Isc2 Exa Ejmeplo

Pregunta 1: Correcto
What is the main security concern associated with Single Sign-On (SSO) systems?
Decreased convenience for users
Limited access to multiple systems
Concentrated access through a single point
(Correcto)
Enhanced security with biometrics

Explicación
SSO systems offer convenience but concentrate access through a single authentication
point, which can be a security risk.
Which access control model is most suitable for a scenario where data owners need to
share their data with different groups of users based on various criteria, such as location,
time, and purpose?
Role-Based Access Control (RBAC)
Discretionary Access Control (DAC)

Attribute-Based Access Control (ABAC)
(Correcto)
Mandatory Access Control (MAC)
Explicación
Attribute-Based Access Control (ABAC) is the most suitable model for this scenario, as it
allows data owners to specify access rights based on specific attributes and the subject’s
contextual parameters, such as location, time, and purpose.
Pregunta 3: Incorrecto
Which of the following is NOT a type of access control that can be used to prevent
tailgating or piggybacking?
Biometric locks
Contraband checks
(Correcto)
Turnstiles
(Incorrecto)

Mantraps
Explicación
Contraband checks are used to prevent the introduction or removal of unauthorized
items, not to prevent unauthorized entry. While they can help to deter tailgating or
piggybacking, they are not a direct access control measure.
You are setting up a secure website and need to choose a transport protocol. Which
layer in the OSI model would be relevant for making this decision?
Layer 4
(Correcto)
Layer 7
Layer 5
Layer 6
Explicación
When choosing a transport protocol for a secure website, you would consider the
properties provided by Layer 4 (the Transport Layer) in the OSI model, where you can
select between UDP and TCP.
Which of the following is NOT a factor to consider when determining data retention
policies?
Data security
(Correcto)
Business needs
Cost of storage
(Incorrecto)
Legal requirements
Explicación
Data retention policies are primarily concerned with legal and business requirements,
not data security. Data security is addressed through other security measures.
A large organization is planning to implement Role-Based Access Control (RBAC) for its
network security. Why is it important for the organization to regularly review and update
roles assigned to individuals?
RBAC roles are static and do not change over time.
RBAC does not require regular updates.
Regular updates are crucial to maintain the balance between security and user
convenience.
(Correcto)
RBAC ensures security without the need for updates.
Explicación
Regularly updating RBAC roles is essential to adapt to changing responsibilities,
maintain security, and ensure a balance between security measures and user
convenience.
You are the network administrator, and the company's e-commerce website is
experiencing a sudden surge in traffic. To protect against potential attacks, what firewall
feature should you consider enabling?
Proxy service
(Incorrecto)
Packet filtering
Content filtering
(Correcto)
Stateful inspection
Explicación
Content filtering can help identify and block malicious traffic during a traffic surge.
Which phase of the IAAA model involves proving your identity using various credentials
like your name or employee number?
Identification
(Correcto)
Authorization
Authentication
(Incorrecto)
Accountability
Explicación
The identification phase involves establishing your identity using various credentials like
your name, username, or employee number.
Your company is located in a high-security area and is concerned about tailgating or
piggybacking. Which of the following physical security controls would be most effective
in preventing this type of attack?

Contraband checks
(Incorrecto)
Motion sensors
Mantraps
(Correcto)
Turnstiles
Explicación
Mantraps are rooms with two doors that require one to close before the other opens,
often with multifactor authentication. They are used in high-security facilities to prevent
unauthorized entry.
Your company's network is experiencing a sudden increase in phishing attempts. Which
network attack is most likely taking place, and what countermeasures should you
implement?
Distributed Denial of Service (DDoS) attack; implement strong firewall rules.
Phishing attack; educate employees on identifying phishing emails.

(Correcto)
Ransomware attack; isolate affected systems and restore from backups.
Man-in-the-Middle (MitM) attack; monitor network traffic for anomalies.

Explicación
Phishing attacks are best countered through user awareness and education.
Which of the following is a benefit of patch management?
It enhances the functionality and compatibility of the system.
All of the above.
(Correcto)
It improves the performance and reliability of the system.
It reduces the risk of unauthorized changes to the system.
Explicación
Patch management is the process of applying updates to software and hardware
components to fix vulnerabilities, bugs, and issues. It helps to reduce the risk of
unauthorized changes to the system by preventing attackers from exploiting known
flaws. It also improves the performance and reliability of the system by resolving errors
and glitches. It enhances the functionality and compatibility of the system by adding
new features and supporting new devices.
What is the essential difference between "Redundant Sites" and "Hot Sites" in disaster
recovery planning?
Redundant Sites focus on minimal downtime, while Hot Sites prioritize data redundancy.
(Incorrecto)
Redundant Sites are cost-effective, while Hot Sites are expensive.
Redundant Sites require manual failover, while Hot Sites offer automatic failover.
Redundant Sites are exact duplicates of the primary site, while Hot Sites host critical
applications with lower-spec hardware.
(Correcto)
Explicación
Redundant Sites are full duplicates of the primary site, while Hot Sites prioritize hosting
critical applications with less expensive hardware, reducing costs while still providing
failover capability.
In the context of cloud computing, what does "SaaS" stand for?
Secure Authentication and Authorization Service
System as a Service
Software as a Service
(Correcto)
Secure Access to Application Servers

