CC — Certified in Cybersecurity Study Guide

Which of the following best describes the principle of least privilege in access control?

• A Administrators should have unlimited access to all systems at all times
• B Access permissions should be reviewed every five years
• C Users should have access to all systems to increase productivity
• D Users should be granted only the minimum permissions necessary to perform their job functions ✓ Correct

What is the primary purpose of a Security Information and Event Management (SIEM) system?

• A To aggregate, correlate, and analyze security logs and events from multiple sources for threat detection and response ✓ Correct
• B To provide physical access control to data centers
• C To encrypt all network traffic between servers
• D To manage employee password changes across the organization

In the context of cryptography, what is the main advantage of asymmetric encryption over symmetric encryption?

• A It is faster and requires fewer computational resources than symmetric encryption
• B It uses shorter key lengths that are easier for users to remember
• C It provides stronger encryption when used with older hardware systems
• D It eliminates the need for secure key distribution and enables secure communication without prior key exchange ✓ Correct

Which of the following is a characteristic of a zero-trust security model?

• A All users and devices inside the corporate network are automatically trusted
• B Verify every access request regardless of source, using continuous authentication and authorization ✓ Correct
• C Trust is established based on network location rather than user credentials
• D Firewalls are eliminated in favor of perimeter-based security only

What is the primary objective of a Business Continuity Plan (BCP)?

• A To reduce cybersecurity insurance premiums for the organization
• B To eliminate all potential risks to the organization's operations
• C To provide detailed instructions for employee termination procedures
• D To ensure critical business functions can continue or be quickly restored after a disruptive event ✓ Correct

In a vulnerability assessment, what is the significance of the CVSS (Common Vulnerability Scoring System) score?

• A It provides a standardized numerical rating of vulnerability severity based on technical characteristics and impact ✓ Correct
• B It determines the cost of fixing the vulnerability in dollars
• C It measures the time required to discover a vulnerability
• D It ranks organizations by their overall security posture compared to industry peers

Which authentication factor relies on 'something you are'?

• A A security token or smart card
• B A password or PIN
• C A security question about personal information
• D Biometric data such as fingerprints or facial recognition ✓ Correct

What is the primary function of a Data Loss Prevention (DLP) system?

• A To encrypt only data stored on employee personal devices
• B To prevent employees from accessing cloud storage services entirely
• C To automatically delete all sensitive data from company systems weekly
• D To monitor, detect, and prevent unauthorized transmission or storage of sensitive data ✓ Correct

In security risk assessment, what does the term 'threat' refer to?

• A The financial impact of a successful security incident
• B The likelihood that an attack will occur in a specific time period
• C Any potential agent or action that could exploit a vulnerability and cause harm ✓ Correct
• D A weakness in a system that could be exploited

Which of the following best describes the concept of 'defense in depth' in cybersecurity?

• A Using multiple layers and types of security controls to protect systems and data from various angles ✓ Correct
• B Focusing security efforts exclusively on the organization's deepest, most critical networks
• C Ensuring that only employees with deep technical knowledge can access security systems
• D Implementing a single, highly advanced security solution that addresses all threats

What is the primary goal of a penetration test?

• A To permanently compromise systems and networks for research purposes
• B To gather competitive intelligence about industry security standards and practices
• C To train employees in defensive cybersecurity techniques without their knowledge
• D To identify security vulnerabilities and weaknesses by simulating real-world attacks with authorization ✓ Correct

In the context of incident response, what is the primary purpose of the 'containment' phase?

• A To gather evidence for legal proceedings against the attacker
• B To limit the scope and impact of a security incident by isolating affected systems ✓ Correct
• C To immediately restore all systems to their original state before the incident occurred
• D To provide public statements about the security breach to media outlets

Which of the following is a primary characteristic of a rootkit?

