ISC2 Cybersecurity Certification Post Assessment & Pre- Assessment BUNDLE (Latest 2024/ 2025 Update) 100% Correct Questions and Verified Answers| Grade A

ISC2 Cybersecurity Certification Post Assessment & Pre- Assessment BUNDLE (Latest 2024/ 2025 Update) 100% Correct Questions and Verified Answers| Grade A Q: The European Union (EU) law that grants legal protections to individual human privacy. A) The Privacy Human Rights Act B) The General Data Protection Regulation C) The Magna Carta D) The Constitution Answer: B is correct: The GDPR is the EU law that treats privacy as a human right. A is incorrect because there is no Privacy Human Rights Act, which is only used here as a distractor. C is incorrect because the Magna Carta is a British law describing the relationship between the monarchy and the people, and does not mention privacy. D is incorrect because the Constitution is the basis of United States federal law, and does not mention privacy. Q: A vendor sells a particular operating system (OS). In order to deploy the OS securely on different platforms, the vendor publishes several sets of instructions on how to install it, depending on which platform the customer is using. This is an example of a . A) Law B) Procedure C) Standard D) Policy Answer: B is correct. This is a set of instructions to perform a particular task, so it is a procedure (several procedures, actually—one for each platform). A is incorrect; the instructions are not a governmental mandate. C is incorrect, because the instructions are particular to a specific product, not accepted throughout the industry. D is incorrect, because the instructions are not particular to a given organization. Q: The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a . A) Policy B) Procedure C) Standard D) Law Answer: B is correct. A detailed set of processes used by a specific organization is a procedure. A is incorrect; the policy is the overarching document that requires the procedure be created and implemented. C is incorrect. The procedure is not recognized and implemented throughout the industry; it is used internally. D is incorrect; the procedure was created by Triffid Corporation, not a governmental body. Q: What is the goal of an incident response effort? (D2, L2.1.1) A) No incidents ever happen B) Reduce the impact of incidents on operations C) Punish wrongdoers D) Save money Answer: B is correct. The overall incident response effort is to reduce the impact incidents might have on the organization's operations. A is incorrect; there is no such thing as "zero risk" or "100% security." C is incorrect; security practitioners are neither law enforcers nor superheroes. D is incorrect; incident response efforts may actually cost the organization more money than the impact of a given incident or set of incidents - "impact" can be measured in other ways than monetary results. Q: Which of the following are not typically involved in incident detection? (D2, L2.1.1) A) Users B) Security analysts C) Automated tools D) Regulators Answer: D is correct. Typically, regulators do not detect incidents, nor alert organizations to the existence of incidents. All the other answers are often involved in incident detection. Q: Which of the following is likely to be included in the business continuity plan? (D2, L2.2.1) A) Alternate work areas for personnel affected by a natural disaster B) The organization's strategic security approach C) Last year's budget information D) Log data from all systems Answer: A is correct. The business continuity plan should include provisions for alternate work sites, if the primary site is affected by an interruption, such as a natural disaster. B is incorrect; the organization's strategic security approach should be included in the organization's security policy. C is incorrect; budgetary information is not typically included in the business continuity plan. D is incorrect; log data is not typically included in the business continuity plan. Q: What is the goal of Business Continuity efforts? (D2, L2.2.1) A) Save money B) Impress customers C) Ensure all IT systems continue to operate D) Keep critical business functions operational Answer: D is correct. Business Continuity efforts are about sustaining critical business functions during periods of potential interruption, such as emergencies, incidents, and disasters. A is incorrect; Business Continuity efforts often require significant financial expenditures. B is incorrect; Business Continuity efforts are important regardless of whether customers are impressed. C is incorrect; Business Continuity efforts should focus specifically on critical business functions, not the entire IT environment. Q: What is the risk associated with resuming full normal operations too soon after a DR effort? (D2, L2.3.1) A) The danger posed by the disaster might still be present B) Investors might be upset C) Regulators might disapprove D) The organization could save money Answer: A is correct. Resuming full normal opera- tions too soon after a disaster might mean personnel are put in danger by whatever effects the disaster caused. B and C are incorrect because the feelings of investors and regulators are not the primary concern of DR efforts. D is incorrect; saving money is not a risk, it is a benefit. Q: An attacker outside the organization attempts to gain access to the orga- nization's internal files. This is an example of a(n) . (D2, L2.1.1) A) Intrusion B) Exploit C) Disclosure D) Publication Answer: A is correct. An intrusion is an attempt (successful or otherwise) to gain unauthorized access. B is incorrect; the question does not mention what specific attack or vulnerability was used. C and D are incorrect; the organization did not grant unauthorized access or release the files. Q: You are reviewing log data from a router; there is an entry that shows a user sent traffic through the router at 11:45 am, local time, yesterday. This is an example of a(n) . (D2, L2.1.1) incide A) Incident B) Event C) Attack D) Threat Answer: An event is any observable occurrence within the IT environment. (Any observable occurrence in a network or system. (Source: NIST SP 800-61 Rev 2) While an event might be part of an incident, attack, or threat, no other information about the event was given in the question, so B is the correct answer. Q: Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has.