Explicación
SaaS as "Software as a Service" in the context of cloud computing, where software
applications are provided over the internet.
An organization is implementing Federated Identity Management (FIDM). What is the
primary advantage of FIDM?
Common policies and protocols across systems
(Correcto)
Simplified password management


Enhanced biometric security
Reduced need for access controls
(Incorrecto)
Explicación
FIDM facilitates the use of common policies, practices, and protocols to manage
identities and trust across various systems.
What are the four primary strategies for enterprise risk management? Choose a strategy
that involves recognizing the risk but choosing not to take action to mitigate it.
Risk Acceptance
(Correcto)
Risk Transference
Risk Mitigation

Risk Avoidance
Explicación
Risk Acceptance is the strategy where an organization recognizes the risk but chooses
not to take action to mitigate it. This decision is made after due diligence and due care
when the cost of mitigation may outweigh the potential loss.
Which of the following is the most important consideration when choosing security
measures for a physical perimeter?
The specific security needs of the organization
(Correcto)
The potential impact of the security measures on authorized personnel
The level of security required to protect the organization's assets
(Incorrecto)
The cost of implementing and maintaining the security measures
Explicación
The most important consideration when choosing security measures for a physical
perimeter is the specific security needs of the organization. Not all organizations have
the same security needs, and the most appropriate security measures will vary
depending on the organization's assets, risk profile, and budget.
Which of the following is a type of network attack that involves sending a large number
of packets or requests to a target system or server to overwhelm its resources and
disrupt its normal functioning?
Distributed denial-of-service (DDoS) attack
(Incorrecto)
Denial-of-service (DoS) attack
Neither A nor B
Both A and B
(Correcto)
Explicación
A DoS attack is a type of network attack that involves sending a large number of packets
or requests to a target system or server to overwhelm its resources and disrupt its
normal functioning. A DDoS attack is a type of DoS attack that involves using multiple
compromised devices or systems to launch the attack from different sources.
Which type of VPN provides the highest level of security for remote connections?

L2TP/IPsec VPN
(Correcto)
IPsec VPN
SSL VPN
(Incorrecto)
PPTP VPN
What security measures are essential for securing a wireless network?
WPA3 encryption, MAC filtering, and disabling SSID broadcast.
(Correcto)
Open authentication, strong firewalls, and hidden SSID.
Using default router settings, enabling WEP, and frequent SSID changes.
Keeping a long wireless range and strong signal strength.

Explicación
Securing a wireless network involves implementing strong encryption, like WPA3, to
protect data in transit, using MAC filtering to control which devices can connect, and
disabling SSID broadcast to make the network less visible to potential attackers. These
measures enhance wireless network security.
Which of the following is a type of router that connects two or more networks that use
different protocols or architectures, such as Ethernet and Token Ring?
Core router
Gateway router
(Correcto)
Access router
Edge router
Explicación
A gateway router is a router that connects two or more networks that use different
protocols or architectures, such as Ethernet and Token Ring. It performs protocol
conversion and translation functions to enable communication between the networks.
Your organization allows remote access via VPN for employees. A user complains about
connectivity issues. What should you check first to diagnose the problem?

Examine the user's VPN client configuration.
(Correcto)
Investigate the Network Access Control (NAC) system logs.
(Incorrecto)
Verify the organization's third-party connectivity settings.
Ensure the user's computer has the latest software updates.

Explicación
VPN client configuration can often be the source of connectivity issues
Which of the following is the most secure type of lock for physical security?
Biometric lock
(Correcto)
Smart card

Combination lock
Magnetic stripe card
Explicación
Biometric locks use biometric authentication, such as fingerprints or facial recognition,
to verify authorized access.
Which access control model is most commonly used in the private sector, as it simplifies
administration and enhances security by assigning access rights based on job roles and
privileges?
Role-Based Access Control (RBAC)*
(Correcto)

Explicación
Role-Based Access Control (RBAC) is the most commonly used model in the private
sector, as it simplifies administration and enhances security by assigning access rights
based on job roles and privileges, and often includes a “need to know” requirement.
What security feature is unique to IPv6 and missing in IPv4?
Options: A.
Correct Answer: B. Built-in IPsec
C. Lower overhead
Longer addresses
B. Built-in IPsec
(Correcto)
D. Improved routing
Explicación
It refers to the unique security feature of IPv6, which integrates IPsec for enhanced data
transmission security, whereas IPv4 requires IPsec as an optional and separate addition.
In Identity and Access Provisioning, what is the primary purpose of the Identity and
Access Management Provisioning Lifecycle?
To automate recurring administrative tasks

(Correcto)
To implement single sign-on (SSO)
(Incorrecto)
To monitor physical security
To create new user accounts

Explicación
The Identity and Access Management Provisioning Lifecycle automates administrative
tasks like password compliance, account lockout, and access management for various
entities.
An organization failed to apply a critical software patch promptly, leaving a known
vulnerability unaddressed. A few weeks later, the organization experienced a significant
data breach, leading to financial losses and legal actions. Which aspects of the CIA Triad
were most compromised in this scenario?
Integrity and availability
Confidentiality and availability
Availability and confidentiality


