Sign up to save your podcasts
Or
Share ISC2 CC Domain 1: Security Principles Study Exam Questions by Edward Henriquez
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
ISC2 CC Domain 1: Security Principles Study Exam Questions by Edward Henriquez
Domain 1: Security Principles
1. Which part of the CIA triad ensures data is accessible when needed?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
Answer: C. Availability
2. What is the main purpose of confidentiality in information security?
A. To ensure data is free from errors
B. To ensure only authorized parties can access data
C. To ensure data is accessible when needed
D. To enforce accountability
Answer: B. To ensure only authorized parties can access data
3. Which security principle ensures data has not been altered during transmission?
A. Integrity
B. Confidentiality
C. Availability
D. Accountability
Answer: A. Integrity
4. Which of the following is considered a preventive control?
A. Firewall
B. Audit log
C. Incident response plan
D. Backup
Answer: A. Firewall
5. What does the principle of least privilege entail?
A. Users should have the maximum access possible.
B. Users should only have access necessary for their role.
C. All access should be denied by default.
D. Users should share accounts.
Answer: B. Users should only have access necessary for their role.
6. A policy requiring two people to approve a critical action is an example of:
A. Separation of duties
B. Job rotation
C. Least privilege
D. Defense in depth
Answer: A. Separation of duties
7. Encryption is primarily used to achieve:
A. Availability
B. Confidentiality
C. Integrity
D. Accountability
Answer: B. Confidentiality
8. Which of the following describes a threat?
A. A weakness in a system
B. A potential danger to a system
C. A measure taken to reduce risk
D. A way to detect vulnerabilities
Answer: B. A potential danger to a system
9. What is a vulnerability?
A. A measure to counteract a threat
B. A weakness in a system that can be exploited
C. A probability of a threat occurring
D. A risk to the system
Answer: B. A weakness in a system that can be exploited
10. What type of risk cannot be fully eliminated but must be accepted?
A. Avoidable risk
B. Residual risk
C. Inherent risk
D. Mitigated risk
Answer: B. Residual risk
11. Which of the following is an example of a physical control?
A. Firewall rules
B. Biometric scanners
C. Encryption algorithms
D. Password policies
Answer: B. Biometric scanners
12. What is an example of a deterrent control?
A. Security guards
B. Data backup
C. Antivirus software
D. Incident response
Answer: A. Security guards
13. What is the purpose of defense in depth?
A. To focus all efforts on a single strong control
B. To layer multiple security measures
C. To ensure faster access to data
D. To eliminate risks completely
Answer: B. To layer multiple security measures
14. Social engineering attacks primarily target:
A. Software vulnerabilities
B. Network protocols
C. Human behavior
D. Encryption mechanisms
Answer: C. Human behavior
15. Which of the following is an example of social engineering?
A. Sending a phishing email
B. Exploiting a software bug
C. Performing a man-in-the-middle attack
D. Cracking a password hash
Answer: A. Sending a phishing email
16. What is the primary goal of risk assessment?
A. To eliminate all risks
B. To identify and prioritize risks
C. To design security controls
D. To monitor security incidents
Answer: B. To identify and prioritize risks
17. Which type of attack involves overwhelming a network with traffic?
A. Phishing
B. Ransomware
C. Denial of Service (DoS)
D. Keylogging
Answer: C. Denial of Service (DoS)
18. What is the primary purpose of policies in cybersecurity?
A. To replace technical controls
B. To provide guidelines and expectations
C. To replace monitoring systems
D. To enforce compliance
Answer: B. To provide guidelines and expectations
19. A brute-force attack targets:
A. The user’s personal details
B. Guessing passwords systematically
C. Exploiting a software vulnerability
D. Social manipulation
Answer: B. Guessing passwords systematically
20. What type of malware encrypts files and demands payment for their release?
A. Spyware
B. Ransomware
C. Worm
D. Trojan
Answer: B. Ransomware
View all episodes
By Edward HenriquezDomain 1: Security Principles
1. Which part of the CIA triad ensures data is accessible when needed?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
Answer: C. Availability
2. What is the main purpose of confidentiality in information security?
A. To ensure data is free from errors
B. To ensure only authorized parties can access data
C. To ensure data is accessible when needed
D. To enforce accountability
Answer: B. To ensure only authorized parties can access data
3. Which security principle ensures data has not been altered during transmission?
A. Integrity
B. Confidentiality
C. Availability
D. Accountability
Answer: A. Integrity
4. Which of the following is considered a preventive control?
A. Firewall
B. Audit log
C. Incident response plan
D. Backup
Answer: A. Firewall
5. What does the principle of least privilege entail?
A. Users should have the maximum access possible.
B. Users should only have access necessary for their role.
C. All access should be denied by default.
D. Users should share accounts.
Answer: B. Users should only have access necessary for their role.
6. A policy requiring two people to approve a critical action is an example of:
A. Separation of duties
B. Job rotation
C. Least privilege
D. Defense in depth
Answer: A. Separation of duties
7. Encryption is primarily used to achieve:
A. Availability
B. Confidentiality
C. Integrity
D. Accountability
Answer: B. Confidentiality
8. Which of the following describes a threat?
A. A weakness in a system
B. A potential danger to a system
C. A measure taken to reduce risk
D. A way to detect vulnerabilities
Answer: B. A potential danger to a system
9. What is a vulnerability?
A. A measure to counteract a threat
B. A weakness in a system that can be exploited
C. A probability of a threat occurring
D. A risk to the system
Answer: B. A weakness in a system that can be exploited
10. What type of risk cannot be fully eliminated but must be accepted?
A. Avoidable risk
B. Residual risk
C. Inherent risk
D. Mitigated risk
Answer: B. Residual risk
11. Which of the following is an example of a physical control?
A. Firewall rules
B. Biometric scanners
C. Encryption algorithms
D. Password policies
Answer: B. Biometric scanners
12. What is an example of a deterrent control?
A. Security guards
B. Data backup
C. Antivirus software
D. Incident response
Answer: A. Security guards
13. What is the purpose of defense in depth?
A. To focus all efforts on a single strong control
B. To layer multiple security measures
C. To ensure faster access to data
D. To eliminate risks completely
Answer: B. To layer multiple security measures
14. Social engineering attacks primarily target:
A. Software vulnerabilities
B. Network protocols
C. Human behavior
D. Encryption mechanisms
Answer: C. Human behavior
15. Which of the following is an example of social engineering?
A. Sending a phishing email
B. Exploiting a software bug
C. Performing a man-in-the-middle attack
D. Cracking a password hash
Answer: A. Sending a phishing email
16. What is the primary goal of risk assessment?
A. To eliminate all risks
B. To identify and prioritize risks
C. To design security controls
D. To monitor security incidents
Answer: B. To identify and prioritize risks
17. Which type of attack involves overwhelming a network with traffic?
A. Phishing
B. Ransomware
C. Denial of Service (DoS)
D. Keylogging
Answer: C. Denial of Service (DoS)
18. What is the primary purpose of policies in cybersecurity?
A. To replace technical controls
B. To provide guidelines and expectations
C. To replace monitoring systems
D. To enforce compliance
Answer: B. To provide guidelines and expectations
19. A brute-force attack targets:
A. The user’s personal details
B. Guessing passwords systematically
C. Exploiting a software vulnerability
D. Social manipulation
Answer: B. Guessing passwords systematically
20. What type of malware encrypts files and demands payment for their release?
A. Spyware
B. Ransomware
C. Worm
D. Trojan
Answer: B. Ransomware