Free Practice Questions for ISC CC Exam

Risk identification is the first step in the risk management process. Organizations must first identify assets, threats, and vulnerabilities before they can assess likelihood or impact. Without knowing what risks exist, meaningful assessment and mitigation are impossible.

Transport Layer Security (TLS) helps mitigateman-in-the-middle (MITM) attacksby providing encryption, authentication, and integrity protection for data transmitted between communicating systems. TLS ensures that data exchanged between a client and server cannot be intercepted, modified, or read by unauthorized third parties.

TLS uses digital certificates and public key cryptography to authenticate servers (and sometimes clients), preventing attackers from impersonating legitimate endpoints. It also encrypts session data using symmetric encryption, protecting confidentiality even if traffic is captured.

TLS does not prevent application-layer attacks such as XSS or SQL injection, which are caused by insecure application logic. It also does not address social engineering, which targets human behavior rather than network protocols.

Because MITM attacks exploit unencrypted or improperly authenticated connections, TLS is a primary defense recommended by NIST and all modern security standards for protecting data in transit.

In Business Continuity Planning (BCP), the termbusinessrefers primarily to theoperational aspects of the organization—the people, processes, and activities required to deliver products and services. While IT systems, finances, and facilities support operations, BCP focuses on ensuring thatcritical business functions continueduring and after disruptions.

This includes customer service, supply chain operations, payroll, compliance activities, and decision-making processes. BCP is broader than disaster recovery, which focuses mainly on restoring IT systems. According to NIST SP 800-34, business continuity emphasizes mission-essential functions and their dependencies, including personnel, third parties, facilities, and technology.

When incidents escalate beyond containment and business continuity measures are insufficient, theDisaster Recovery Plan (DRP)is activated to restore IT systems and infrastructure.

This scenario describes areplay attack, in which an attacker captures valid authentication data and reuses it later to gain unauthorized access. Juli is passively monitoring network traffic, capturing credentials as they are transmitted, and planning to reuse them in a future attack.

Replay attacks often occur when authentication mechanisms do not use protections such as encryption, nonces, timestamps, or session tokens. If credentials are transmitted in clear text or without replay protection, attackers can intercept and reuse them without needing to crack passwords.

Brute-force and dictionary attacks involve guessing credentials, not capturing them. Social engineering relies on human manipulation rather than technical interception.

Replay attacks highlight the importance of secure protocols such as TLS, encrypted authentication exchanges, challenge-response mechanisms, and one-time passwords. NIST authentication guidance explicitly identifies replay resistance as a critical requirement for secure authentication systems.

The ISC2 Code of Ethics prioritizesprotecting society and the public, including users, over employer interests.

A switch operates at Layer 2 and forwards traffic only to the destination port based on MAC address tables, unlike hubs which broadcast traffic.

Hashing is the best control for detecting unauthorized changes to source code. By generating cryptographic hash values for approved versions of files, any modification—intentional or accidental—will result in a different hash, immediately indicating tampering.

Backups help recover data but do not prevent or detect unauthorized changes. File labels provide classification but do not ensure integrity. Security audits review compliance but do not continuously detect changes.

Hashing supports integrity assurance, which is a core security objective. Tools such as file integrity monitoring (FIM) systems rely on hashing to alert administrators when files are altered unexpectedly.

NIST and CIS controls emphasize hashing and integrity monitoring as essential for protecting code repositories, system files, and critical configurations, especially in DevOps and CI/CD environments.

An Incident Response Plan (IRP) defines procedures for managing and mitigating security incidents.

An Incident Response Plan (IRP) defines how to detect, analyze, contain, eradicate, and recover from security incidents.