Confidentiality and integrity
(Correcto)
Explicación
Failing to apply a critical patch led to a breach, compromising both the confidentiality
(data exposed) and integrity (data altered) aspects of the CIA Triad.
In which phase of the Incident Response Lifecycle is it crucial to isolate affected systems
and prevent further damage?
Response
(Correcto)
Remediation
Detection
(Incorrecto)

Recovery
Explicación
During the "Response" phase of the Incident Response Lifecycle, it is crucial to isolate
affected systems and prevent further damage. This phase involves immediate actions to
contain the incident.
Which of the following is a type of security information and event management (SIEM)
system that collects, correlates, and analyzes data from various sources, such as logs,
alerts, and events, to provide a centralized view of the security status of the network?
Log management system
Security automation system
Security analytics system
(Correcto)
Security orchestration system
Explicación
A security analytics system is a type of SIEM system that collects, correlates, and
analyzes data from various sources, such as logs, alerts, and events, to provide a
centralized view of the security status of the network. It uses advanced techniques, such
as machine learning, artificial intelligence, and behavioral analysis, to detect and
respond to complex and sophisticated threats.
What is the main difference between Qualitative Risk Analysis and Quantitative Risk
Analysis?
Qualitative analysis is fact-based, while quantitative analysis uses a risk register.
(Incorrecto)
Qualitative analysis focuses on Likelihood, while quantitative analysis looks at Impact.
Qualitative analysis provides a more comprehensive view of risks, while quantitative

analysis attaches specific numbers to the perceived risks.
(Correcto)
Qualitative analysis assigns numerical values to risks, while quantitative analysis is

opinion-based.
Explicación
The main difference is that qualitative analysis offers a broader view of risks, considering
factors beyond specific numbers, while quantitative analysis assigns numerical values to
risks for precise measurement.
Imagine a scenario where an organization has implemented a security control that
deters potential attackers by creating a perception of higher risk. Which type of control
is this?
Detective Control
Compensating Control
Preventative Control
(Incorrecto)
Deterrent Control
(Correcto)
Explicación
A control that creates a perception of higher risk to deter potential attackers falls under
the category of Deterrent Controls.
In a decentralized access control system, where are access control decisions made?
At a central location
(Incorrecto)

Through a cloud-based system
In hybrid servers
At individual locations or facilities
(Correcto)
Explicación
In decentralized access control systems, access control decisions are made at individual
locations or facilities, not at a central location.
Which of the following is NOT a purpose of a Change Review Board (CRB)?
To approve or deny change requests
To monitor the implementation of changes
To assess the impact of changes
To develop and implement change plans
(Correcto)
Explicación
While the CRB may provide input on change plans, it is not responsible for developing
or implementing them.
Which category of incidents typically involves unintentional actions or mistakes by
individuals?
Catastrophic incidents
Human-related incidents
(Correcto)
Environmental incidents
Natural disasters
Explicación
Human-related incidents encompass both intentional and unintentional actions,
including mistakes.
What is the primary purpose of advisory policies in an organization's governance
framework?
To outline specific technical standards for IT infrastructure.


To ensure compliance with regulatory laws.
To define acceptable and unacceptable behavior and provide consequences for non-
compliance.
(Correcto)
To inform individuals about the organization's vision, mission, and values.

Explicación
Advisory policies help set behavioral standards and expectations for individuals within
the organization and provide guidance on what actions are considered acceptable or
unacceptable. They often include consequences for non-compliance, helping maintain a
secure and compliant environment.
Which of the following is a best practice for change management?
Bypassing the approval process for urgent changes.
Implementing changes without testing them.
Making changes during peak hours.


Documenting changes and their impacts.
(Correcto)
Explicación
Change management is the process of planning, implementing, and reviewing changes
to the system or the environment. A best practice for change management is to
document changes and their impacts, such as the reason, scope, risk, cost, and benefit
of the change. This helps to ensure accountability, traceability, and auditability of the
change process
In the context of access control, what does "Least Privilege" mean?
Providing maximum access rights to all users
Assigning access based on the user's title
Granting users the minimum access necessary for their tasks
(Correcto)
Allowing unlimited access to all resources

Explicación
"Least Privilege" means limiting users to the minimum access rights required for their
tasks.
1. Which of the following is a type of wireless network that uses radio waves to
communicate with devices within a limited range, such as a personal computer, a
smartphone, or a printer?

 Answer: A) Bluetooth
 Explanation:
Cellular
Wi-Fi
Satellite
Bluetooth
(Correcto)
Explicación
Bluetooth is a wireless technology that uses short-range radio waves to connect devices
within a distance of about 10 meters. It is commonly used for personal area networks
(PANs) that enable data exchange between devices such as personal computers,
smartphones, or printers.
What type of access control employs policies and procedures as its primary security
mechanisms?