• A It is a legitimate system administration tool used to manage user accounts
• B It is antivirus software that protects against malware infections
• C It is a network protocol used for secure data transmission over the internet
• D It is malicious software that provides unauthorized administrative access and hides its presence from detection ✓ Correct

What is the primary function of a Web Application Firewall (WAF)?

• A To encrypt all web traffic using military-grade encryption standards
• B To monitor and filter HTTP/HTTPS traffic, protecting web applications from application-layer attacks ✓ Correct
• C To block all internet traffic to prevent any web-based attacks
• D To automatically patch vulnerabilities in web servers without administrator intervention

In the context of secure coding practices, what is the primary risk of hardcoding credentials in application source code?

• A It increases the application's processing speed and reduces memory usage
• B It exposes credentials to anyone with access to the code repository, enabling unauthorized access ✓ Correct
• C It makes the application easier to debug during development phases
• D It reduces the number of authentication attempts required by legitimate users

What is the primary advantage of implementing security awareness training in an organization?

• A It prevents all malware from infecting company networks and devices
• B It reduces the likelihood of successful social engineering attacks and user-caused security incidents ✓ Correct
• C It guarantees that no security breaches will occur within the organization
• D It eliminates the need for technical security controls and firewalls

Which of the following best describes the difference between authentication and authorization?

• A Authorization must occur before authentication in any security system
• B Authentication is used only for passwords, while authorization applies only to physical access
• C Authentication verifies a user's identity, while authorization determines what resources that user can access ✓ Correct
• D Both terms refer to the same security concept and can be used interchangeably

In the OSI model, at which layer do firewalls typically operate to make decisions about allowing or blocking traffic?

• A Layer 2 (Data Link Layer) exclusively
• B Layer 5 (Session Layer) only
• C Layer 1 (Physical Layer) exclusively
• D Layer 3 (Network Layer) and Layer 4 (Transport Layer), though modern firewalls may also operate at higher layers ✓ Correct

What is the primary purpose of key management in cryptography?

• A To reduce the computational overhead of encryption operations
• B To securely generate, store, distribute, rotate, and retire cryptographic keys throughout their lifecycle ✓ Correct
• C To eliminate the need for regular security audits and vulnerability assessments
• D To ensure that encryption algorithms remain secret from potential attackers

Which of the following best describes a SQL injection vulnerability?

• A A network-based attack that floods servers with excessive traffic to cause denial of service
• B A social engineering technique used to trick employees into revealing their passwords
• C An attack where malicious SQL code is inserted into input fields, potentially allowing unauthorized database access or data manipulation ✓ Correct
• D A type of physical attack where attackers gain access to server hardware

In the context of compliance and regulations, what is the primary objective of the General Data Protection Regulation (GDPR)?

• A To protect the privacy and personal data of European Union residents and establish requirements for data handling and breach notification ✓ Correct
• B To eliminate all data collection practices used by organizations worldwide
• C To establish security standards for American government contractors only
• D To mandate the use of specific encryption algorithms in all organizations

What is the primary function of a Certificate Authority (CA) in public key infrastructure (PKI)?

• A To issue, verify, and manage digital certificates that bind public keys to identities and enable secure communications ✓ Correct
• B To monitor internet traffic and report suspicious activities to law enforcement
• C To prevent all types of cyberattacks without exception
• D To generate encryption algorithms for use across the internet

Which of the following is a primary security concern associated with Internet of Things (IoT) devices?

• A They require constant internet connectivity, which eliminates all security risks
• B They exclusively use proprietary operating systems that are incompatible with standard security tools
• C Many IoT devices have limited processing power, making strong encryption implementation difficult, and are often deployed with weak default credentials and minimal security features ✓ Correct
• D They consume excessive electricity and increase utility costs

In disaster recovery planning, what is the Recovery Time Objective (RTO)?

• A The duration of the annual disaster recovery test exercise
• B The maximum acceptable time period to restore a system or service after a disruptive event ✓ Correct
• C The maximum amount of data loss that an organization can tolerate in a disaster scenario
• D The total cost of implementing disaster recovery measures and backup systems

What is the primary security benefit of implementing network segmentation?

