another floor of the building
where your offices are located. You have been asked to ensure that the new floor is
included in the business continuity plan. What should you do?
Explanation
Ans: Update the business continuity plan to include the new floor and its functions.

Question 59: Correct

The process for assigning a dollar value to anticipated losses resulting from a threat
source successfully exploiting a vulnerability is known as ____?

Explanation
Ans: A qualitative risk analysis "Qualitative risk analysis" assesses impact in relative
terms such as high, medium, and low impact without assigning a dollar value.

Question 60: Incorrect

The correct choice for encrypting the entire original data packet in a tunneled mode for
an IPSec solution is____?

Explanation
Ans: Encapsulating Security Payload (ESP)
An IPSec solution that uses ESP will encapsulate the entire original data packet when
implemented in a tunnel mode.

Question 61: Correct

Which of the following is an example of a security control that provides availability?

Explanation
Ans: Data backup

When CIA(Information Security principle) comes with available, please think, how we
can make availble data to all user i.e

Question 62: Correct

What law applies to the use of personal information belonging to European Union
residents?

Explanation
Ans: GDPR

The General Data Protection Regulation is a Regulation in EU law on data protection

and privacy in the EU and the European Economic Area.

Question 63: Incorrect

David Recently Posted Signs Around His Organization’s Facility Warning Visitors That
The Area Is Under 24 Hour Video Surveillance. What Term Best Describes This
Control?

Explanation
Ans: Deterrent

Question 64: Incorrect

Which cryptographic attacks attempt to produce the same hash value from a brute force
attack using two inputs? (Choose two.)

Explanation
Ans: Collision & Birthday

Question 65: Incorrect

Your organization is trying to decide whether to use RSA or ECC to encrypt cellular
communications.
What is an advantage of ECC over the RSA algorithm?

Explanation
Ans: ECC requires fewer resources.

Question 66: Correct

Which of the following attributes are added beyond traditional access control
mechanisms (RBAC, MAC, and DAC) in order to implement ABAC?

Explanation
Ans: Context

Question 67: Incorrect

You Are Seeking To Secure A Windows Server And Would Like To Find A Security
Standard That Is Independent Of Both Government Agencies And The Vendors
Involved In Providing Your Operating System And Software.
Which One Of The Following Sources Would BEST Meet Your Needs?

Explanation
Ans: CIS

Question 68: Correct

At which OSI model layer does the IPSec protocol function?

Explanation
Ans: Network

Question 69: Correct

A web application accesses information in a database to retrieve user information. What
is the web application acting as?

Explanation
Ans: Subjects

Question 70: Correct

Your organization has decided to implement an encryption algorithm to protect data.
One IT staff member suggests that the organization use IDEA.
Which strength encryption key is used in this encryption algorithm?

Explanation
Ans: 128-bit

Question 71: Correct

Your company's security policy includes system testing and security awareness training
guidelines. Which control type is this considered?

Explanation
Ans: preventative administrative control

Question 72: Incorrect

A company is implementing a multi-factor authentication solution for remote access.
Which of the following is an example of an authentication factor that could be used?
Explanation
Ans: All of the above

Question 73: Correct

Security professionals with a (ISC)2 certification are expected to serve first:

Explanation
Human first concept is the prime focus of isc2

Question 74: Correct

Dogs, guards, and fences are all common examples of what type of control?

Explanation
Ans: Physical

Question 75: Correct

What disaster recovery metric provides the targeted amount of time to restore a service
after a failure?

Explanation
Ans: RTO

Question 76: Incorrect

The business continuity team is interviewing users to gather information about business
units and their functions. Which part of the business continuity plan includes this
analysis?

Explanation
Ans: Business impact analysis (BIA)

Question 77: Correct

Which one of the following data sanitization strategies is most secure?
Explanation
Ans: destruction

Question 78: Correct

Max is responding to a recent security incident and is seeking information on the
approval process for a recent modification to a system’s security settings.
Where would he most likely find this information?

Explanation
Ans: change log

The change log contains information about approved changes and the change
management process. While other logs may contain details about the change’s effect,
the audit trail for change management would be found in the change log.
Question 79: Correct
A web application accesses information in a database to retrieve user information. What
is the web application acting as?

