Free Practice Questions for ISC CC Exam

A security incident is any event that actually or potentially compromises confidentiality, integrity, or availability.

Disaster Recovery Planning focuses on restoringIT systems, infrastructure, and communicationsafter a disruption. Business Continuity Planning focuses onmaintaining critical business functionsduring and after incidents, often using alternative processes.

BCP is broader than DRP and includes people, processes, facilities, and third parties, while DRP is IT-centric. Both plans complement each other but serve different purposes.

Double dealing is not a recognized social engineering technique. The others involve manipulating individuals to disclose information or perform actions.

Criticality reflects how essential an asset or system is to business success or mission accomplishment. It is commonly determined during a Business Impact Analysis (BIA) and influences recovery priorities.

Criticality reflects how essential an asset is to business operations or mission success. It influences prioritization, recovery planning, and protection strategies.

Authentication is the phase of the AAA (Authentication, Authorization, Accounting) model in which a user proves their identity. During authentication, the system verifies that the user is who they claim to be by validating credentials such as passwords, biometrics, smart cards, or cryptographic keys.

Identification occurs first, when a user claims an identity (for example, entering a username). Authentication then confirms that claim. Authorization follows authentication and determines what actions the authenticated user is permitted to perform. Accounting tracks and logs user activities for auditing and monitoring purposes.

Strong authentication is critical to system security because all subsequent access control decisions depend on its accuracy. Weak authentication mechanisms increase the risk of unauthorized access, credential theft, and impersonation attacks.

Modern security frameworks emphasize multi-factor authentication (MFA) to strengthen this phase. NIST SP 800-63 highlights authentication as a core security function essential to protecting systems, data, and services from unauthorized access.

Modern firewalls operate at Layers 3, 4, and 7, supporting packet filtering, stateful inspection, and application-layer filtering.

Load balancing improves availability by distributing traffic across multiple systems, preventing overload and downtime.

Risk acceptance acknowledges the risk and chooses to proceed without additional controls, often due to cost or low impact.

An Intrusion Detection System (IDS) consists of three fundamental functional components: information sources, analysis engines, and response mechanisms. Information sources collect data such as network packets, logs, or system events. Analysis engines evaluate this data to detect suspicious behavior. Response components generate alerts or notifications.

While IDS systems typically do not block traffic (unlike IPS), they still perform response actions such as logging, alerting, and triggering workflows.

All three components work together to detect and report security incidents. This architecture is well documented in NIST intrusion detection guidance and forms the basis of both host-based and network-based IDS solutions.