CC ISC CC - Certified in Cybersecurity Free Practice Exam Questions (2026 Updated)

Role-Based Access Control (RBAC) assigns permissions based on job roles, making it scalable and efficient for large organizations. It simplifies access management and supports least privilege.

Apolicyis a high-level, mandatory statement approved by senior management that defines what is allowed or required within an organization. In this scenario, the governing board establishes a rule that only the legal department may review third-party contracts, making it a policy decision.

Procedures provide step-by-step instructions, standards define specific technical or operational requirements, and laws are external legal mandates imposed by governments. None of those best describe this situation.

Policies establish authority, accountability, and organizational intent. They are enforceable and form the foundation for standards and procedures. Governance frameworks emphasize management-approved policies as essential for consistent and compliant operations.

Detective controls such as IDS and logging systems identify malicious activity.

TLS 1.3 is the most secure and currently recommended version of the Transport Layer Security protocol. It removes outdated cryptographic algorithms, simplifies the handshake process, and provides stronger security guarantees than earlier versions.

TLS 1.3 eliminates insecure features such as static RSA key exchange and weak cipher suites. It enforces forward secrecy by default and significantly reduces handshake latency, improving both security and performance.

TLS 1.0 and TLS 1.1 are deprecated due to known vulnerabilities. TLS 1.2 is still secure when properly configured but is being phased out in favor of TLS 1.3.

Security frameworks and regulatory standards strongly recommend TLS 1.3 for protecting sensitive data in transit, especially for public-facing services.

SSH uses TCP port 22 by default and provides encrypted remote administration. Telnet (23) and FTP (21) are insecure alternatives.

Incident response focuses on detecting, containing, eradicating, and recovering from security incidents, including violations of policies and practices.

When a device does not meet security baseline requirements, it poses a risk to the environment. Best practice is todisable or quarantine the deviceto prevent potential compromise or lateral movement. Network Access Control (NAC) solutions commonly automate this process.

Isolation ensures the device cannot interact with production systems until it is patched, configured correctly, and verified as compliant. This approach aligns with NIST and Zero Trust principles, emphasizing continuous compliance and containment.

Microsegmentation enables fine-grained, software-defined security controls, limiting lateral movement within networks.

The three core structural components of an SQL database aretables,views, andschemas. Tables store the actual data in rows and columns. Views are virtual tables created from queries that present data in a specific way without duplicating it. Schemas act as logical containers that organize database objects and define ownership and access control.

Object-oriented interfaces are not a fundamental component of an SQL database. While modern databases may support object-relational features or APIs that allow object-oriented programming languages to interact with the database, these interfaces exist outside the core database structure.

SQL databases are based on the relational model, not the object-oriented model. Even though object-relational mapping (ORM) tools exist, they are middleware components rather than native database structures.

Understanding core database components is important for security professionals when managing access controls, permissions, and data exposure risks.

ABAC uses centralized policy engines (PDPs) to evaluate attributes and enforce fine-grained access control decisions dynamically.

An IP address is a logical identifier used to locate and route traffic to devices on a network.

Metal detectors are effectivepreventive physical controlsthat detect electronic devices and storage media. They are commonly used in high-security environments to enforce device restrictions.

Sniffing captures network traffic, while spoofing impersonates trusted sources.

SSH key-based authentication is ideal for automated system-to-system communication. It allows secure, passwordless authentication using cryptographic key pairs.

Biometrics and smart cards require human interaction, and hard-coded passwords are insecure and difficult to rotate. SSH keys provide strong authentication, automation support, and secure key management.

This approach is widely recommended for scripts, automation, and DevOps pipelines.

A complete BCP includes response procedures, communication plans, and management authority to ensure coordinated recovery.

Preparation includes asset identification, system classification, and readiness planning.

Ethernet (IEEE 802.3) defines wired LAN communication standards.

GRC (Governance, Risk, and Compliance) integrates business objectives with risk management and regulatory compliance.

A sudden flood of network packets causing degraded performance is best classified as anadverse event. An adverse event is any occurrence that negatively affects system performance, availability, or operations but may not yet meet the threshold of a confirmed security incident. According to NIST definitions, events such as traffic spikes, system slowdowns, or anomalous behavior are initially treated as adverse events until further analysis confirms malicious intent.

If investigation later confirms the flood was caused by a deliberate denial-of-service attack, the classification may escalate to asecurity incident. However, without confirmation of intent or compromise, adverse event is the most accurate term.