ISC2 CC

Question 1

A documented, lowest level of security configuration
allowed by a standard or organization

Answer 1

Baseline

Question 2

In 2016, the European Union passed comprehensive
legislation that addresses personal privacy,
deeming it an individual human right.

Answer 2

General Data
Protection
Regulation
(GDPR)

Question 3

professional organization that sets
standards for telecommunications, computer
engineering and similar disciplines.

Answer 3

Institute of
Electrical and
Electronics
Engineers

Question 4

develops voluntary international standards
in collaboration with its partners in international
standardization, the International Electro-
technical Commission (IEC) and the International
Telecommunication Union (ITU), particularly in the field
of information and communication technologies

Answer 4

International
Organization
of Standards
(ISO)

Question 5

The internet standards organization, made up of network
designers, operators, vendors and researchers, that defines
protocol standards (e.g., IP, TCP, DNS) through a process
of collaboration and consensus

Answer 5

Internet
Engineering
Task Force
(IETF)

Question 6

A weighted factor based on a subjective analysis of the
probability that a given threat is capable of exploiting
a given vulnerability or set of vulnerability

Answer 6

Likelihood of
Occurrence

Question 7

part of the U.S. Department of Commerce
and addresses the measurement infrastructure within
science and technology efforts within the U.S. federal
government. NIST sets standards in a number of areas,
including information security within the Computer Security
Resource Center of the Computer Security Divisions

Answer 7

National
Institutes of
Standards and
Technology
(NIST)

Question 8

The inability to deny taking an action such as
creating information, approving information
and sending or receiving a message

Answer 8

Non-
repudiation

Question 9

“any information about an individual maintained by an agency,
including (1) any information that can be used to distinguish
or trace an individual’s identity, such as name, Social
Security number, date and place of birth, mother’s maiden
name, or biometric records; and (2) any other information
that is linked or linkable to an individual, such as medical,
educational, financial and employment information.”

Answer 9

Personally
Identifiable
Information
(PII)

Question 10

Information regarding health status, the provision of
healthcare or payment for healthcare as defined in HIPAA

Answer 10

Protected
Health
Information
(PHI)

Question 11

A method for risk analysis that is based on
the assignment of a descriptor such as low,
medium or high.

Answer 11

Qualitative
Risk Analysis

Question 12

A method for risk analysis where numerical values
are assigned to both impact and likelihood based
on statistical probabilities and monetarized
valuation of loss or gain

Answer 12

Quantitative
Risk Analysis

Question 13

The process of detecting and analyzing incidents to
limit the incident’s effect

Answer 13

Incident
Handling
or Incident
Response(IR)

Question 14

The documentation of a predetermined set of
instructions or procedures to detect, respond to
and limit consequences of a malicious cyberattack
against an organization’s information system

Answer 14

Incident
Response Plan
(IRP)

Question 15

An architectural approach to the design of buildings
and spaces which emphasizes passive features
to reduce the likelihood of criminal activity.

Answer 15

Crime
Prevention
through
Environmental
Design (CPTED)

Question 16

Information security strategy integrating people,
technology, and operations capabilities to establish
variable barriers across multiple layers and missions
of the organization

Answer 16

Defense in
Depth

Question 17

An automated system that controls an individual’s ability to access one or more computer system resources, such as a workstation, network, application or database. This system requires the validation of an individual’s identity through some mechanism, such as a PIN, card, biometric or other token. It has the capability to assign different access privileges to different individuals depending on their roles and responsibilities in an organization

Answer 17

Logical Access
Control
Systems

Question 17

A certain amount of access control is left to the
discretion of the object’s owner, or anyone else who is
authorized to control the object’s access. The owner can
determine who should have access rights to an object
and what those rights should be

Answer 17

Discretionary
Access Control
(DAC)

Question 18

An entrance to a building or an area that
requires people to pass through two doors
with only one door opened at a time.

