ISC2 – Exam Preparation QUIZ – 1

  • Fee: Free ISC2 Practice Tests (based on ISC2 Guide https://www.ISc2.org/ )
  • Passing score: 95%
  • Time limit: 80 minutes
  • Number of questions: 75
  • Format: Multiple Choice, Multi Answer and True/False
  • Difficulty: Advance
127
Created on

ISC2 - Exam Preparation 1

ISC2 - Exam Preparation 1

1 / 75

Aphrodite is a member of ISC2 and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do? (D1, L1.5.1)

2 / 75

Which of the following is probably the main purpose of configuration management? (D5.2, L5.2.1)

Question options:
A)Keeping out intruders
B)Ensuring the organization adheres to privacy laws
C)Keeping secret material protected
D)Ensuring only authorized modifications are made to the IT environment

3 / 75

The European Union (EU) law that grants legal protections to individual human privacy. (D1, L1.1.1)

Question options:
A)The Privacy Human Rights Act
B)The General Data Protection Regulation
C)The Magna Carta
D)The Constitution

4 / 75

Which of the following probably poses the most risk? (D1, L1.2.1)

5 / 75

"Wiring _____" is a common term meaning "a place where wires/conduits are often run, and equipment can be placed, in order to facilitate the use of local networks." (D4.3 L4.3.1)

Question options:
A)Shelf
B)Closet
C)Bracket
D)House

6 / 75

Bluga works for Triffid, Inc. as a security analyst. Bluga wants to send a message to several people and wants the recipients to know that the message definitely came from Bluga. What type of encryption should Bluga use? (D5.1, L5.1.3)

Question options:
A)Symmetric encryption
B)Asymmetric encryption
C)Small-scale encryption
D)Hashing

7 / 75

Security controls on log data should reflect ________. (D5.1, L5.1.2)

Question options:
A)The organization's commitment to customer service
B)The local culture where the log data is stored
C)The price of the storage device
D)The sensitivity of the source device

8 / 75

Triffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the documents into a safe at the end of the workday, where they are locked up until the following workday. What kind of control is the process of putting the documents into the safe? (D1, L1.3.1)

Question options:
A)Administrative
B)Tangential
C)Physical
D)Technical

9 / 75

Bruce is the branch manager of a bank. Bruce wants to determine which personnel at the branch can get access to systems, and under which conditions they can get access. Which access control methodology would allow Bruce to make this determination? (D3, L3.3.1)

Question options:
A)MAC (mandatory access control)
B)DAC (discretionary access control)
C)RBAC (role-based access control)
D)Defense-in-depth

10 / 75

In risk management concepts, a(n) _________ is something a security practitioner might need to protect. (D1, L1.2.1)

Question options:
A)Vulnerability
B)Asset
C)Threat
D)Likelihood

11 / 75

At Parvi's place of work, the perimeter of the property is surrounded by a fence; there is a gate with a guard at the entrance. All inner doors only admit personnel with badges, and cameras monitor the hallways. Sensitive data and media are kept in safes when not in use. (D3, L3.1.1)

This is an example of:

Question options:
A)Two-person integrity
B)Segregation of duties
C)Defense in depth
D)Penetration testing

12 / 75

When data has reached the end of the retention period, it should be _____. (D5.1, L5.1.1)

Question options:
A)Destroyed
B)Archived
C)Enhanced
D)Sold

13 / 75

In order for a biometric security to function properly, an authorized person's physiological data must be ______. (D3, L3.2.1)

Question options:
A)Broadcast
B)Stored
C)Deleted
D)Modified

14 / 75

Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has.

In this situation, what is Prachi? (D3, L3.1.1)

Question options:
A)The subject
B)The rule
C)The file
D)The object

15 / 75

Network traffic originating from outside the organization might be admitted to the internal IT environment or blocked at the perimeter by a ________. (D3, L3.2.1)

Question options:
A)Turnstile
B)Fence
C)Vacuum
D)Firewall

16 / 75

Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don't collide with pedestrians. What is probably the most effective type of control for this task? (D1, L1.3.1)

Question options:
A)Administrative
B)Technical
C)Physical
D)Nuanced

17 / 75

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that operational managers have the utmost personal choice in determining which employees get access to which systems/data. Which method should Handel select? (D3, L3.3.1)

Question options:
A)Role-based access controls (RBAC)
B)Mandatory access controls (MAC)
C)Discretionary access controls (DAC)
D)Security policy

18 / 75

Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1)

