ISC2 CC

Question 1

A documented, lowest level of security configuration
allowed by a standard or organization

Answer 1

Baseline

Question 2

In 2016, the European Union passed comprehensive
legislation that addresses personal privacy,
deeming it an individual human right.

Answer 2

General Data
Protection
Regulation
(GDPR)

Question 3

professional organization that sets
standards for telecommunications, computer
engineering and similar disciplines.

Answer 3

Institute of
Electrical and
Electronics
Engineers

Question 4

develops voluntary international standards
in collaboration with its partners in international
standardization, the International Electro-
technical Commission (IEC) and the International
Telecommunication Union (ITU), particularly in the field
of information and communication technologies

Answer 4

International
Organization
of Standards
(ISO)

Question 5

The internet standards organization, made up of network
designers, operators, vendors and researchers, that defines
protocol standards (e.g., IP, TCP, DNS) through a process
of collaboration and consensus

Answer 5

Internet
Engineering
Task Force
(IETF)

Question 6

A weighted factor based on a subjective analysis of the
probability that a given threat is capable of exploiting
a given vulnerability or set of vulnerability

Answer 6

Likelihood of
Occurrence

Question 7

part of the U.S. Department of Commerce
and addresses the measurement infrastructure within
science and technology efforts within the U.S. federal
government. NIST sets standards in a number of areas,
including information security within the Computer Security
Resource Center of the Computer Security Divisions

Answer 7

National
Institutes of
Standards and
Technology
(NIST)

Question 8

The inability to deny taking an action such as
creating information, approving information
and sending or receiving a message

Answer 8

Non-
repudiation

Question 9

“any information about an individual maintained by an agency,
including (1) any information that can be used to distinguish
or trace an individual’s identity, such as name, Social
Security number, date and place of birth, mother’s maiden
name, or biometric records; and (2) any other information
that is linked or linkable to an individual, such as medical,
educational, financial and employment information.”

Answer 9

Personally
Identifiable
Information
(PII)

Question 10

Information regarding health status, the provision of
healthcare or payment for healthcare as defined in HIPAA

Answer 10

Protected
Health
Information
(PHI)

Question 11

A method for risk analysis that is based on
the assignment of a descriptor such as low,
medium or high.

Answer 11

Qualitative
Risk Analysis

Question 12

A method for risk analysis where numerical values
are assigned to both impact and likelihood based
on statistical probabilities and monetarized
valuation of loss or gain

Answer 12

Quantitative
Risk Analysis

Question 13

The process of detecting and analyzing incidents to
limit the incident’s effect

Answer 13

Incident
Handling
or Incident
Response(IR)

Question 14

The documentation of a predetermined set of
instructions or procedures to detect, respond to
and limit consequences of a malicious cyberattack
against an organization’s information system

Answer 14

Incident
Response Plan
(IRP)

Question 15

An architectural approach to the design of buildings
and spaces which emphasizes passive features
to reduce the likelihood of criminal activity.

Answer 15

Crime
Prevention
through
Environmental
Design (CPTED)

Question 16

Information security strategy integrating people,
technology, and operations capabilities to establish
variable barriers across multiple layers and missions
of the organization

Answer 16

Defense in
Depth

Question 17

An automated system that controls an individual’s ability to access one or more computer system resources, such as a workstation, network, application or database. This system requires the validation of an individual’s identity through some mechanism, such as a PIN, card, biometric or other token. It has the capability to assign different access privileges to different individuals depending on their roles and responsibilities in an organization

Answer 17

Logical Access
Control
Systems

Question 17

A certain amount of access control is left to the
discretion of the object’s owner, or anyone else who is
authorized to control the object’s access. The owner can
determine who should have access rights to an object
and what those rights should be

Answer 17

Discretionary
Access Control
(DAC)

Question 18

An entrance to a building or an area that
requires people to pass through two doors
with only one door opened at a time.

Answer 18

Mantrap

Question 19

The practice of ensuring that an organizational
process cannot be completed by a single person;
forces collusion as a means to reduce insider threats

Answer 19

Segregation
of Duties

Question 20

The process of creating, maintaining and
deactivating user identities on a system

Answer 20

User
Provisioning

Question 21

A set of routines, standards, protocols, and tools for building
software applications to access a web-based software
application or web tool

Answer 21

Application
programming
interface (API)

Question 22

An IP network protocol standardized by the Internet
Engineering Task Force (IETF) through RFC 792 to
determine if a particular service or host is available

Answer 22

internet
Control
Message
Protocol
(ICMP)

Question 23

Standard protocol for transmission of data
from source to destinations in packet-switched
communications networks and interconnected
systems of such network

Answer 23

Internet
Protocol (IPv4)

Question 24

Part of a zero-trust strategy that breaks LANs into very small, highly localized zones using firewalls or similar technologies. At the limit, this places firewall at every connection point.

Answer 24

Micro segmentation

Question 25

An information security standard administered by the Payment Card Industry Security Standards Council that applies to merchants and service providers who process credit or debit card transaction

Answer 25

Payment Card Industry Data Security Standard (PCI DSS)

Question 26

The standard communication protocol for sending and receiving emails between senders and receivers

Answer 26

Simple Mail Transport Protocol (SMTP)

Question 27

A logical group of workstations, servers, and network devices that appear to be on the same LAN despite their geographical distribution

Answer 27

Virtual Local Area Network (VLAN)

Question 28

A group of computers and devices that are located in the same vicinity, forming a network based on radio transmissions rather than wired connections. A Wi-Fi network is a type

Answer 28

Wireless Area Network (WLAN)

Question 29

The graphical user interface (GUI) for the Nmap Security Scanner, an open-source application that scans networks to determine everything that is connected as well as other information.

Answer 29

Zenmap

Question 30

A computer responsible for hosting applications to user workstations

Answer 30

Application Server

Question 31

A digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data

Answer 31

Checksum

Question 32

A process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated

Answer 32

Configuration management

Question 33

One who performs cryptanalysis which is the study of mathematical techniques for attempting to defeat cryptographic techniques and/or information systems security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself.

Answer 33

Cryptanalyst

Question 34

System capabilities designed to detect and prevent the unauthorized use and transmission of information

Answer 34

Data Loss Prevention (DLP)

Question 35

Monitoring of outgoing network traffic

Answer 35

Egress Monitoring

Question 35

A technique of erasing data on disk or tape (including video tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to reconstruct data

Answer 35

Degaussing

Question 36

Monitoring of incoming network traffic

Answer 36

Ingress Monitoring

Question 37

A digital signature that uniquely identifies data and has the property such that changing a single bit in the data will cause a completely different message digest to be generated

Answer 37

Message Digest

Question 38

The entirety of the policies, roles, and processes the organization uses to make security decisions in an organization

Answer 38

Security Governance

Question 39

PORT: Secure Shell (SSH)

Answer 39

22

Question 39

PORT: File Transfer Protocol (FTP)

Answer 39

21

Question 40

PORT: Remote Desktop Protocol (RDP)

Answer 40

3389

Question 41

PORT: NetBIOS

Answer 41

137-139

Question 42

PORT: Simple Mail Transfer Protocol (SMTP)

Answer 42

25

Question 43

PORT: Post Office Protocol (POP)

Answer 43

110

Question 44

PORT: Internet Message Access Protocol (IMAP)

Answer 44

143

Question 45

HTTP

Answer 45

80

Question 46

PORT: HTTPS

Answer 46

443

Question 47

Hardening

Answer 47

A reference to the process of applying secure configurations (to reduce the attack surface) and locking down various hardware, communications systems, and software, including operating system, web server, application server, application, etc