1- كويز محاكي لاختبار ISC2 CC (50 سوال)

Which of the following best defines an **asset** in the context of cybersecurity?

A. A potential source of harm to an organization. B. A weakness in a system that can be exploited. C. Anything of value to an organization that requires protection. D. The probability of harm occurring due to a threat exploiting a vulnerability. Show Answer

The equation "Risk = Threat + Vulnerability" best describes which cybersecurity concept?

A. Asset Management B. Risk Assessment C. Incident Response D. Threat Intelligence Show Answer

Which principle of the CIA Triad focuses on preventing unauthorized disclosure of information?

A. Confidentiality B. Integrity C. Availability D. Authentication Show Answer

Which security principle ensures that data is accurate and complete, and has not been modified or tampered with without authorization?

A. Confidentiality B. Integrity C. Availability D. Non-repudiation Show Answer

Which principle ensures that authorized users can access systems and data when needed?

A. Confidentiality B. Integrity C. Availability D. Accountability Show Answer

Which security principle involves verifying the identity of a person or entity?

A. Authorization B. Non-repudiation C. Authentication D. Privacy Show Answer

What is the primary goal of **Non-repudiation**?

A. To ensure data privacy. B. To prevent unauthorized access. C. To ensure a party cannot deny having performed an action or sent a message. D. To grant specific permissions to users. Show Answer

What is a "vulnerability" in cybersecurity?

A. A potential source of harm to an asset. B. A weakness in a system or process that can be exploited by a threat. C. An action that leads to data loss. D. A specific attack method used by hackers. Show Answer

When dealing with highly sensitive data like patient records or bank card numbers, which principle of the CIA Triad is of utmost importance?

A. Integrity B. Availability C. Confidentiality D. Accountability Show Answer

Which cybersecurity concept refers to any force or factor capable of causing harm to an asset?

A. Vulnerability B. Risk C. Threat D. Exploit Show Answer

In incident management, what is an "incident" typically characterized as?

A. Any recorded activity in a system or network. B. A normal, expected system log entry. C. A security event that threatens confidentiality, integrity, or availability and requires intervention. D. A routine system update. Show Answer

What is an "exploit" in cybersecurity?

A. A type of malware. B. A method or tool used to take advantage of a specific vulnerability. C. The unauthorized access to a network. D. A software patch. Show Answer

During which phase of the Incident Response Lifecycle is the primary goal to stop the spread of an incident to prevent further damage?

A. Detection and Analysis B. Eradication C. Containment D. Recovery Show Answer

What is a "zero-day vulnerability"?

A. A vulnerability that has been patched recently. B. A vulnerability known to the public but without an available exploit. C. A newly discovered vulnerability that developers and the public are unaware of, and for which no patch is available. D. A vulnerability with a very low risk score. Show Answer

The primary goal of a **Business Continuity (BC) plan** is to:

A. Restore IT infrastructure and data after a disaster. B. Ensure the continued operation of essential business functions during and after major incidents or disasters. C. Conduct a thorough review of an incident to improve security operations. D. Implement new security controls. Show Answer

What does **Recovery Point Objective (RPO)** define?

A. The maximum acceptable downtime for systems after a disaster. B. The amount of data loss that an organization can tolerate after a disaster. C. The time it takes to recover from an incident. D. The cost of data recovery. Show Answer

The "Lessons Learned" phase of the Incident Response Lifecycle involves:

A. Immediately stopping the spread of the incident. B. Removing the root cause of the incident. C. Conducting a comprehensive review of the incident to improve security operations and avoid recurrence. D. Restoring systems to normal operations. Show Answer

Which of the following describes an "intrusion"?

A. Any recorded system activity. B. An event where an attacker gains unauthorized access to a system or network. C. The recovery of lost data. D. A software vulnerability. Show Answer

Which of the following is the core focus of a **Disaster Recovery (DR) plan**?

A. Ensuring continuous business operations. B. Restoring IT infrastructure and data after a disaster. C. Training employees on security awareness. D. Managing changes to systems. Show Answer

If an organization's **Recovery Time Objective (RTO)** for a critical system is 4 hours, what does this mean?

A. The system must be fully operational within 4 hours after a disaster. B. The organization can lose up to 4 hours of data. C. It takes 4 hours to back up the system. D. The system must be recovered to a state no older than 4 hours. Show Answer

When a user logs in with a password and then receives a code on their phone to enter, this is an example of:

A. Single-Factor Authentication (SFA) B. Multi-Factor Authentication (MFA) C. Authorization D. Non-repudiation Show Answer

In the context of Access Control, **Authorization** refers to:

A. Proving who you are. B. Determining what an authenticated user is permitted to do or access. C. Ensuring a user cannot deny an action. D. Protecting personal data. Show Answer

In which access control model does the owner of a resource directly grant permissions to others?

A. Mandatory Access Control (MAC) B. Role-Based Access Control (RBAC) C. Discretionary Access Control (DAC) D. Attribute-Based Access Control (ABAC) Show Answer

Which access control model grants permissions based on a user's job function or role within an organization?

A. Discretionary Access Control (DAC) B. Role-Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Attribute-Based Access Control (ABAC) Show Answer

The principle of **Least Privilege** dictates that:

A. All users should have full administrative access. B. Users should only be granted the minimum permissions necessary to perform their tasks. C. Permissions should be granted based on the sensitivity of the data. D. Access control decisions are made by the system owner. Show Answer

Which principle helps prevent fraud and errors by dividing critical tasks among different individuals?