Question options:
A)Administrative
B)Finite
C)Physical
D)Technical

19 / 75

True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs. (D2, L2.2.1)

20 / 75

The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1)

Question options:
A)Policy
B)Procedure
C)Standard
D)Law

21 / 75

A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing  ________. (D1, L1.1.1)

Question options:
A)Non-repudiation
B)Multifactor authentication
C)Biometrics
D)Privacy

22 / 75

Which of the following activities is usually part of the configuration management process, but is also extremely helpful in countering potential attacks? (D4.2 L4.2.3)

Question options:
A)Annual budgeting
B)Conferences with senior leadership
C)Updating and patching systems
D)The annual shareholders' meeting

23 / 75

Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an attack designed to affect the availability of the environment. Which of the following might be the attack Ludwig sees? (D4.2 L4.2.1)

Question options:
A)DDOS (distributed denial of service)
B)Spoofing
C)Exfiltrating stolen data
D)An insider sabotaging the power supply

24 / 75

Log data should be kept ______. (D5.1, L5.1.2)

Question options:
A)On the device that the log data was captured from
B)In an underground bunker
C)In airtight containers
D)On a device other than where it was captured

25 / 75

Barry wants to upload a series of files to a web-based storage service, so that people Barry has granted authorization can retrieve these files. Which of the following would be Barry's preferred communication protocol if he wanted this activity to be efficient and secure? (D4, L4.1.2)

Question options:
A)SMTP (Simple Mail Transfer Protocol)
B)FTP (File Transfer Protocol)
C)SFTP (Secure File Transfer Protocol)
D)SNMP (Simple Network Management Protocol)

26 / 75

Prina is a database manager. Prina is allowed to add new users to the database, remove current users and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself. This is an example of: (D3, L3.3.1)

Question options:
A)Role-based access controls (RBAC)
B)Mandatory access controls (MAC)
C)Discretionary access controls (DAC)
D)Alleviating threat access controls (ATAC)

27 / 75

Which of the following is not an appropriate control to add to privileged accounts? (D3, L3.1.1)

Question options:
A)Increased logging
B)Multifactor authentication
C)Increased auditing
D)Security deposit

28 / 75

Hoshi is an (ISC)2  member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do? (D1, L1.5.1)

29 / 75

Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why? (D3, L3.3.1)

Question options:
A)Gary is being punished
B)The network is tired
C)Users remember their credentials if they are given time to think about it
D)Gary's actions look like an attack

30 / 75

A vendor sells a particular operating system (OS). In order to deploy the OS securely on different platforms, the vendor publishes several sets of instructions on how to install it, depending on which platform the customer is using. This is an example of a ________. (D1, L1.4.2)

31 / 75

Cheryl is browsing the Web. Which of the following protocols is she probably using? (D4, L4.1.2)

Question options:
A)SNMP (Simple Network Management Protocol)
B)FTP (File Transfer Protocol)
C)TFTP (Trivial File Transfer Protocol)
D)HTTP (Hypertext Transfer Protocol)

32 / 75

If two people want to use asymmetric communication to conduct a confidential conversation, how many keys do they need? (D5.1, L5.1.2)

Question options:
A)1
B)4
C)8
D)11

33 / 75

ISC2 publishes a Common Body of Knowledge (CBK) that IT security practitioners should be familiar with; this is recognized throughout the industry as a set of material that is useful for practitioners to  refer to. Certifications can be issued for demonstrating expertise in this Common Body of Knowledge. What kind of document is the Common Body of Knowledge? (D1, L1.4.1)

Question options:
A)Policy
B)Procedure
C)Standard
D)Law

34 / 75

An organization must always be prepared to ______ when applying a patch. (D5.2, L5.2.1)

Question options:
A)Pay for the updated content
B)Buy a new system
C)Settle lawsuits
D)Rollback

35 / 75

Which type of fire-suppression system is typically the least expensive?
(D4.3 L4.3.1)

Question options:
A)Water
B)Dirt
C)Oxygen-depletion
D)Gaseous

36 / 75

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions. Which method should Handel select? (D3, L3.3.1)

Question options:
A)Role-based access controls (RBAC)
B)Mandatory access controls (MAC)
C)Discretionary access controls (DAC)
D)Logging

37 / 75

Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits. The municipal code is a ______, and the Triffid checklist is a ________. (D1, L1.4.2)

38 / 75

Every document owned by Triffid, Inc., whether hardcopy or electronic, has a clear, 24-point word at the top and bottom. Only three words can be used: "Sensitive," "Proprietary" and "Public."