• A It divides the network into isolated zones, limiting lateral movement by attackers and containing the impact of potential breaches ✓ Correct
• B It eliminates the need for antivirus software on end-user devices
• C It provides encryption for all network traffic without additional configuration
• D It prevents employees from accessing external websites and email services

Which of the following best describes the principle of least privilege?

• A All users should have equal access to all systems regardless of their role
• B Access rights should be granted based on seniority level within the organization
• C Administrators should have unlimited access to all organizational resources
• D Users should have only the minimum access rights necessary to perform their job functions ✓ Correct

What is the primary purpose of a demilitarized zone (DMZ) in network architecture?

• A To increase bandwidth for external users connecting to the organization
• B To isolate publicly accessible services from internal network resources ✓ Correct
• C To eliminate the need for firewalls in a network infrastructure
• D To provide unrestricted access between internal and external networks

In the context of authentication, what does multi-factor authentication (MFA) require?

• A Only a strong password with uppercase, lowercase, numbers, and special characters
• B Multiple forms of identity verification from different categories such as something you know, have, or are ✓ Correct
• C Using biometric data exclusively for all authentication scenarios
• D Changing passwords every 30 days without exception

Which attack type involves an attacker intercepting and altering communications between two parties without their knowledge?

• A Man-in-the-Middle (MITM) attack ✓ Correct
• B Brute force attack
• C Phishing attack
• D Denial of Service attack

What is the primary function of a Web Application Firewall (WAF)?

• A To eliminate the need for regular security patches on application servers
• B To protect web applications by filtering and monitoring HTTP/HTTPS traffic for malicious requests ✓ Correct
• C To encrypt all data transmission between clients and servers automatically
• D To monitor and log all user activities on web servers

In cybersecurity, what does the term 'vulnerability' specifically refer to?

• A The successful exploitation of a security weakness that has caused damage
• B A documented security policy that is no longer relevant to current operations
• C A weakness or flaw in a system that could be exploited to cause harm or unauthorized access ✓ Correct
• D An intentional backdoor created by system administrators for maintenance purposes

Which cryptographic approach uses two mathematically related keys—one public and one private?

• A Symmetric key cryptography
• B Asymmetric key cryptography (Public Key Infrastructure) ✓ Correct
• C Hash-based cryptography only
• D Stream cipher encryption methodology

What is the primary goal of a penetration test in cybersecurity?

• A To permanently disable security systems to identify weaknesses
• B To publicly disclose all security flaws found within an organization
• C To simulate authorized attacks to identify vulnerabilities before malicious actors do ✓ Correct
• D To intentionally introduce malware to test antivirus effectiveness

Which of the following is the best practice for password management in an organization?

• A Requiring all employees to write passwords on sticky notes kept in secure locations
• B Implementing a single organizational password changed quarterly for all accounts
• C Storing passwords in shared spreadsheets for easy team access and updates
• D Using a centralized password manager with strong encryption and access controls ✓ Correct

What does the NIST Cybersecurity Framework primarily provide?

• A A prescriptive list of tools that must be purchased and implemented
• B A voluntary set of guidelines, standards, and best practices to manage cybersecurity risk ✓ Correct
• C Legal requirements that all organizations must follow without exception
• D Specific hardware requirements for all government contractors

In incident response, what is the primary objective of the 'containment' phase?

• A To restore all systems to operation as quickly as possible without investigation
• B To assign blame to the individuals responsible for the security breach
• C To prevent further damage or lateral movement by isolating affected systems ✓ Correct
• D To immediately notify all customers without verifying the extent of the breach

What is a 'zero-day' vulnerability in cybersecurity?

• A A previously unknown software flaw with no available patch, exploitable from day zero of discovery ✓ Correct
• B A type of malware that activates exactly at midnight each day
• C A vulnerability that only affects systems with zero security controls implemented
• D A vulnerability that has been publicly known for more than one year

Which security control type is specifically designed to prevent security incidents from occurring?

