Free Practice Questions for ISC CC Exam

A baseline is a documented set of approved security controls, configurations, and system settings used as a standard across an IT environment. Baselines ensure consistency, security, and compliance by defining how systems should be configured before deployment and during operation.

Security baselines are commonly derived from frameworks such as CIS Benchmarks, NIST SP 800-53, and vendor hardening guides. They help reduce misconfigurations, which are a leading cause of security breaches.

Patches address specific vulnerabilities, inventory tracks assets, and policies define high-level rules and expectations. Baselines translate policies into actionable technical settings, such as password policies, logging configurations, and service restrictions.

By enforcing baselines, organizations improve security posture, simplify audits, and enable faster incident response. Any deviation from the baseline can be detected and investigated, making baselines a cornerstone of secure and well-managed IT environments.

A session token is used to maintain a user’s authenticated state after login. Once a user successfully authenticates, the server issues a session token that is stored by the client and sent with subsequent requests.

The server uses this token to identify the user without requiring reauthentication on every request. Session tokens must be protected against theft through secure cookies, encryption, and proper expiration.

CAPTCHAs prevent automated abuse, API keys authenticate applications, and CSRF tokens prevent request forgery. Only session tokens authenticate users across requests.

Proper session management is critical for web application security and is emphasized in OWASP and NIST guidance.

Emergency exit doors are a critical physical control designed to ensure safe and rapid evacuation during emergencies such as fires or earthquakes. These doors are typically clearly marked, unobstructed, and may include panic bars to allow easy exit without special knowledge or tools.

Fire alarms alert occupants, exit signs provide direction, and emergency lighting improves visibility, but none of these physically enable evacuation. Exit doors directly support life safety by allowing people to leave the building quickly and safely. Life safety is the highest priority in physical security design, and exit doors are mandatory under building and fire safety codes.

ThePrinciple of Least Privilegeensures users, applications, and systems have only the minimum permissions necessary to perform their duties. This reduces the attack surface and limits potential damage if credentials are compromised.

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) operate at theTransport layer (Layer 4)of the OSI model. This layer is responsible for end-to-end communication, segmentation, flow control, and error handling.

TCP provides reliable, connection-oriented communication with acknowledgments and retransmissions. UDP provides connectionless communication optimized for speed and low latency.

The Session layer manages session establishment, and the Presentation layer handles formatting and encryption. Neither is responsible for transport-level data delivery.

Understanding protocol placement is essential for firewall rules, intrusion detection, and network troubleshooting. Most security controls rely heavily on Transport-layer awareness.

ASecurity Operations Center (SOC)is a centralized function responsible for continuous monitoring, detection, analysis, and response to cybersecurity events. SOC teams use tools such as SIEM, SOAR, IDS/IPS, and threat intelligence feeds to identify threats before they escalate into incidents.

Disaster Recovery includes restoring systems and returning operations to normal, which may involve staff moving back to the primary site after temporary relocation.

Aprocedureis a detailed, step-by-step set of instructions that explainshowto perform a task in compliance with policies and standards. Procedures translate high-level requirements into actionable guidance for staff.

Policies define what must be done, standards specify mandatory requirements, and procedures explain exactly how to carry them out. Laws are external legal mandates, not internal operational documents.

For example, a security policy may require access reviews, a standard may define review frequency, and a procedure will outline the exact steps to conduct the review. Procedures ensure consistency, reduce errors, and support compliance and auditing efforts.

A firewall is a network security device designed to monitor, filter, and control incoming and outgoing traffic based on predefined security rules. Firewalls act as a barrier between trusted internal networks and untrusted external networks, such as the internet.

Firewalls can operate at multiple layers of the OSI model and may inspect packet headers, session states, and even application-level data. Modern firewalls often include advanced features such as intrusion prevention, deep packet inspection, and threat intelligence integration.

Servers and endpoints generate or consume traffic but do not filter it by default. Ethernet is a networking standard, not a device. Firewalls are a foundational security control recommended by virtually all cybersecurity frameworks, including NIST and CIS Critical Security Controls.

By enforcing traffic filtering rules, firewalls help prevent unauthorized access, reduce attack surfaces, and protect systems from threats such as malware, scanning, and exploitation.

The loopback address allows a system to test its own network stack.127.0.0.1is the IPv4 loopback address, while::1is its IPv6 equivalent. Both route traffic internally without leaving the host.