Physical controls
Administrative controls
(Correcto)
Corrective controls
Logical controls
Explicación
Administrative controls involve policies and procedures used to define and manage
access rights and privileges.
A company experiences a significant cyber incident that has affected multiple critical
systems. What phase of the Incident Response Lifecycle should they prioritize to
minimize the impact?
Recovery
(Incorrecto)
Remediation
(Correcto)
Detection
Reporting
Explicación
Remediation involves addressing the underlying security flaw to prevent future attacks
and should be prioritized in this scenario.
What is Personal Identifiable Information (PII), and why is it significant in cybersecurity,
as discussed in the lecture?
PII denotes financial information and is essential for secure financial transactions.
PII comprises information that can be used to uniquely identify individuals, and its
protection is a vital aspect of cybersecurity and data privacy.
(Correcto)
PII includes data that can identify individuals and is crucial for marketing efforts.
PII refers to an individual's personal hobbies and interests, and it helps in user profiling.
Explicación
The lecture explains that Personal Identifiable Information (PII) includes data that can
uniquely identify individuals, making its protection a critical concern in cybersecurity and
data privacy.
An organization is planning to implement a disaster recovery plan. They want to reduce
data loss to a minimum. Which concept should they primarily focus on?
Recovery Point Objective (RPO)
(Correcto)
Recovery Time Objective (RTO)
(Incorrecto)
Maximum Tolerable Downtime (MTD)
Mean Time Between Failure (MTBF)

Explicación
RPO defines how much data loss is acceptable and should be minimized to reduce data
loss.
What is the primary reason multifactor authentication is considered more secure than
single-factor authentication?

It is less expensive to implement
It combines at least two authentication factors
(Correcto)
It's easier to use
It requires fewer security measures
Explicación
Multifactor authentication combines at least two authentication factors, making it more
secure as it requires multiple proofs of identity.
Which of the following is NOT a critical step in the patch management process?
Testing patches in a staging environment
Communicating patch deployments to stakeholders
(Correcto)

Deploying patches to production systems
Identifying and prioritizing vulnerabilities
(Incorrecto)
Explicación
While communicating patch deployments to stakeholders is important for awareness, it
is not a critical step in the patch management process itself.
In the context of Configuration Management, what is the "baseline configuration"?
The latest firmware version available.
(Incorrecto)
The default configuration of an operating system.
A predefined standard for a system's settings.
(Correcto)
The initial setup of a network device.

Explicación
The "baseline configuration" is a predefined standard for a system's settings, ensuring
consistency and security.
Which of the following is NOT a type of cryptographic algorithm?
Digital signatures
(Incorrecto)
Asymmetric encryption
Hashing
(Correcto)
Symmetric encryption
Explicación
Hashing is a one-way cryptographic function, not a type of encryption.
In the TCP/IP model, which layer is equivalent to Layer 3 (Networking Layer) in the OSI
model?
Application Layer
Transport Layer
Link and Physical Layer

Internetwork Layer
(Correcto)
Explicación
The TCP/IP Internetwork Layer corresponds to Layer 3 (Networking Layer) in the OSI
model, handling IP addresses and packet routing.
What is the primary function of the Transport Layer in the OSI model?
Network device addressing
Port number assignment
Data encryption
Managing data transport
(Correcto)
Explicación
The Transport Layer is responsible for managing data transport, which includes the use
of port numbers.
In data handling, what does the principle of "least privilege" aim to achieve?
Encouraging open data access.
Restricting access to the minimum necessary for tasks.

(Correcto)
Allowing data sharing without limitations.
Granting maximum access to all users.

Explicación
The principle of "least privilege" ensures that users have access only to the minimum
data and resources necessary for their tasks, reducing potential risks.
In the Risk Management lifecycle, which phase involves determining how to treat
identified risks and exploring methods to mitigate them?
Risk Response and Mitigation
(Correcto)
Risk Assessment
Risk Identification
Risk and Control Monitoring and Reporting

Explicación
In the phase of Risk Response and Mitigation, the focus is on deciding how to treat
identified risks and implementing measures to reduce their potential impact.
Which layer of the OSI model is responsible for handling data formatting, compression,
and encryption?
Correct Answer: B) Layer 6
Explanation:
Layer 7
Layer 4
Layer 6
(Correcto)
Layer 5
Explicación
Layer 6, the Presentation Layer, is responsible for data formatting, compression, and
encryption.
What is the key difference between an Intrusion Detection System (IDS) and an Intrusion
Prevention System (IPS)?
IDS is hardware-based, while IPS is software-based.


IDS and IPS are two names for the same security system.
IDS detects and logs intrusion attempts, while IPS blocks and prevents them.
(Correcto)
IDS is used in wireless networks, while IPS is for wired networks.

Explicación
It highlights the primary distinction between an IDS, which monitors for intrusions and
records them, and an IPS, which actively takes measures to block and thwart intrusion
attempts.
Which of the following is NOT a type of access control?
Recovery
(Correcto)
Preventative
Detective

Corrective
Explicación
Recovery is a type of disaster recovery, not access control.
What is the key purpose of lessons learned in the Incident Management process?
Identifying and addressing security flaws
Assigning blame for incidents
Recording the incident details for compliance purposes
Improving future incident response and security measures
(Correcto)
Explicación
Lessons learned are crucial for improving future incident response and overall security
measures.
Detective controls are primarily responsible for:

Preventing security incidents.
Detecting and responding to security incidents.
(Correcto)
Ensuring business continuity during an attack.
Fixing vulnerabilities in the system.