This is an example of _____. (D5.1, L5.1.1)

Question options:
A)Secrecy
B)Privacy
C)Inverting
D)Labeling

39 / 75

Security needs to be provided to ____ data. (D5.1, L5.1.1)

Question options:
A)Restricted
B)Illegal
C)Private
D)All

40 / 75

What is the risk associated with delaying resumption of full normal operations after a disaster? (D2, L2.3.1)

Question options:
A)People might be put in danger
B)The impact of running alternate operations for extended periods
C)A new disaster might emerge
D)Competition

41 / 75

When should a business continuity plan (BCP) be activated? (D2, L2.2.1)

Question options:
A)As soon as possible
B)At the very beginning of a disaster
C)When senior management decides
D)When instructed to do so by regulators

42 / 75

A tool that monitors local devices to reduce potential threats from hostile software. (D4.2 L4.2.3)

Question options:
A)NIDS (network-based intrusion-detection systems)
B)Anti-malware
C)DLP (data loss prevention)
D)Firewall

43 / 75

The logical address of a device connected to the network or Internet. (D4.1 L4.1.1)

Question options:
A)Media access control (MAC) address
B)Internet Protocol (IP) address
C)Geophysical address
D)Terminal address

44 / 75

Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a "classification." Every person in the agency is assigned a "clearance" level, which determines the classification of data each person can access.

What is the access control model being implemented in Tekila's agency? (D3, L3.3.1)

Question options:
A)MAC (mandatory access control)
B)DAC (discretionary access control)
C)RBAC (role-based access control)
D)FAC (formal access control)

45 / 75

To adequately ensure availability for a data center, it is best to plan for both resilience and _______ of the elements in the facility. (D4.3 L4.3.1)

Question options:
A)Uniqueness
B)Destruction
C)Redundancy
D)Hue

46 / 75

Which of these is an example of a physical access control mechanism? (D3, L3.2.1)

Question options:
A)Software-based firewall at the perimeter of the network
B)A lock on a door
C)Network switches that filter according to MAC addresses
D)A process that requires two people to act at the same time to perform a function

47 / 75

All of the following are typically perceived as drawbacks to biometric systems, except: (D3, L3.2.1)

Question options:
A)Lack of accuracy
B)Potential privacy concerns
C)Retention of physiological data past the point of employment
D)Legality

48 / 75

Which of the following is an example of a "something you are" authentication factor? (D1, L1.1.1)

Question options:
A)A credit card presented to a cash machine
B)Your password and PIN
C)A user ID
D)A photograph of your face

49 / 75

Tina is an ISC2 member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do? (D1, L1.5.1)

50 / 75

Gary is an attacker. Gary is able to get access to the communication wire between Dauphine's machine and Linda's machine and can then surveil the traffic between the two when they're communicating. What kind of attack is this? (D4.2 L4.2.1)

Question options:
A)Side channel
B)DDOS
C)On-path
D)Physical

51 / 75

Cyril wants to ensure all the devices on his company's internal IT environment are properly synchronized. Which of the following protocols would aid in this effort? (D4, L4.1.2)

Question options:
A)FTP (File Transfer Protocol)
B)NTP (Network Time Protocol)
C)SMTP (Simple Mail Transfer Protocol)
D)HTTP (Hypertext Transfer Protocol)

52 / 75

An attacker outside the organization attempts to gain access to the organization's internal files. This is an example of a(n) ______. (D2, L2.1.1)

Question options:
A)Intrusion
B)Exploit
C)Disclosure
D)Publication

53 / 75

Glen is an ISC2 member. Glen receives an email from a company offering a set of answers for an ISC2 certification exam. What should Glen do? (D1, L1.5.1)

Question options:
A)Nothing
B)Inform ISC2
C)Inform law enforcement
D)Inform Glen's employer

54 / 75

Of the following, which would probably not be considered a threat? (D1, L1.2.1)

Question options:
A)Natural disaster
B)Unintentional damage to the system caused by a user
C)A laptop with sensitive data on it
D)An external attacker trying to gain unauthorized access to the environment

55 / 75

What is the risk associated with resuming full normal operations too soon after a DR effort? (D2, L2.3.1)

Question options:
A)The danger posed by the disaster might still be present
B)Investors might be upset
C)Regulators might disapprove
D)The organization could save money

56 / 75

Which of the following statements is true? (D3, L3.3.1)

Question options:
A)Logical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls
B)Physical access controls can protect the IT environment perfectly; there is no reason to deploy any other controls
C)Administrative access controls can protect the IT environment perfectly; there is no reason to deploy any other controls
D)It is best to use a blend of controls in order to provide optimum security

57 / 75

Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachis logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has.