Answer 18

Mantrap

Question 19

The practice of ensuring that an organizational
process cannot be completed by a single person;
forces collusion as a means to reduce insider threats

Answer 19

Segregation
of Duties

Question 20

The process of creating, maintaining and
deactivating user identities on a system

Answer 20

User
Provisioning

Question 21

A set of routines, standards, protocols, and tools for building
software applications to access a web-based software
application or web tool

Answer 21

Application
programming
interface (API)

Question 22

An IP network protocol standardized by the Internet
Engineering Task Force (IETF) through RFC 792 to
determine if a particular service or host is available

Answer 22

internet
Control
Message
Protocol
(ICMP)

Question 23

Standard protocol for transmission of data
from source to destinations in packet-switched
communications networks and interconnected
systems of such network

Answer 23

Internet
Protocol (IPv4)

Question 24

Part of a zero-trust strategy that breaks LANs
into very small, highly localized zones using
firewalls or similar technologies. At the limit, this
places firewall at every connection point.

Answer 24

Micro
segmentation

Question 25

An information security standard administered by the
Payment Card Industry Security Standards Council
that applies to merchants and service providers
who process credit or debit card transaction

Answer 25

Payment
Card Industry
Data Security
Standard
(PCI DSS)

Question 26

The standard communication protocol for sending and
receiving emails between senders and receivers

Answer 26

Simple Mail
Transport
Protocol (SMTP)

Question 27

A logical group of workstations, servers, and
network devices that appear to be on the same
LAN despite their geographical distribution

Answer 27

Virtual Local
Area Network
(VLAN)

Question 28

A group of computers and devices that are
located in the same vicinity, forming a network
based on radio transmissions rather than wired
connections. A Wi-Fi network is a type

Answer 28

Wireless Area
Network
(WLAN)

Question 29

The graphical user interface (GUI) for the Nmap
Security Scanner, an open-source application
that scans networks to determine everything that
is connected as well as other information.

Answer 29

Zenmap

Question 30

A computer responsible for hosting applications
to user workstations

Answer 30

Application
Server

Question 31

A digit representing the sum of the correct digits in a piece
of stored or transmitted digital data, against which later
comparisons can be made to detect errors in the data

Answer 31

Checksum

Question 32

A process and discipline used to ensure that
the only changes made to a system are those
that have been authorized and validated

Answer 32

Configuration
management

Question 33

One who performs cryptanalysis which is the study
of mathematical techniques for attempting to
defeat cryptographic techniques and/or information
systems security. This includes the process of looking
for errors or weaknesses in the implementation
of an algorithm or of the algorithm itself.

Answer 33

Cryptanalyst

Question 34

System capabilities designed to detect and prevent the
unauthorized use and transmission of information

Answer 34

Data Loss
Prevention
(DLP)

Question 35

Monitoring of outgoing network traffic

Answer 35

Egress
Monitoring

Question 35

A technique of erasing data on disk or tape (including video
tapes) that, when performed properly, ensures that there
is insufficient magnetic remanence to reconstruct data

Answer 35

Degaussing

Question 36

Monitoring of incoming network traffic

Answer 36

Ingress
Monitoring

Question 37

A digital signature that uniquely identifies data and
has the property such that changing a single bit in
the data will cause a completely different message
digest to be generated

Answer 37

Message Digest

Question 38

The entirety of the policies, roles, and
processes the organization uses to make
security decisions in an organization

Answer 38

Security
Governance

Question 39

PORT: Secure Shell (SSH)

Answer 39

22

Question 39

PORT: File Transfer Protocol (FTP)

Answer 39

21

Question 40

PORT: Remote Desktop Protocol (RDP)

Answer 40

3389

Question 41

PORT: NetBIOS

Answer 41

137-139

Question 42

PORT: Simple Mail Transfer Protocol (SMTP)

Answer 42

25

Question 43

PORT: Post Office Protocol (POP)

Answer 43

110

Question 44

PORT: Internet Message Access Protocol (IMAP)

Answer 44

143

Question 45

HTTP

Answer 45

80

Question 46

PORT: HTTPS

Answer 46

443

Question 47

Hardening

Answer 47

A reference to the process of applying secure configurations
(to reduce the attack surface) and locking down various
hardware, communications systems, and software,
including operating system, web server, application server,
application, etc