Explicación
Detective controls are designed to identify and respond to security incidents, making
them critical for incident detection and response.
Which of the following is a benefit of using virtual local area networks (VLANs) in a
network?
They improve the performance of the network by reducing broadcast domains and traffic
congestion.
They increase the security of the network by isolating traffic based on logical groups.
(Incorrecto)

All of the above.
(Correcto)
They enhance the flexibility of the network by allowing devices to move across physical
locations without changing their network configuration.
Explicación
VLANs are logical subdivisions of a network that group devices based on criteria such as
function, department, or security level. They provide several benefits for the network,
such as increasing security by isolating traffic based on logical groups, improving
performance by reducing broadcast domains and traffic congestion, and enhancing
flexibility by allowing devices to move across physical locations without changing their
network configuration.
You work for a company that processes healthcare data. A customer inquires about their
rights to their data under a particular regulation. Which regulation gives individuals the
right to access their healthcare data?
PCI-DSS (Payment Card Industry Data Security Standard)
ECPA (Electronics Communication Privacy Act)
GDPR (General Data Protection Regulation)
HIPAA (Health Insurance Portability and Accountability Act)

(Correcto)
Explicación
HIPAA (Health Insurance Portability and Accountability Act) provides individuals with the
right to access their healthcare data.
In the context of access control, if an organization's disaster recovery plan aims to
ensure swift recovery and business continuity after a security incident, which type of
control does this plan fall under?
Recovery Control
(Correcto)
Compensating Control
Corrective Control
Preventative Control
Explicación
Recovery controls, such as disaster recovery plans, focus on ensuring swift recovery and
business continuity after a security incident.
Which of the following is NOT a benefit of using Configuration Management?
Improved security posture
(Incorrecto)

Reduced risk of unauthorized changes
Enhanced compliance with regulations
Increased efficiency and consistency
(Correcto)
Explicación
While Configuration Management can improve efficiency and consistency, it is primarily
focused on security and regulatory compliance.
What is the primary objective of data storage encryption in a security operations
context?
Ensuring uninterrupted data access.
Simplifying data retrieval.
Protecting data confidentiality at rest.
(Correcto)
Enhancing data transfer speed.

Explicación
Data storage encryption primarily aims to protect the confidentiality of data when it's
stored or "at rest."
A data center is equipped with slab-to-slab walls, fire-rated doors, and strong
construction. What is the primary purpose of these security measures in a data center?
To deter tailgating
To detect motion in the area
To enhance physical security
(Correcto)
To prevent fires
Explicación
Slab-to-slab walls, fire-rated doors, and strong construction in a data center primarily
aim to enhance physical security by protecting the facility and its assets. These measures
contribute to a secure environment for critical data storage.
Which element of physical security serves as both a deterrent and detective measure,
making potential intruders think twice?
Locks
Mantraps
Fences
(Incorrecto)

CCTV cameras
(Correcto)
Explicación
Closed-Circuit Television (CCTV) cameras serve as both deterrents and detective
measures by monitoring and recording activities in the area.
What is the primary purpose of the Business Impact Analysis (BIA) in disaster recovery
planning?
Creating incident response teams
Reporting incident details to stakeholders
Determining the root cause of security incidents
Identifying critical assets and acceptable downtime
(Correcto)
Explicación
The main purpose of BIA is to identify critical assets and determine acceptable
downtime.
What is the primary goal of Patch Management in a security operations context?
Ensuring all systems have the same configuration.
Identifying new vulnerabilities and delaying patching.
Efficiently applying security updates and fixes.
(Correcto)
Monitoring network traffic for anomalies.

Explicación
The primary goal of Patch Management is to efficiently apply security updates and fixes
to mitigate vulnerabilities.
What is the key distinction between IT Security and Cybersecurity?
IT Security encompasses cybersecurity and primarily focuses on hardware security.
(Incorrecto)
IT Security focuses on safeguarding information accessible via the internet, while

Cybersecurity covers all IT-related aspects.
(Correcto)
IT Security is concerned with safeguarding digital data, while Cybersecurity focuses on

securing physical infrastructure.
IT Security only deals with data encryption, while Cybersecurity encompasses all aspects of
information protection.
Explicación
IT Security, while including cybersecurity, extends to all IT-related aspects, including
those not connected to the internet, while Cybersecurity primarily concerns online assets
and devices.
You are a certified cybersecurity professional working for a reputable organization.
During a routine security assessment, you discover a critical vulnerability that could
potentially lead to a significant data breach if exploited. What should be your ethical
course of action based on the (ISC)² Code of Ethics?
Report the vulnerability to the organization's management and provide a detailed plan to
mitigate the risk.
(Correcto)
Ignore the vulnerability since it's not actively being exploited.

Exploit the vulnerability to assess its impact fully and then report it to the organization's
management.
Share the vulnerability details on a public forum to raise awareness.

