(ISC)2 Certified in Cybersecurity Mike Chapple MCQS

Which one of the following is not one of the canons of the (ISC)2 code of ethics?


Protect society, the common good, necessary public trust and confidence, and the
infrastructure.

Avoid any activity that may be perceived as malicious.

Act honorably, honestly, justly, responsibly, and legally.

Advance and protect the profession.

Security Concepts:
Question 1 of 8

What security control provides non-repudiation for messages?


digital certificates

hash values

symmetric encryption

digital signatures

Question 2 of 8

Which one of the following is an example of multifactor authentication?


password and security questions

 retinal scan and fingerprint

 ID card and PIN

Correct


ID card and key

Question 3 of 8

What law regulates the protection of health information?


FERPA

PCI DSS

GLBA

 HIPAA

Correct

Question 4 of 8

What security tool can be configured to prevent DDoS attacks?


switch

 firewall

Correct


endpoint detection and response platform

 intrusion detection system

Question 5 of 8

Your organization requires that passwords contain a mixture of uppercase characters,

lowercase characters, digits, and symbols. What type of password policy is this?

 complexity

Correct


length


history


reuse

Question 6 of 8

During what phase of the access control process does a user prove his or her identity?

 authentication

Correct


authorization

 identification


remediation

Question 7 of 8
In what type of attack does the attacker capture and then reuse login information?

 man-in-the-middle attack

 Smurf attack


DDoS attack

 replay attack

Correct

Question 8 of 8

What is the best defense against dumpster diving attacks?


anti-malware software

 clean desk policy


data loss prevention tools

 shredding

Correct

Risk Management:

Question 1 of 5

Purchasing an insurance policy is an example of which risk management strategy?

 
risk acceptance


risk deterrence

 risk transference

Correct


risk mitigation

Question 2 of 5

What two factors are used to evaluate a risk?

 likelihood and impact

Correct


criticality and likelihood


impact and criticality


frequency and likelihood

Question 3 of 5

What term best describes making a snapshot of a system or application at a point in

time for later comparison?

 baselining

Correct


documenting
  diagramming

 versioning

Question 4 of 5

What type of security control is designed to stop a security issue from occurring in the
first place?


recovery


administrative

 preventive

Correct


detective

Question 5 of 5

What term describes risks that originate inside the organization?


external


intranet

 internal

Correct


extranet
Security Governance:
Question 1 of 3

Which element of the security policy framework includes suggestions that are not
mandatory?


procedures

 guidelines

Correct


standards


policies

Question 2 of 3

What law applies to the use of personal information belonging to European Union
residents?

 GDPR

Correct


PCI DSS


HIPAA


GLBA

Question 3 of 3
What type of security policy normally describes how users may access business
information with their own devices?

 BYOD policy

Correct


change management policy


password policy


acceptable use policy

Business Continuity:
Question 1 of 3

What goal of security is enhanced by a strong business continuity program?


non-repudiation

 availability

Correct


confidentiality


integrity

Question 2 of 3

What is the minimum number of disk required to perform RAID level 5?


 2


1

 3

Correct

 4

Question 3 of 3

What type of control are we using if we supplement a single firewall with a second
standby firewall ready to assume responsibility if the primary firewall fails?


clustering

 high availability

Correct

 load balancing

 component redundancy

Incidence Response:

Question 1 of 3

Which one of the following individuals would not normally be found on the incident
response team?


information security professional
  CEO

Correct

 human resources staff


legal counsel

Question 2 of 3

During an incident response, what is the highest priority of first responders?

 identifying the root cause

 collecting evidence

 restoring operations


containing the damage

This was the correct answer

Question 3 of 3

You are normally required to report security incidents to law enforcement if you believe
a law may have been violated.

 TRUE


FALSE
 This was the correct answer

Disaster Recovery:
Question 1 of 4

What type of backup includes only those files that have changed since the most recent
full or incremental backup?

 incremental

Correct


full


partial


differential

Question 2 of 4

What disaster recovery metric provides the targeted amount of time to restore a service
after a failure?


