ISC2 CC - Certified in Cybersecurity (CC) Certification Exam
Question #1 (Topic: Demo Questions)
Which access control is more effective at protecting a door against unauthorized access?
Correct Answer: D
Explanation:
A lock is a device that prevents a physical structure (typically a door) from being opened, indicating that only the authorized person (i.e. the person with the key) can open it. A fence or a barrier will prevent ALL access. Turnstiles are physical barriers that can be easily overcome (after all, it is common knowledge that intruders can easily jump over a turnstile when no one is watching).
Question #2 (Topic: Demo Questions)
Which method eliminates residual physical effects from writing original values?
Correct Answer: C
Explanation:
Clearing is a method used to eliminate the residual physical effects of writing original values to a storage
device. This process involves overwriting the data with zeros or ones to ensure the original data cannot
be retrieved. For example, when a hard disk is erased, all previously stored data is overwritten, making it
impossible to recover the original data (see ISC2 Study Guide, Chapter 5, Module 1).
On the other hand, purging is more rigorous than wiping, in which the storage media is declassified to be
used in a less secure environment. Destruction physically destroys the storage media so it cannot be
used again. Overwriting is used in the wiping process, but it does not remove the remaining physical
effects. It is part of the wiping process, not a stand-alone method.
Question #3 (Topic: Demo Questions)
What does Configuration Management guarantee?
Correct Answer: B
Explanation:
Configuration management ensures that all changes made to a system are authorized and validated (see ISC2 Study Guide, Domain 5). For example, when a software update is proposed for a system, Configuration Management ensures that the update is approved and tested to confirm that it works as expected and does not introduce new vulnerabilities. The remaining options do not accurately represent what Configuration Management guarantees. Suggesting that changes are unauthorized is contrary to the purpose of Configuration Management. Suggesting that changes are invalid is also incorrect; Configuration Management validates changes to ensure that they work as expected and do not compromise the security of the system.
Question #4 (Topic: Demo Questions)
In the risk management process, which of the following best describes the concept of 'risk acceptance'?
Correct Answer: C
Explanation:
Risk acceptance is a component of the risk management process that involves recognizing when it may be more practical or cost-effective to accept a certain level of risk rather than attempting to eliminate it entirely (see ISC2 Study Guide, Module 2, under Risk Treatment). This decision is an informed choice typically based on the organization's risk appetite and on carefully analyzing the potential costs and benefits of implementing additional controls or countermeasures. By contrast, implementing controls and countermeasures to eliminate all risks, ignoring potential risks and their impacts, and avoiding the need for a risk management process are all incorrect options, as these approaches do not accurately describe the concept of informed choice underlying risk acceptance.
Question #5 (Topic: Demo Questions)
Exhibit.
IPSec works in which layer of OSI Model
Correct Answer: C
Explanation: