C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

ISC2 CC - Certified in Cybersecurity (CC) Certification Exam

Download Exam View Entire Exam
Page: 1 / 2
Question #1 (Topic: Demo Questions)

Which access control is more effective at protecting a door against unauthorized access? 

A.
Fences
B.
Turnstiles 
C.
Barriers 
D.
Locks
Correct Answer: D
Explanation:
A lock is a device that prevents a physical structure (typically a door) from being opened, indicating that only the authorized person (i.e. the person with the key) can open it. A fence or a barrier will prevent ALL access. Turnstiles are physical barriers that can be easily overcome (after all, it is common knowledge that intruders can easily jump over a turnstile when no one is watching). 
Question #2 (Topic: Demo Questions)

Which method eliminates residual physical effects from writing original values?

A.
Purging
B.
Overwriting
C.
Clearing
D.
Destruction
Correct Answer: C
Explanation:
Clearing is a method used to eliminate the residual physical effects of writing original values to a storage
device. This process involves overwriting the data with zeros or ones to ensure the original data cannot
be retrieved. For example, when a hard disk is erased, all previously stored data is overwritten, making it
impossible to recover the original data (see ISC2 Study Guide, Chapter 5, Module 1).
On the other hand, purging is more rigorous than wiping, in which the storage media is declassified to be
used in a less secure environment. Destruction physically destroys the storage media so it cannot be
used again. Overwriting is used in the wiping process, but it does not remove the remaining physical
effects. It is part of the wiping process, not a stand-alone method.
Question #3 (Topic: Demo Questions)

What does Configuration Management guarantee? 

A.
That any changes made to a system are unauthorized and invalidated 
B.
That all changes made to a system are authorized and validated
C.
That all changes made to a system are authorized and invalidated
D.
That all changes to a system are unauthorized and validated
Correct Answer: B
Explanation:
Configuration management ensures that all changes made to a system are authorized and validated (see ISC2 Study Guide, Domain 5). For example, when a software update is proposed for a system, Configuration Management ensures that the update is approved and tested to confirm that it works as expected and does not introduce new vulnerabilities. The remaining options do not accurately represent what Configuration Management guarantees. Suggesting that changes are unauthorized is contrary to the purpose of Configuration Management. Suggesting that changes are invalid is also incorrect; Configuration Management validates changes to ensure that they work as expected and do not compromise the security of the system. 
Question #4 (Topic: Demo Questions)

In the risk management process, which of the following best describes the concept of 'risk acceptance'? 

A.
Implementing controls and countermeasuresto eliminate all risks 
B.
Ignoring potential risks and their impacts
C.
Acknowledging that certain risks are too costly or impractical to mitigate and accepting the
potential consequences
D.
Avoiding the need for a risk management process
Correct Answer: C
Explanation:
Risk acceptance is a component of the risk management process that involves recognizing when it may be more practical or cost-effective to accept a certain level of risk rather than attempting to eliminate it entirely (see ISC2 Study Guide, Module 2, under Risk Treatment). This decision is an informed choice typically based on the organization's risk appetite and on carefully analyzing the potential costs and benefits of implementing additional controls or countermeasures. By contrast, implementing controls and countermeasures to eliminate all risks, ignoring potential risks and their impacts, and avoiding the need for a risk management process are all incorrect options, as these approaches do not accurately describe the concept of informed choice underlying risk acceptance. 
Question #5 (Topic: Demo Questions)

Exhibit.
IPSec works in which layer of OSI Model

A.
Layer 2
B.
Layer 5
C.
Layer 3
D.
Layer 7 
Next Question
Correct Answer: C
Explanation:
IPSec (Internet Protocol Security) operates atLayer 3 – the Network Layerof the OSI model. IPSec is designed to secure IP communications by authenticating and encrypting each IP packet in a data stream. Because it works directly with IP packets, it naturally fits at the network layer.
Operating at Layer 3 gives IPSec a major advantage: it can protectall network traffic, regardless of the application or transport protocol being used. This means IPSec can secure TCP, UDP, and ICMP traffic transparently without requiring changes to applications. IPSec is commonly used to implementVirtual Private Networks (VPNs), including site-to-site and remote-access VPNs.
IPSec uses protocols such asAuthentication Header (AH)andEncapsulating Security Payload (ESP)to provide confidentiality, integrity, authentication, and anti-replay protection. Key management is typically handled by IKE (Internet Key Exchange).
Although IPSec may appear in some diagrams as interacting with other layers, standards bodies such as NIST and IETF clearly define IPSec as aLayer 3 (Network Layer)security protocol.