Explicación
The (ISC)² Code of Ethics emphasizes acting responsibly and legally. Reporting the
vulnerability to the organization's management and providing a plan to mitigate the risk
aligns with ethical behavior.
Your organization is looking to optimize network traffic between multiple branches.
Which technology can dynamically route traffic based on real-time conditions?
Border Gateway Protocol (BGP)
(Incorrecto)
Traditional static routing
Software-Defined Networking (SDN)
(Correcto)
Standard Wide Area Network (WAN)

Explicación
SDN enables dynamic routing based on real-time conditions, enhancing network
performance.
An organization uses contactless smart cards for access control in its facility. Which
security concern is associated with contactless smart cards?
Potential for key sharing
Vulnerability to brute force attacks
Susceptibility to copying
(Correcto)
Risk of lock picking

Explicación
Contactless smart cards, which use RFID technology, can be less secure due to the radio
signal they emit, making them susceptible to copying.
Which access control model is most likely to use a lattice-based structure to define the
hierarchical relationship between subjects and objects?
(Incorrecto)

(Correcto)
Role-Based Access Control (RBAC)
Explicación
Mandatory Access Control (MAC) is the most likely model to use a lattice-based
structure to define the hierarchical relationship between subjects and objects, as it
assigns labels and clearances to objects and subjects, respectively, and grants access
based on the dominance relation between them.
In a high-security facility, what type of rooms with two doors requires multifactor
authentication and are designed to prevent unauthorized access?
Turnstiles
Contraband checks
Bollards
Mantraps
(Correcto)
Explicación
Mantraps are rooms with two doors that require one to close before the other opens,
often with multifactor authentication. They are used in high-security facilities to prevent
unauthorized access.
What is the primary benefit of using a hybrid access control system?
Enhanced security due to decentralization
(Incorrecto)
Reduced reliance on central servers
Resilience against network issues in remote locations
(Correcto)
Simplified management with uniform policy enforcement
Explicación
Hybrid access control systems offer the benefits of centralized control while providing
resilience against network issues in remote locations.
Which of the following is a type of network access control (NAC) that verifies the
identity and compliance of a device before granting it access to the network, such as
checking the device’s operating system, antivirus software, and patches?

Post-admission NAC
Pre-admission NAC
(Correcto)
Post-connection NAC
Pre-connection NAC
Explicación
Pre-admission NAC is a type of NAC that verifies the identity and compliance of a device
before granting it access to the network, such as checking the device’s operating
system, antivirus software, and patches. It prevents unauthorized or non-compliant
devices from accessing the network and potentially compromising its security.
What is the primary purpose of a data center in a modern organization?
Provide web hosting services.
Centralize and manage IT resources and data storage.
(Correcto)

Host public Wi-Fi networks.
Store office documents and files.

Explicación
The primary role of a data center in a modern organization, which is to centralize and
efficiently manage IT resources and data storage.
A company is considering implementing biometric authentication for its employees.
What unique challenges should the company be aware of in comparison to traditional
authentication methods?
Biometrics are cost-effective and easily reissued.
(Incorrecto)
Biometrics can raise privacy concerns, and they cannot be reissued.
(Correcto)
Biometrics are less secure than traditional methods.

Biometrics do not require careful consideration of environmental factors.
Explicación
Biometrics can raise privacy concerns, as they may reveal more than just identity, and
once compromised, they cannot be reissued.
What is the primary focus of Change Management in a security operations context?
Rapidly implementing all change requests.
Streamlining user access requests.
Assessing risk for each change.
(Correcto)
Identifying security incidents.

Explicación
Change Management primarily focuses on assessing the risk associated with each
change to maintain security.
Which of the following is a type of cryptography?
Symmetric-key cryptography
All of the above.

(Correcto)
Hash-based cryptography
Asymmetric-key cryptography
Explicación
Cryptography is the science of securing data using mathematical techniques. There are
different types of cryptography, such as symmetric-key cryptography, asymmetric-key
cryptography, and hash-based cryptography. Symmetric-key cryptography uses the
same key to encrypt and decrypt data. Asymmetric-key cryptography uses a pair of keys,
one public and one private, to encrypt and decrypt data. Hash-based cryptography uses
a hash function to generate a hash value from data.
In which type of authentication do environmental factors, like time and location, play a
significant role in determining access?
Type 1 Authentication
(Correcto)

(Incorrecto)
Explicación
Type 1 Authentication, often using something you know, can be influenced by
environmental factors like time and location.
What is the primary goal of the "Remediation" phase in the Incident Response Lifecycle?
Reporting the incident details to law enforcement
Identifying the root cause of the incident
Restoring affected systems to operational status
(Correcto)

Mitigating the immediate impact of the incident

Explicación
The primary goal of "Remediation" is to restore affected systems to operational status.
An e-commerce website experiences a sudden, massive increase in web traffic due to a
sudden surge in customer interest. As a result, the website becomes slow and
unresponsive, leading to potential financial losses. Which type of attack is most likely
responsible for this situation?
Distributed Denial-of-Service (DDoS) attack
(Correcto)
Data destruction
Insider threat
Data breach
Explicación
A DDoS attack involves overwhelming a system with a massive number of connections
or requests, leading to unresponsiveness, which aligns with the scenario described.
Which of the following is the most effective way to prevent social engineering attacks
that target guards?
Provide guards with training on social engineering tactics.
Implement a strict policy on who is allowed to interact with guards.
All of the above
(Correcto)
Use technology to monitor interactions between guards and visitors.
Explicación
The most effective way to prevent social engineering attacks that target guards is to
provide guards with training on social engineering tactics, implement a strict policy on
who is allowed to interact with guards, and use technology to monitor interactions
between guards and visitors.
During a disaster, an organization's primary data center becomes inoperable. Which
type of recovery site would be the most suitable for minimizing downtime, and why?
Cold Site

