Scribd
Upload
2K views

Question & Answers: Certified in Cybersecurity (CC)

The document contains 10 questions and answers related to cybersecurity certification exam preparation. It addresses topics such as IP addressing, network scanning tools, threat actors, business continuity plans, and user authentication. The questions progressively cover more complex subject matter in cybersecurity concepts and best practices.

Uploaded by

Arif
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2K views

Question & Answers: Certified in Cybersecurity (CC)

The document contains 10 questions and answers related to cybersecurity certification exam preparation. It addresses topics such as IP addressing, network scanning tools, threat actors, business continuity plans, and user authentication. The questions progressively cover more complex subject matter in cybersecurity concepts and best practices.

Uploaded by

Arif
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

ISC2

CC
Certified in Cybersecurity (CC)
QUESTION & ANSWERS

https://www.certsguru.com/CC-exam-dumps.html
QUESTION 1

The address 8be2:4382:8d84:7ce2:ec0f:3908:d29a:903a is an:


A. Web address
B. IPv4 address
C. IPv6 address
D. Mac address

Correct Answer: C

Explanation/Reference:

An IPv6 address is a 128-bit address represented as a sequence of eight groups of 16-bit hexadecimal
values. An IPv4 address is a 32-bit address represented as a sequence of four 8-bit integers. A Mac
address is a 48-bit address represented as six groups of 8 bits values in hexadecimal. A web address
consists of a protocol name, a server address, and a resource path (see ISC2 Study Guide, chapter 4,
module 1 - Understand Computer Networking).

QUESTION 2

Which of the following is a public IP?

A. 13.16.123.1
B. 192.168.123.1
C. 172.16.123.1
D. 10.221.123.1

Correct Answer: A

Explanation/Reference:

The ranges of IP addresses 10.0.0.0 to 10.255.255.254, 172.16.0.0 to 172.31.255.254, and


192.168.0.0 to 192.168.255.254 are reserved for private use (see ISC2 Study Guide, chapter 4,
module 1, under Internet Protocol - IPv4 and IPv6). Therefore, the IP address 13.16.123.1 is the only
address in a public range.

QUESTION 3

Which tool is commonly used to sniff network traffic? (★)

A. Burp Suite
B. John the Ripper
https://www.certsguru.com/CC-exam-dumps.html
C. Wireshark
D. Nslookup

Correct Answer: C

Explanation/Reference:

Wireshark is the world's most widely-used and complete network protocol analyzer that, informally
speaking, is the "microscope" of network traffic. John the Ripper is a famous Open Source password
security auditing and password recovery tool. Nslookup is a network administration command-line
tool for querying the Domain Name System that obtains the mapping between the domain name, IP
address, or other DNS records. Finally, Burp Suite is a set of well-known vulnerability scanning,
penetration testing, and web app security tools.

QUESTION 4

An entity that acts to exploit a target organization’s system vulnerabilities is a:

A. Threat Vector
B. Threat Actor
C. Threat
D. Attacker

Correct Answer: B

Explanation/Reference:

A Threat Actor is defined as an individual or a group posing a threat (according to NIST SP 800-150
under Threat Actor). A Threat Vector is a means by which a Threat Actor gains access to systems (for
example: phishing, trojans, baiting, etc.). An Attacker is always an individual, but a Threat Actor can
be either a group or an entity. A Threat is a circumstance or event that can adversely impact
organizational operations that a Threat Actor can potentially explore through a Threat Vector.

QUESTION 5

Which type of document outlines the procedures ensuring that vital company systems keep running
during business-disrupting events?

A. Business Impact Plan


B. Business Impact Analysis
C. Disaster Recovery Plan
D. Business Continuity Plan

https://www.certsguru.com/CC-exam-dumps.html
Correct Answer: D

Explanation/Reference:

A Business Continuity Plan (BCP) is a pre-determined set of instructions describing how an


organization's mission or business processes will be sustained during and after a significant disruption
(see Chapter 2 ISC2 Study Guide, module 4, under Terms and Definitions). A Business Impact Analysis
(BIA) is a method of analyzing how disruptions can affect an organization. A Disaster Recovery Plan is
used to recover systems after a major failure or disaster. The term 'Business Impact Plan' does not
exist in Cybersecurity.

QUESTION 6

In the event of a disaster, which of these should be the PRIMARY objective? (★)

A. Guarantee the safety of people


B. Guarantee the continuity of critical systems
C. Protection of the production database
D. Application of disaster communication

Correct Answer: A

Explanation/Reference:

In the event of a disaster, the clear priority is to guarantee the safety of human life above all. The
remaining options, though important from the point of view of disaster recovery and business
continuity, are secondary when compared to safety.

QUESTION 7

The magnitude of the harm expected as a result of the consequences of an unauthorized disclosure,
modification, destruction, or loss of information, is known as the:

A. Vulnerability
B. Threat
C. Impact
D. Likelihood

Correct Answer: C

https://www.certsguru.com/CC-exam-dumps.html
Explanation/Reference:

The sentence matches the definition of the concept of impact (see NIST SP 800-60 Vol. 1 Rev. 1 under
Impact). Furthermore, the ISC2 Study Guide, chapter 1, defines likelihood as the probability that a
potential vulnerability may be exploited. A threat is defined as a circumstance or event that can
adversely impact organizational operations. A vulnerability is a weakness that a threat can exploit.

QUESTION 8

The process of verifying or proving the user's identification is known as:

A. Confidentiality
B. Integrity
C. Authentication
D. Authorization

Correct Answer: C

Explanation/Reference:

Authentication is the verification of the identity of a user, process or device, as a prerequisite to


allowing access to the resources in a given system. In contrast, authorization refers to the permission
granted to users, processes or devices to access specific assets. Confidentiality and integrity are
properties of information and systems, not processes.

QUESTION 9

Which of these types of user is LESS likely to have a privileged account?

A. System Administrator
B. Security Analyst
C. Help Desk
D. External Worker

Correct Answer: D

Explanation/Reference:

Typically, external workers should not have access to privileged accounts, due to the possibility of
misuse. The Help Desk (or IT Support Staff) may have to view or manipulate endpoints, servers and
applications platforms using privileged or restricted operations. Security analysts may require fast
access to the IT infrastructure, systems, endpoints and data environment. By definition, systems
administrators require privileged accounts, since they are responsible for operating systems,
https://www.certsguru.com/CC-exam-dumps.html
deploying applications, and managing performance.

QUESTION 10

The predetermined set of instructions or procedures to sustain business operations after a disaster is
commonly known as:

A. Business Impact Analysis


B. Disaster Recovery Plan
C. Business Impact Plan
D. Business Continuity Plan

Correct Answer: D

Explanation/Reference:

A Business Continuity Plan (BCP) is a pre-determined set of instructions describing how an


organization's mission/business processes will be sustained during and after a significant disruption
(see Chapter 2 ISC2 Study Guide, module 4, under Terms and Definitions). A Business Impact Analysis
(BIA) is a technique for analyzing how disruptions can affect an organization. A Disaster Recovery Plan
is a written plan for recovering information systems in response to a major failure or disaster. The
term 'Business Impact Plan' does not exist.

https://www.certsguru.com/CC-exam-dumps.html

You might also like