CC ISC CC - Certified in Cybersecurity Free Practice Exam Questions (2026 Updated)

An incident response policy establishes authority, scope, and direction. Without management approval, IR activities lack legitimacy.

HVAC (Heating, Ventilation, and Air Conditioning)systems regulate temperature, humidity, and airflow in data centers. Proper environmental controls are critical to prevent equipment failure and ensure system reliability.

Spoofing involves falsifying identity information (IP, MAC, email headers) to appear as a trusted source and bypass controls.

OAuth uses tokens to grant limited access without exposing credentials, making it a widely used token-based authentication method.

A Security Information and Event Management (SIEM) system is designed tocollect, correlate, analyze, and alert on security eventsgenerated across an organization’s IT environment. SIEM platforms aggregate logs from diverse sources such as servers, firewalls, endpoints, applications, and cloud services, providing centralized visibility into security activity.

The core value of a SIEM lies inevent correlation and contextual analysis. By correlating events across systems and over time, a SIEM can detect suspicious patterns that individual logs alone would not reveal—such as lateral movement, privilege escalation, or coordinated attacks. SIEMs also support real-time alerting, dashboards, querying, and incident investigation, enabling security teams to respond faster and more effectively.

SIEM systems donotencrypt files (that’s cryptography), block websites directly (that’s firewalls or secure web gateways), or manage passwords (that’s IAM). Instead, they serve as thecentral nervous system of a Security Operations Center (SOC), supporting monitoring, detection, compliance reporting, and incident response workflows as recommended by NIST and other security frameworks.

Identification is the act of claiming an identity (e.g., username). Authentication is the process of verifying that claim (e.g., password, biometrics). Authorization follows authentication.

The Data Link layer (Layer 2) handles MAC addressing and frame delivery within local networks.

Confidentiality ensures information is accessible only to authorized individuals.

A Risk Management Framework (RMF) provides a structured, continuous process for identifying, assessing, and mitigating risk across an organization.

Guidelines are non-binding recommendations within a security policy framework. They provide best practices, suggestions, and advice to help users and administrators make informed decisions, but they do not require mandatory compliance.

Policies are high-level, mandatory statements approved by senior management. Standards define specific, mandatory requirements that must be followed to comply with policies. Procedures provide step-by-step instructions for implementing policies and standards.

Guidelines offer flexibility and allow organizations to adapt recommendations to different environments, technologies, or risk levels. Because they are not enforceable, guidelines are often used to encourage secure behavior without imposing strict controls.

For example, a guideline might recommend using a password manager, while a standard would require minimum password length. Security frameworks such as ISO/IEC 27001 and NIST distinguish clearly between mandatory controls and advisory guidance to balance security with operational flexibility.

BCP requires cross-functional participation to identify dependencies, workflows, and recovery priorities across all departments.

Elliptic Curve Cryptography (ECC) does not rely on the prime factorization problem. Instead, ECC is based on the mathematical difficulty of solving elliptic curve discrete logarithm problems.

RSA relies directly on the difficulty of factoring large prime numbers. GPG and PGP are encryption tools and standards that may use RSA or other algorithms internally.

ECC provides equivalent security with much smaller key sizes, making it efficient for mobile devices, embedded systems, and environments with limited processing power.

Modern security standards increasingly recommend ECC due to its performance and strong security properties.

A hub broadcasts incoming traffic toall connected devices, regardless of the destination. This creates unnecessary traffic and security risks. A switch, however, uses MAC address tables to forward trafficonly to the intended destination port, making it far more efficient and secure.

Hubs operate at OSI Layer 1, while switches operate at Layer 2. Because hubs broadcast traffic indiscriminately, they are rarely used in modern networks.

Ransomware encrypts victim data and demands payment for decryption. It is one of the most damaging forms of malware and directly impacts availability and business operations.

An event is any observable occurrence. Not all events are incidents or breaches, but incidents start as events.

Data loss affecting availability or integrity is classified as asecurity incident, even if no attacker is involved.

Threat vectors are the paths or techniques attackers use, such as phishing, malware, or exploitation.

Risk management is an ongoing process that identifies threats, evaluates risk, and applies controls to reduce risk to acceptable levels. It is foundational to cybersecurity governance.

Policies created by leadership to define acceptable behavior and usage areadministrative (management) controls. They guide organizational behavior, define responsibilities, and establish governance expectations.

Technical controls enforce policies, while physical controls protect facilities. This scenario clearly describes governance and oversight, making it an administrative control.