TLS


RPO

 RTO

Correct


MTO

Question 3 of 4
Which one of the following disaster recovery tests involves the actual activation of the
DR site?

 parallel test

Correct

 simulation


read-through


walk-through

Question 4 of 4

What type of disaster recovery site is able to be activated most quickly in the event of a
disruption?

 warm site

lukewarm site


cold site

 hot site

Correct

Physical Access Controls:

Question 1 of 3

What set of principles uses the built environment to improve security?

 CSA
 
NSA

 CPTED

Correct

 NIST

Question 2 of 3

What type of lock always requires entering a code to enter the facility?


magnetic stripe card lock


proximity card lock


biometric lock

 cipher lock

Correct

Question 3 of 3

What type of physical security control should always be disclosed to visitors when used?

 fences

 cameras

Correct


intrusion alarms
  security guards

Logical Access Controls:

Question 1 of 1

What principle states that individuals should only have the minimum set of permissions
necessary to carry out their job functions?

 Least privilege

Correct


Two person control


Job rotation


Separation of privileges

Computer Networking:

Question 1 of 6

What TCP flag indicates that a packet is requesting a new connection?


PSH

 SYN

Correct


RST


URG
Question 2 of 6

What type of network is most often used to connect peripherals to computers and
mobile devices?

 WiFi

 Bluetooth

Correct


WAN

 LAN

Question 3 of 6

Which one of the following ports is not normally used by email systems?

 25

 139

Correct

 110


143

Question 4 of 6

What technology provides the translation that assigns public IP addresses to privately
addressed systems that wish to communicate on the Internet?
 
TLS


HTTP


SSL

 NAT

Correct

Question 5 of 6

What command may be used to determine the network path between two locations?

 tracert

Correct


ping

 arp


dig

Question 6 of 6

Brad is configuring a new wireless network for his small business. What wireless security
standard should he use?


WPA


WEP2
  WPA2

Correct


WEP

Network threats:

Question 1 of 2
What type of malware spreads under its own power?

 worm

Correct


spyware


virus


Trojan horse

Question 2 of 2

Which one of the following techniques is useful in preventing replay attacks?


man-in-the-middle


full disk encryption

 session tokens

Correct


mobile device management
Threat Identification and Preventing:

Question 1 of 4

What type of malware prevention is most effective against known viruses?


behavior analysis

 signature detection

Correct

 anomaly detection

 heuristic detection

Question 2 of 4

Rachel recently investigated a security alert from her intrusion detection system and,
after exhaustive research, determined that the alert was not the result of an intrusion.
What type of error occurred?

 true positive


false negative

 true negative

 false positive

Correct

Question 3 of 4
Nmap is an example of a _____ tool.

 port scanning

Correct

 web application vulnerability scanning


protocol analyzing

 network vulnerability scanning

Question 4 of 4

Nessus is an example of a _____ tool.

 port scanning

 web application vulnerability scanning


protocol analyzing

 network vulnerability scanning

Correct

Network Security Infrastructure:

Question 1 of 8

What is the piece of software running on a device that enables it to connect to a NAC-
protected network?
 
SNMP agent

 authenticator

 supplicant

Correct

 authentication server

Question 2 of 8

What network port is used for SSL/TLS VPN connections?

 88


80

 1521

 443

Correct

Question 3 of 8

What is the most important control to apply to smart devices?

 intrusion detection

 application firewalls
  wrappers


network segmentation

This was the correct answer

Question 4 of 8

What network device can connect together multiple networks?


switch

 router

Correct


AP


wireless controller

Question 5 of 8

Ricky would like to separate his network into three distinct security zones. Which one of
the following devices is best suited to that task?

 IPS


Router

 Switch
  Firewall

Correct

Question 6 of 8

What security principle does a firewall implement with traffic when it does not have a
rule that explicitly defines an action for that communication?


least privilege


separation of duties


informed consent

 implicit deny

Correct

Question 7 of 8

Which one of the following devices carries VLANs on a network?

 switch

Correct


router

 firewall

 hub

Question 8 of 8
What is the minimum acceptable temperature for a data center?


80.6 degrees Fahrenheit

 64.4 degrees Fahrenheit

Correct


72.4 degrees Fahrenheit

 68.0 degrees Fahrenheit