CC ISC CC - Certified in Cybersecurity Free Practice Exam Questions (2026 Updated)

Penetration testing simulates real-world attacks to identify vulnerabilities before adversaries exploit them.

Black box penetration testing requires the most effort because the testing team hasno prior knowledgeof the target system. Testers must perform reconnaissance, discovery, enumeration, vulnerability identification, and exploitation without any internal documentation or credentials.

In contrast, white box testing provides full knowledge of systems, source code, and configurations, significantly reducing discovery effort. Gray box testing provides partial information, offering a balance between realism and efficiency. “Blue box” is not a standard penetration testing category.

Black box testing closely simulates real-world external attackers, making it valuable for assessing perimeter defenses, but it is time-consuming and resource-intensive. Testers must identify attack surfaces from scratch and may miss internal vulnerabilities due to lack of access.

Security frameworks recognize black box testing as the most labor-intensive but also the most realistic external threat simulation.

Backups are one of the most critical components of any disaster recovery (DR) strategy. Disaster recovery focuses on restoring systems, data, and operations after a disruptive event such as a cyberattack, natural disaster, hardware failure, or human error. Without reliable backups, recovery may be impossible or severely delayed.

Backups ensure that critical data can be restored to a known good state, minimizing data loss and downtime. Industry frameworks such as NIST SP 800-34 and ISO/IEC 27031 emphasize backups as a foundational DR control. They support recovery time objectives (RTOs) and recovery point objectives (RPOs), which define how quickly systems must be restored and how much data loss isacceptable.

While routers, laptops, and firewalls are important infrastructure components, they can typically be replaced or reconfigured. Lost or corrupted data, however, may be irreplaceable without backups. Best practices include maintaining regular, automated backups, storing them offsite or in the cloud, and protecting them from ransomware using immutable or offline storage. Testing backups regularly is also essential to ensure they are usable during an actual disaster.

Type 1 authentication refers tosomething you know, such as passwords or PINs. While widely used, this authentication method has several inherent weaknesses. Users may share credentials intentionally or unintentionally, reuse weak passwords across systems, or forget them altogether. Passwords can also be intercepted through phishing, keylogging, shoulder surfing, or man-in-the-middle attacks.

Because of these weaknesses, Type 1 authentication alone provides limited security assurance. Modern security frameworks strongly recommend supplementing knowledge-based authentication with additional factors, such as something you have (tokens) or something you are (biometrics), to form Multi-Factor Authentication (MFA).

High availability (HA) refers to system designs that ensure continuous operation by minimizing downtime in the event of component failures. Adding a backup firewall that automatically takes over when the primary firewall fails is a classic example of high availability.

HA solutions often use failover mechanisms, heartbeat monitoring, and redundancy to ensure seamless service continuity. The goal is to maintain availability, which is a core pillar of the CIA triad.

Component redundancy describes duplicated parts, but high availability focuses on the operational outcome—continued service. Load balancing distributes traffic, not failover. Clustering involves multiple systems working together, but HA specifically emphasizes fault tolerance and uptime.

High availability is critical for security infrastructure such as firewalls, authentication servers, and monitoring tools. NIST and ISO frameworks stress HA as essential for business continuity, disaster recovery, and resilient security operations.

Availability ensures that systems and data are accessible to authorized users when needed. A power outage that disrupts access to a data center directly impacts availability.

Confidentiality concerns unauthorized disclosure, integrity concerns unauthorized modification, and non-repudiation concerns accountability. None of these are directly affected by a power outage.

Availability risks are commonly addressed through redundancy, backup power supplies, generators, UPS systems, and disaster recovery planning.

Ensuring availability is a core objective of business continuity and disaster recovery programs.

Disaster Recovery (DR)focuses specifically on restoring IT systems and communications following outages.

Business Continuity Plans (BCP) focus on sustaining operations using alternative processes and resources during disruptions.

Token Ringis a legacy networking technology defined by IEEE 802.5 and operates primarily at thePhysical Layer (Layer 1)of the OSI model, with some functions extending into the Data Link Layer.

The Physical Layer is responsible for transmitting raw bits over a physical medium, defining signaling, cabling, and transmission characteristics. Token Ring used a token-passing mechanism to control access to the physical medium, ensuring only one device transmitted at a time.

While modern Ethernet has replaced Token Ring, understanding its OSI placement remains important for foundational networking knowledge and certification exams.

Risk Avoidanceeliminates risk by discontinuing activities that expose the organization to unacceptable threats.

Data backupsare essential to disaster recovery, enabling restoration of systems and data following failures or disasters.

Rootkits provide stealthy, persistent control by hiding malicious processes and maintaining privileged access. They are extremely difficult to detect and remove.

Port forwarding is commonly referred to by all these terms depending on context and implementation.

SSH operates at the Application layer (Layer 7). IP, ICMP, and IGMP are Layer 3 protocols responsible for routing and control messaging.

Recovery controls restore systems and data after an incident. Examples include backups, failover systems, and disaster recovery procedures.

Symmetric encryption uses a single shared key for both encryption and decryption. This means that both the sender and receiver must securely possess the same key.

Symmetric algorithms are fast and efficient, making them ideal for encrypting large amounts of data. Common examples include AES and ChaCha20.

Asymmetric (public key) encryption uses two keys—public and private—and is slower. “TCB key” is not a recognized encryption type.

Because of key distribution challenges, symmetric encryption is often combined with asymmetric encryption for secure key exchange. This hybrid approach is used in protocols like TLS and is recommended by modern cryptographic standards.

Cryptographic hash functions areone-wayfunctions and are intentionallynot reversible. Given a hash value, it should be computationally infeasible to recover the original input.

Hash functions are deterministic (same input produces the same output), designed to minimize collisions (unique in practice), and useful for integrity verification, password storage, and digital signatures. Reversibility would completely undermine their security purpose.

A zero-day vulnerability is unknown to the vendor and security community and has no available patch. Because defenders have “zero days” to fix it, zero-day vulnerabilities are highly dangerous.

Technical (logical) controls are implemented using technology to enforce security policies. A GPS tracking system is a technical control because it relies on electronic systems and software to monitor and record vehicle location.

Security guards and door locks are physical controls. Technical controls include firewalls, encryption, intrusion detection systems, access control systems, and monitoring tools.

Technical controls play a major role in preventing, detecting, and responding to cyber threats and are emphasized heavily in modern cybersecurity frameworks.