Redundant Site
Warm Site
Hot Site
(Correcto)
Explicación
A Hot Site offers lower cost compared to a Redundant Site while providing rapid
recovery with existing hardware.
In the context of data security, what is "Disclosure" the opposite of?
Alteration
Availability

Integrity
Confidentiality
(Correcto)
Explicación
Disclosure is the opposite of confidentiality. It refers to unauthorized access and
exposure of protected information.
What is the formula for calculating Total Risk?
Threat * Vulnerability/Likelihood
Threat * Vulnerability * Asset Value
(Correcto)
Threat * Asset Value

Threat * Vulnerability
Explicación
Total Risk is calculated by multiplying Threat, Vulnerability, and Asset Value, taking into
account the worth of the asset.
An organization uses Role-Based Access Control (RBAC). Which principle is fundamental
to RBAC?
Content-Based Access Control
Separation of duties
Least privilege
(Correcto)
Background checks
Explicación
RBAC focuses on granting access based on job roles, but the principle of "Least
Privilege" ensures that individuals have only the necessary access for their roles
Which category of access controls includes measures like drug tests for personnel,
intrusion prevention systems, and firewalls?

Physical Controls
Administrative Controls
Technical Controls
(Correcto)
Deterrent Controls
(Incorrecto)
Explicación
Technical controls encompass measures like intrusion prevention systems and firewalls
that operate at a digital level to prevent security incidents.
Software-defined networking (SDN) separates the control plane from the data plane.
What is the primary benefit of this separation?
Enhanced network speed
(Incorrecto)
Improved network security

Reduced network scalability
Centralized network control and flexibility
(Correcto)
Explicación
The primary benefit of separating the control plane from the data plane in software-
defined networking (SDN) is centralized network control and flexibility. This separation
allows for more centralized, programmable, and flexible management of network
resources and traffic, making it easier to adapt to changing network requirements and
conditions.
What is the primary goal of availability in the context of the CIA Triad?
Preventing unauthorized data alterations.
Safeguarding against unauthorized disclosure.
Making authorized resources accessible when needed.
(Correcto)
Ensuring confidentiality of data.

Explicación
Availability aims to ensure that authorized users can access resources and data when
necessary, preventing service disruptions that could hinder productivity.
Which of the following is NOT a common tactic used in social engineering attacks?
Baiting
Quid pro quo
Phishing
Exploitation of trust
(Correcto)
Explicación
Social engineering attacks often rely on exploiting the trust of the victim.
Which type of firewall operates at the application layer and can block specific
applications or services?
Circuit-level gateway firewall
Stateful inspection firewall
Packet-filtering firewall

Proxy firewall
(Correcto)
Explicación
It's a type of firewall that operates at the application layer and can block specific
applications or services by acting as an intermediary between a user's device and the
target server.
Your organization has implemented a countermeasure to mitigate a specific risk. Over
time, you notice that the effectiveness of this countermeasure has diminished, and the
risk level is increasing. What phase of the risk management process should you focus on
to address this issue?
Risk Response and Mitigation
Risk Identification
Risk Assessment
Risk and Control Monitoring and Reporting
(Correcto)
Explicación
To address the diminishing effectiveness of a countermeasure, you should focus on the
phase of Risk and Control Monitoring and Reporting, which involves continuous
monitoring to ensure that implemented measures remain effective.
Which of the following is NOT an example of an administrative (directive) control?
Security policies
Security guidelines
Security procedures
Technical security controls
(Correcto)
Explicación
Technical security controls are implemented through technology, while administrative
(directive) controls are implemented through policies, procedures, and guidelines.
You work for a large organization with a complex IT infrastructure. The organization's
Board of Directors has just approved a new governance direction that emphasizes being
risk-averse and avoiding potential security breaches. As a security professional, how
should you align the organization's security measures with this new direction?
Implement advanced security technologies to proactively detect and prevent potential

security incidents.

Continue with the current security measures, as the security team has always prioritized
risk aversion.
Align the security strategies with the new risk-averse direction by emphasizing measures to
avoid security risks.
(Correcto)
Inform the CIO about the new governance direction, and leave it to the IT department to
decide on appropriate security measures.
(Incorrecto)
Explicación
The best approach to align with the new governance direction is to emphasize security
measures that align with the organization's risk-averse stance, ensuring that the security
strategies are in harmony with the board's decisions.
Which of the following is a type of intrusion prevention system (IPS) that blocks or
modifies malicious traffic based on predefined rules or signatures?
Network-based IPS
(Incorrecto)

