Free Practice Questions for ISC CC Exam

A zero-day vulnerability is unknown to the vendor and security community and has no available patch. Because defenders have “zero days” to fix it, zero-day vulnerabilities are highly dangerous.

ABusiness Continuity Plan (BCP)ensures critical business functions continue or are restored during and after disruptions.

BCPs should be testedroutinely(e.g., tabletop, simulations) to ensure readiness and relevance.

BCP requires input from all business units to identify dependencies and ensure continuity of critical functions.

Multitenancy allows shared infrastructure while maintaining logical isolation between customers.

The primary objective of DRP is restoring IT systems to a reliable operational state.

Microsoft SQL Server commonly uses TCP port 1433, which falls in the registered port range.

TLS Session Resumption is used to optimize the TLS handshake process by reducing the number of round trips required between the client and server. Instead of performing a full handshake, session resumption allows previously negotiated security parameters to be reused.

This significantly improves performance and reduces latency, especially for applications with frequent connections such as web services and APIs. Session resumption can be implemented using session IDs or session tickets.

TLS renegotiation re-establishes parameters mid-session, TLS heartbeat is unrelated and historically associated with vulnerabilities, and “TLS FastTrack” is not a valid standard. TLS Session Resumption is formally defined in TLS specifications and is widely used in modern secure communications.

Simulations provide realistic testing by executing scenarios that closely mirror real disruptions, revealing gaps and readiness levels better than discussions or reviews.

Distributed Denial of Service (DDoS) attacks primarily impactavailability, one of the three pillars of the CIA triad. DDoS attacks overwhelm systems, networks, or applications with massive volumes of traffic, exhausting resources such as bandwidth, CPU, or memory and preventing legitimate users from accessing services.

The goal of a DDoS attack is not to steal data, alter information, or deny accountability, but rather todisrupt access. Confidentiality and integrity may remain intact, but users are unable to reach the system, resulting in service outages, financial loss, and reputational damage.

Availability is a critical security objective for public-facing services such as websites, APIs, and online platforms. Defenses against DDoS attacks include traffic filtering, rate limiting, content delivery networks (CDNs), scrubbing services, and redundant architectures.

Security frameworks such as NIST and ISO/IEC explicitly associate denial-of-service attacks with availability risks, making availability the most directly affected cybersecurity principle.