Explanation
Ans:

Subjects are active entities that can access a passive object to retrieve information from
or about an object. Subjects can also make changes to objects when they are properly
authorized. Users are often subjects, but not all subjects are users.

Question 80: Incorrect

Which of the following is the PRIMARY purpose of a digital certificate?

Explanation
Ans: To protect data at rest.

Question 81: Incorrect

When a user attempts to log into their online account, Google sends a text message
with a code to their cell phone. What type of verification is this?

Explanation
Ans: Out-of-band identity proofing

Question 82: Correct

When you're designing a security system for Internet-delivered e-mail, which of the
following is least important?

Explanation
Ans: Availability

Question 83: Incorrect

Which type of application serves as a core for the business operations of an
organization?

Explanation
Ans: A critical application

Question 84: Correct

When vm are constructed and destroyed in elastic cloud computing environments, the
same physical hardware is commonly used by different clients over time. Implications
for which of the following data security issues does this have?

Explanation
Main drawback is privay, because same hdd can be used for other client too. SO in
cloud main drawback of Data is Confidentiality
Question 85: Incorrect
Creating incident response policies for an organization would be an example of ---?

Explanation
Ans: An administrative control

Administrative controls are “managerial” and are a part of corporate security policy.

Question 86: Incorrect

If availability of authentication services is the organization’s biggest priority, what type of
identity platform should Ben recommend?

Explanation
Ans: Hybrid

Question 87: Correct

What is the MINIMUM number of disk required to perform RAID level 5?

Explanation
Ans: 3

Question 88: Incorrect

What type of backup includes only those files that have changed since the most recent
full or incremental backup?

Explanation
Ans: Incremental

Question 89: Correct

Ann continues her investigation and realizes that the traffic generating the alert is
abnormally high volumes of inbound UDP traffic on port 53.
What service typically uses this port?

Explanation
Ans: DNS

Port 53 is DNS port

Question 90: Incorrect

When Chris verifies an individual’s identity and adds a unique identifier like a user ID to
an identity system, what process has occurred?

Explanation
Ans: Registration
Registration is the process of adding a user to an identity management system. This
includes creating their unique identifier and adding any attribute information that is
associated with their identity. Proofing occurs when the user provides information to
prove who they are. Directories are managed to maintain lists of users, services, and
other items. Session management tracks application and user sessions.

Question 91: Correct

Which of the following are the storage types associated with PaaS?

Explanation
Structured and unstructured

Question 92: Correct

Which of the following is an example of a biometric authentication method?

Explanation
Ans: Fingerprint scanner

Question 93: Correct

Marty discovers that the access restrictions in his organization allow any user to log into
the workstation assigned to any other user, even if they are from completely different
departments. This type of access most directly violates which information security
principle?

Explanation
This broad access may indirectly violate all of the listed security principles, but it is most
directly a violation of least privilege because it grants users privileges that they do not
need for their job functions

Question 94: Incorrect

When calculating risks by using the quantitative method, what is the result of multiplying
the asset values by the exposure factor (EF)?

Explanation
Ans: SLE

Question 95: Incorrect

What term BEST describes making a snapshot of a system or application at a point in
time for later comparison?

Explanation
Ans: Baselining

Question 96: Incorrect

Your organization has recently adopted a new security policy. As part of this policy, you
must implement the appropriate technologies to provide confidentiality.
Which technology provides this?

Explanation
Ans: asymmetric encryption

Question 97: Correct

Management has requested that you implement controls that take corrective action
against threats. Which entity is an example of this type of control?

Explanation
Ans: Business continuity planning

Question 98: Correct

Nessus is an example of a _____ tool?

Explanation
Ans: Network vulnerability scanning

Question 99: Incorrect

Which intrusion detection system (IDS) uses a magnetic field to detect intrusions?

Explanation
Ans: a proximity detector

Question 100: Correct

What network device can connect together multiple networks?

Explanation
Ans: Router"
https://www.udemy.com/course/isc2-certified-in-cybersecuritycc-practice-
exam/learn/quiz/5815616/result/962902952#:~:text=ISC2%20%2D%20CC%2Dcertified,
Ans%3A%20Router