A. Least Privilege B. Separation of Duties C. Need-to-Know D. Implicit Deny Show Answer

Which authentication factor includes biometric data like fingerprints or facial recognition?

A. Something You Know B. Something You Have C. Something You Are D. Something You Do Show Answer

Which access control model determines access based on a set of attributes related to the user, resource, action, and environment?

A. Discretionary Access Control (DAC) B. Role-Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Attribute-Based Access Control (ABAC) Show Answer

A security policy states that a user must use a password (something they know) and a security token (something they have) to access sensitive data. This is an example of implementing:

A. Single-Factor Authentication (SFA) B. Multi-Factor Authentication (MFA) C. Biometric Authentication D. Attribute-Based Access Control Show Answer

The **Mandatory Access Control (MAC)** model is primarily used in environments that require:

A. High flexibility for resource owners. B. Easy administration for large organizations. C. A very high level of security and strict control based on predefined security classifications. D. Dynamic access decisions based on environmental factors. Show Answer

Which security device acts as a "gateway guard" that filters network traffic based on predefined rules?

A. Intrusion Detection System (IDS) B. Virtual Local Area Network (VLAN) C. Firewall D. Router Show Answer

What is the purpose of a **Demilitarized Zone (DMZ)** in a network architecture?

A. To host internal-only servers. B. To provide direct access to the internal network from the internet. C. To act as a buffer zone between a secure internal network and the untrusted internet, hosting public-facing servers. D. To encrypt all traffic within the internal network. Show Answer

Which of the following is a security benefit of using **VLANs**?

A. They automatically encrypt all network traffic. B. They eliminate the need for firewalls. C. They enhance security by segmenting a physical network into smaller, isolated logical networks. D. They simplify network management by combining all traffic. Show Answer

A **Host-based Intrusion Detection System (HIDS)** primarily monitors:

A. Overall network traffic. B. Activity on a single host or device. C. Email content. D. Firewall logs. Show Answer

Which protocol is crucial for synchronizing the time across devices on a network, which is vital for accurate security logging?

A. HTTPS B. FTP C. SMTP D. NTP Show Answer

The OSI (Open Systems Interconnection) model consists of how many layers?

A. 4 layers B. 5 layers C. 7 layers D. 3 layers Show Answer

Which system monitors network traffic and actively blocks detected attacks, rather than just alerting?

A. Intrusion Detection System (IDS) B. Intrusion Prevention System (IPS) C. Firewall D. Demilitarized Zone (DMZ) Show Answer

**HTTPS** primarily provides security by:

A. Blocking all malicious websites. B. Encrypting data during transmission between the browser and the server. C. Authenticating users before accessing websites. D. Providing faster web page loading speeds. Show Answer

An organization separates its guest Wi-Fi traffic from employee network traffic using a logical segmentation method. This is an example of implementing:

A. DMZ B. IDS C. VPN D. VLANs Show Answer

Which of the following describes the function of an **Intrusion Detection System (IDS)**?

A. To actively block malicious traffic. B. To monitor network or system activities for suspicious patterns and issue alerts. C. To encrypt data between two points. D. To manage user access permissions. Show Answer

Which security tool is designed to detect, prevent, and remove malicious software like viruses and ransomware from individual devices?

A. Firewall B. Anti-malware C. DLP (Data Loss Prevention) D. SIEM (Security Information and Event Management) Show Answer

The primary function of **Data Loss Prevention (DLP)** systems is to:

A. Encrypt data at rest. B. Monitor and inspect outbound communications to prevent sensitive data from leaving the organization. C. Perform vulnerability assessments. D. Manage network access control. Show Answer

The process of regularly updating systems and software to fix known security vulnerabilities is known as:

A. Configuration Management B. Vulnerability Scanning C. Patch Management D. Risk Assessment Show Answer

A centralized tool that collects and analyzes security logs from multiple sources to help detect and respond to threats is known as:

A. DLP (Data Loss Prevention) B. SIEM (Security Information and Event Management) C. IDS (Intrusion Detection System) D. IPS (Intrusion Prevention System) Show Answer

Which security operation focuses on educating employees about security best practices and common threats like phishing?

A. Change Management B. Logging and Monitoring C. Security Awareness and Training D. Incident Response Show Answer

A company implements a policy that outlines acceptable and unacceptable behaviors for using its IT systems and resources. This document is known as:

A. Disaster Recovery Plan (DRP) B. Incident Response Plan (IRP) C. Acceptable Use Policy (AUP) D. Business Continuity Plan (BCP) Show Answer

The main purpose of **Change Management** is to:

A. Track all security incidents. B. Ensure that all system updates are automated. C. Systematically manage changes to infrastructure, systems, and processes to minimize risks and ensure business continuity. D. Conduct regular security audits. Show Answer

When implementing **Patch Management**, what important consideration should always be made to mitigate unforeseen issues?

A. Always apply patches immediately without testing. B. Be prepared to roll back any patch if it causes unexpected problems. C. Only apply patches to critical systems. D. Delegate patch application to end-users. Show Answer

**Logging and Monitoring** operations are essential for security because:

A. They replace the need for antivirus software. B. They help to determine malicious activity and facilitate incident investigation. C. They guarantee 100% security against all attacks. D. Their primary purpose is to generate compliance reports only. Show Answer

Why is the human element often considered the weakest link in the security chain?

A. Because technical controls are always perfect. B. Due to a lack of proper security awareness and training, leading to human errors and susceptibility to social engineering. C. Employees intentionally leak sensitive information. D. Because humans are naturally resistant to security policies. Show Answer