Anomaly-based IPS
Host-based IPS
Signature-based IPS
(Correcto)
Explicación
A signature-based IPS is a type of IPS that blocks or modifies malicious traffic based on
predefined rules or signatures. It compares the network traffic with a database of known
attack patterns or signatures and takes action if a match is found. It is effective against
known attacks but may not detect new or unknown attacks.
You are a cybersecurity professional tasked with conducting a Risk Assessment for a
financial institution. During the assessment, you identify a significant risk related to the
potential loss of sensitive customer data. What would be an appropriate risk response
strategy in this scenario?
Risk Avoidance
Risk Mitigation
(Correcto)
Risk Acceptance
Risk Transference
Explicación
In the context of a financial institution and sensitive customer data, the most suitable
strategy would be risk mitigation to reduce the potential impact of data loss.
Your company is concerned about the security of its data center and is considering
using subceilings. However, you are aware that subceilings can pose a security risk.
Which of the following physical security controls would be most effective in mitigating
this risk?
Reinforced glass or plexiglass windows
Slab-to-slab walls
(Correcto)
Guard dogs

Panic bars on doors
Explicación
Slab-to-slab walls extend from the ceiling to the floor, preventing unauthorized access
to spaces above the ceiling.
10. What does "fault tolerance" refer to in a network infrastructure?
Options: A.
Correct Answer: C. The network's capability to continue functioning in the presence of

hardware or software failures.
The network's redundancy level.
The network's capability to continue functioning in the presence of hardware or software

failures.
(Correcto)
The network's capacity to operate without any errors.
The ability of a network to withstand all types of cyberattacks.

Explicación
Fault tolerance is the network's ability to maintain operations even when faced with
hardware or software failures.
Which of the following is NOT a principle of proper data handling?

Data minimization
(Incorrecto)
Data encryption
Data disposal
Access control
(Correcto)
Explicación
Access control is a security measure, not a principle of data handling. Data minimization,
data encryption, and data disposal are principles of proper data handling.
Which social engineering attack relies on impersonating a trusted individual or authority
to manipulate the victim?
Whaling attack
(Correcto)
Insider threat attack
Phishing attack

Shoulder surfing attack
Explicación
A whaling attack targets high-profile individuals or authorities to deceive victims based
on trust.
Which of the following is an example of Personal Identifiable Information (PII)?
A national ID number
(Correcto)
A public Wi-Fi network name
A person's favorite color
A company's annual revenue

Explicación
Personal Identifiable Information (PII) includes data that can be used to uniquely identify
individuals, such as national ID numbers, as mentioned in the lecture.
What is the primary purpose of Administrative (directive) controls in a security
operations context?
Detecting and responding to security incidents.
Providing guidance and policies.
(Correcto)

Encrypting sensitive data.
Implementing technical security measures.

Explicación
Administrative controls provide guidance and policies to help manage security practices
and compliance.
Why is it essential to continuously update and maintain version control for the Disaster
Recovery Plan (DRP)?
To comply with legal requirements regarding data retention
To ensure that the DRP includes all employees' contact information
(Incorrecto)
To avoid confusion and errors during an incident
(Correcto)
To prevent employees from accessing outdated versions of the DRP

Explicación
Continuously updating DRPs with version control avoids confusion and errors during
incidents.

Isc2 Exa Ejmeplo

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Isc2 Exa Ejmeplo

Uploaded by

Copyright:

Available Formats

Pregunta 1: Correcto

Decreased convenience for users

Limited access to multiple systems

Concentrated access through a single point

Enhanced security with biometrics

Role-Based Access Control (RBAC)

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

RBAC roles are static and do not change over time.

RBAC does not require regular updates.

RBAC ensures security without the need for updates.

Distributed Denial of Service (DDoS) attack; implement strong firewall rules.

Phishing attack; educate employees on identifying phishing emails.

Ransomware attack; isolate affected systems and restore from backups.

Man-in-the-Middle (MitM) attack; monitor network traffic for anomalies.

It enhances the functionality and compatibility of the system.

All of the above.

It improves the performance and reliability of the system.

It reduces the risk of unauthorized changes to the system.

Redundant Sites are cost-effective, while Hot Sites are expensive.

Secure Authentication and Authorization Service

Secure Access to Application Servers

Common policies and protocols across systems

Simplified password management

Enhanced biometric security

Reduced need for access controls

The specific security needs of the organization

The potential impact of the security measures on authorized personnel

The level of security required to protect the organization's assets

The cost of implementing and maintaining the security measures

Distributed denial-of-service (DDoS) attack

Denial-of-service (DoS) attack

WPA3 encryption, MAC filtering, and disabling SSID broadcast.

Open authentication, strong firewalls, and hidden SSID.

Keeping a long wireless range and strong signal strength.

Examine the user's VPN client configuration.

Investigate the Network Access Control (NAC) system logs.

Verify the organization's third-party connectivity settings.

Ensure the user's computer has the latest software updates.

Magnetic stripe card

Role-Based Access Control (RBAC)*

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Correct Answer: B. Built-in IPsec

To automate recurring administrative tasks

To implement single sign-on (SSO)

To monitor physical security

To create new user accounts

Integrity and availability

Confidentiality and availability

Availability and confidentiality

Confidentiality and integrity

Log management system

Security automation system

Security analytics system

Security orchestration system

Qualitative analysis is fact-based, while quantitative analysis uses a risk register.

Qualitative analysis focuses on Likelihood, while quantitative analysis looks at Impact.

Qualitative analysis provides a more comprehensive view of risks, while quantitative

Qualitative analysis assigns numerical values to risks, while quantitative analysis is

At individual locations or facilities

To approve or deny change requests

To monitor the implementation of changes