Which security concept is being applied in this situation? (D3, L3.1.1)

Question options:
A)Defense in depth
B)Layered defense
C)Two-person integrity
D)Least privilege

58 / 75

Logs should be reviewed ______. (D5.1, L5.1.2)

Question options:
A)Every Thursday
B)Continually
C)Once per calendar year
D)Once per fiscal year

59 / 75

What is the goal of Business Continuity efforts? (D2, L2.2.1)

Question options:
A)Save money
B)Impress customers
C)Ensure all IT systems continue to operate
D)Keep critical business functions operational

60 / 75

Which common cloud service model only offers the customer access to a given application? (D4.3 L4.3.2)

Question options:
A)Lunch as a service (LaaS)
B)Infrastructure as a service (IaaS)
C)Platform as a service (PaaS)
D)Software as a service (SaaS)

61 / 75

Which of the following is not a typical benefit of cloud computing services? (D4.3 L4.3.2)

Question options:
A)Reduced cost of ownership/investment
B)Metered usage
C)Scalability
D)Freedom from legal constraints

62 / 75

Hashing is often used to provide _______. (D5.1, L5.1.3)

Question options:
A)Confidentiality
B)Integrity
C)Availability
D)Value

63 / 75

Which common cloud service model offers the customer the most control of the cloud environment? (D4.3 L4.3.2)

Question options:
A)Lunch as a service (LaaS)
B)Infrastructure as a service (IaaS)
C)Platform as a service (PaaS)
D)Software as a service (SaaS)

64 / 75

A device typically accessed by multiple users, often intended for a single purpose, such as managing email or web pages. (D4.1 L4.1.1)

Question options:
A)Router
B)Switch
C)Server
D)Laptop

65 / 75

You are reviewing log data from a router; there is an entry that shows a user sent traffic through the router at 11:45 am, local time, yesterday. This is an example of a(n)  _______. (D2, L2.1.1) incide

Question options:
A)Incident
B)Event
C)Attack
D)Threat

66 / 75

Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove software. Which of the following could be used to describe Gelbi's account? (D3, L3.1.1)

Question options:
A)Privileged
B)Internal
C)External
D)User

67 / 75

A means to allow remote users to have secure access to the internal IT environment. (D4.3 L4.3.3)

Question options:
A)Internet
B)VLAN
C)MAC
D)VPN

68 / 75

The common term for systems that ensure proper temperature and humidity in the data center. (D4.3 L4.3.1)

Question options:
A)RBAC
B)HVAC
C)MAC

69 / 75

Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel. This is an example of _________. (D1, L1.2.2)

Question options:
A)Acceptance
B)Avoidance
C)Mitigation
D)Transference

70 / 75

Dieter wants to send a message to Lupa and wants to be sure that Lupa knows the message has not been modified in transit. What technique/tool could Dieter use to assist in this effort? (D5.1, L5.1.3)

Question options:
A)Hashing
B)Clockwise rotation
C)Symmetric encryption
D)Asymmetric encryption

71 / 75

A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. (D1, L1.3.1)

Question options:
A)Physical
B)Administrative
C)Passive
D)Technical

72 / 75

When Pritha started working for Triffid, Inc., Pritha had to sign a policy that described how Pritha would be allowed to use Triffid's IT equipment. What policy was this? (D5.3, L5.3.1)

Question options:
A)The organizational security policy
B)The acceptable use policy (AUP)
C)The bring-your-own-device (BYOD) policy
D)The workplace attire policy

73 / 75

A device that filters network traffic in order to enhance overall security/performance. (D4.1 L4.1.1)

Question options:
A)Endpoint
B)Laptop
C)MAC (media access control)
D)Firewall

74 / 75

Within the organization, who can identify risk? (D1, L1.2.2)

Question options:
A)The security manager
B)Any security team member
C)Senior management
D)Anyone

75 / 75

Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina's selection and determine whether to approve the purchase. This is a description of: (D3, L3.1.1)

Question options:
A)Two-person integrity
B)Segregation of duties
C)Software
D)Defense in depth

Your score is

The average score is 73%

0%

error: Content is protected !!
Scroll to Top