• A Preventive controls that stop unauthorized actions before they occur ✓ Correct
• B Corrective controls that repair damage after an incident
• C Detective controls that identify unauthorized activities
• D Compensating controls that serve as temporary workarounds

What is the primary risk associated with using default credentials on network devices?

• A Default credentials prevent employees from accessing the devices they need for work
• B Using default credentials eliminates the need for backup and disaster recovery planning
• C Attackers commonly know or can easily obtain default credentials, providing easy unauthorized access ✓ Correct
• D Default credentials are actually more secure than custom passwords and reduce complexity

In data classification, what does 'Confidential' typically mean?

• A Information that is freely available to the general public without restrictions
• B Information that is only interesting to competitors but not sensitive internally
• C Data that has already been breached and is available on the dark web
• D Sensitive information whose unauthorized disclosure could cause significant harm to the organization ✓ Correct

Which of the following best describes 'defense in depth' as a cybersecurity strategy?

• A Using only network-based security measures without endpoint protections
• B Deploying multiple layers of security controls so that if one is bypassed, others remain to protect assets ✓ Correct
• C Focusing all security efforts on protecting the organization's deepest network servers
• D Implementing a single, extremely strong security control to protect all assets

What is the primary purpose of a Security Information and Event Management (SIEM) system?

• A To replace the need for all other security tools in an organization
• B To automatically patch all vulnerabilities without human intervention
• C To collect, correlate, and analyze security logs and events for threat detection and incident response ✓ Correct
• D To eliminate the need for security staff by providing fully automated threat mitigation

Which attack exploits the trust relationship between a user and a service the user frequents?

• A Logic bomb attack
• B Watering hole attack that compromises websites visited by target users ✓ Correct
• C Brute force password attack
• D Ransomware attack

In cybersecurity, what does 'non-repudiation' specifically ensure?

• A That all network connections are monitored for suspicious activity
• B That data cannot be read by unauthorized parties during transmission
• C That sensitive data is automatically deleted after a set time period
• D That a person cannot deny having performed an action they actually performed ✓ Correct

What is the main purpose of a business continuity plan (BCP) in cybersecurity?

• A To permanently prevent all cyberattacks from ever occurring against an organization
• B To eliminate the need for cybersecurity professionals on staff
• C To provide legal liability protection for security breaches
• D To ensure an organization can maintain critical operations during and after a disruptive incident ✓ Correct

Which practice involves regularly testing backup systems and restoration procedures?

• A Access logging which monitors who retrieves backup data
• B Data deduplication which reduces backup storage requirements
• C Disaster recovery testing to verify backup integrity and recovery capability ✓ Correct
• D Backup auditing which ensures only authorized personnel access backups

What is the primary risk of social engineering attacks?

• A They only affect organizations without firewalls or network security
• B They exclusively target financial institutions and government agencies
• C They exploit human psychology and trust rather than technical vulnerabilities ✓ Correct
• D They can be prevented entirely by installing antivirus software

In the context of secure software development, what does 'secure coding' practices emphasize?

• A Implementing coding standards that prevent common vulnerabilities such as injection attacks and buffer overflows ✓ Correct
• B Using only proprietary programming languages not available to potential attackers
• C Avoiding the use of external libraries and frameworks to reduce attack surface
• D Writing code as quickly as possible without testing or review

Which compliance framework specifically addresses the protection of personal data in the European Union?

• A Payment Card Industry Data Security Standard (PCI-DSS)
• B Health Insurance Portability and Accountability Act (HIPAA)
• C General Data Protection Regulation (GDPR) which establishes strict data protection and privacy requirements ✓ Correct
• D Gramm-Leach-Bliley Act (GLBA)

What is the most critical step in identifying and managing cybersecurity risks?

