ISC2 Cybersecurity Certification (CC) E xam Questions and Answers What type of security training is specifically designed to educate employees about attack techniques? - Answer ✔️✔️-capture the flag Linda's organization recently experienced a social engineering attack. The attacker called a help desk employee and persuaded her that she was a project manager on a tight deadline and locked out of her account. The help desk technician provided the attacker with access to the account. What social engineering principle was used? - Answer ✔️✔️-urgency What type of phishing attack focuses specifically on senior executives of a targeted organization? - Answer ✔️✔️-whaling Which one of the following data sanitization strategies is most secure? - Answer ✔️✔️-
destruction Data classifications should be assigned based upon: - Answer ✔️✔️-sensitivity and criticality If Alice wants to send a message to Bob using symmetric crypto graphy, what key does she use to encrypt the message? - Answer ✔️✔️-shared secret key What are the hash lengths from the SHA -2 function? - Answer ✔️✔️-224, 256, and 512 bits What operation uses a cryptographic key to convert plaintext into ciphertext? - Answer ✔️✔️-
encryption What are the characteristics of cloud computing? - Answer ✔️✔️-ubiquitous, on -demand, convenient Purchasing server instances and configuring them to run your own software is an example of what cloud deployment model? - Answer ✔️✔️-Infrastructure as a Service (IaaS) What type of agreement is used to define availability requirements for an IT service that an organization is purchasing from a vendor? - Answer ✔️✔️-Service Level Agreement (SLA) Which cloud deployment model exclusively uses dedicated cloud resources for a customer? - Answer ✔️✔️-private cloud Vendors extend your organization's technology environment. If they handle data on your behalf, you should expect they execute the same degree of care that you would in your own op erations. - Answer ✔️✔️-true Which one of the following devices carries VLANs on a network? - Answer ✔️✔️-switch What security principle does a firewall implement with traffic when it does not have a rule that explicitly defines an action for that commun ication? - Answer ✔️✔️-implicit deny Ricky would like to separate his network into three distinct security zones. Which one of the following devices is best suited to that task? - Answer ✔️✔️-firewall What network device can connect together multiple net works? - Answer ✔️✔️-router What is the most important control to apply to smart devices? - Answer ✔️✔️-network segmentation What network port is used for SSL/TLS VPN connections? - Answer ✔️✔️-443 What is the piece of software running on a device that enables it to connect to a NAC -protected network? - Answer ✔️✔️-supplicant Nessus is an example of a _____ tool. - Answer ✔️✔️-network vulnerability scanning Nmap is an example of a _____ tool. - Answer ✔️✔️-port scanning Rachel recently investigated a security alert from her intrusion detection system and, after exhaustive research, determined that the alert was not the result of an intrusion. What type of error occurred? - Answer ✔️✔️-false positive
destruction Data classifications should be assigned based upon: - Answer ✔️✔️-sensitivity and criticality If Alice wants to send a message to Bob using symmetric crypto graphy, what key does she use to encrypt the message? - Answer ✔️✔️-shared secret key What are the hash lengths from the SHA -2 function? - Answer ✔️✔️-224, 256, and 512 bits What operation uses a cryptographic key to convert plaintext into ciphertext? - Answer ✔️✔️-
encryption What are the characteristics of cloud computing? - Answer ✔️✔️-ubiquitous, on -demand, convenient Purchasing server instances and configuring them to run your own software is an example of what cloud deployment model? - Answer ✔️✔️-Infrastructure as a Service (IaaS) What type of agreement is used to define availability requirements for an IT service that an organization is purchasing from a vendor? - Answer ✔️✔️-Service Level Agreement (SLA) Which cloud deployment model exclusively uses dedicated cloud resources for a customer? - Answer ✔️✔️-private cloud Vendors extend your organization's technology environment. If they handle data on your behalf, you should expect they execute the same degree of care that you would in your own op erations. - Answer ✔️✔️-true Which one of the following devices carries VLANs on a network? - Answer ✔️✔️-switch What security principle does a firewall implement with traffic when it does not have a rule that explicitly defines an action for that commun ication? - Answer ✔️✔️-implicit deny Ricky would like to separate his network into three distinct security zones. Which one of the following devices is best suited to that task? - Answer ✔️✔️-firewall What network device can connect together multiple net works? - Answer ✔️✔️-router What is the most important control to apply to smart devices? - Answer ✔️✔️-network segmentation What network port is used for SSL/TLS VPN connections? - Answer ✔️✔️-443 What is the piece of software running on a device that enables it to connect to a NAC -protected network? - Answer ✔️✔️-supplicant Nessus is an example of a _____ tool. - Answer ✔️✔️-network vulnerability scanning Nmap is an example of a _____ tool. - Answer ✔️✔️-port scanning Rachel recently investigated a security alert from her intrusion detection system and, after exhaustive research, determined that the alert was not the result of an intrusion. What type of error occurred? - Answer ✔️✔️-false positive