• A Waiting for a breach to occur before assessing organizational risk
• B Conducting a comprehensive risk assessment to identify assets, threats, and vulnerabilities ✓ Correct
• C Immediately purchasing the most expensive security tools available
• D Assuming all risks are equal and treating them with identical responses

Which security principle ensures that individuals can be held accountable for their actions within a system?

• A Integrity which ensures data has not been altered or corrupted
• B Accountability which maintains records proving who performed specific actions ✓ Correct
• C Availability which ensures systems remain operational and accessible
• D Confidentiality which protects information from unauthorized access

Which of the following best describes the principle of least privilege in access control?

• A Users should be granted only the minimum level of access required to perform their job functions ✓ Correct
• B All employees in the same department should have identical access permissions
• C Users should have access to all systems to improve efficiency
• D Access control should be based primarily on user seniority and tenure

In the context of incident response, what is the primary goal of the containment phase?

• A To communicate the incident details to all employees immediately
• B To determine which employee caused the security breach
• C To restore all systems to their previous operational state
• D To identify all affected systems and prevent the incident from spreading to unaffected systems ✓ Correct

Which security control type is implemented to detect and respond to security incidents after they occur?

• A Deterrent control
• B Detective control ✓ Correct
• C Preventive control
• D Compensating control

What is the primary purpose of a business continuity plan in cybersecurity?

• A To ensure that critical business functions can continue or be rapidly restored following a disruptive event, including cyber incidents ✓ Correct
• B To reduce cybersecurity insurance premiums by 50 percent
• C To transfer all security responsibilities to a third-party vendor
• D To eliminate all possible cyber threats permanently

Which of the following represents a key distinction between vulnerability scanning and penetration testing?

• A Penetration testing is less expensive and requires fewer skilled resources than vulnerability scanning
• B Vulnerability scanning is conducted by external attackers, while penetration testing is only performed by internal IT staff
• C Vulnerability scanning identifies potential weaknesses in systems and applications, whereas penetration testing simulates actual attacks to exploit vulnerabilities and assess the extent of potential impact ✓ Correct
• D Vulnerability scanning requires physical access to systems, while penetration testing does not

In cryptography, what does the concept of forward secrecy ensure?

• A That encrypted data remains secure even if long-term encryption keys are compromised in the future ✓ Correct
• B That encryption algorithms never require updates or replacement
• C That all users can easily decrypt messages without needing encryption keys
• D That the sender of a message can be identified with 100 percent certainty

Which governance framework is specifically designed to provide a comprehensive approach to information security management systems?

• A CIS Controls
• B ISO/IEC 27001 ✓ Correct
• C ITIL Service Management
• D NIST Cybersecurity Framework

What is the primary risk associated with shadow IT in an organization?

• A It ensures that all employees have complete visibility into organizational technology infrastructure
• B Unsanctioned applications and systems bypass security controls and governance, creating unmanaged security risks and compliance violations ✓ Correct
• C It simplifies the process of implementing multi-factor authentication enterprise-wide
• D It reduces the total cost of IT operations and increases efficiency across all departments

Which of the following best describes the relationship between authentication and authorization in access control?

• A Authentication verifies who a user is, while authorization determines what authenticated users can access and what actions they can perform ✓ Correct
• B Authorization is the process of verifying a user's identity, while authentication is granting them access to specific resources based on that identity
• C Neither authentication nor authorization is necessary if users have physical access to facilities
• D Authentication and authorization are interchangeable terms that mean the same thing in cybersecurity

In risk management, what does the term 'risk acceptance' mean in practice?

• A An organization decides to eliminate all identified risks regardless of cost or feasibility
• B The organization implements the most expensive security controls available to address every possible risk scenario
• C An organization transfers all responsibility for managing risks to insurance companies and vendors without retaining any accountability
• D The organization acknowledges a risk exists and consciously decides to accept the potential consequences rather than mitigate or avoid it, typically when mitigation costs exceed potential impact ✓ Correct