Pass the ISC certification CC Questions and answers with Dumpstech

An exploit is the method or code used to take advantage of a known vulnerability. Successful exploitation may result in an intrusion or breach.

A BIA identifies critical systems, dependencies, and acceptable downtime to establish recovery priorities.

Recovery controls restore systems and data after an incident. Examples include backups, failover systems, and disaster recovery procedures.

Metal detectors are effectivepreventive physical controlsthat detect electronic devices and storage media. They are commonly used in high-security environments to enforce device restrictions.

A hub broadcasts incoming traffic toall connected devices, regardless of the destination. This creates unnecessary traffic and security risks. A switch, however, uses MAC address tables to forward trafficonly to the intended destination port, making it far more efficient and secure.

Hubs operate at OSI Layer 1, while switches operate at Layer 2. Because hubs broadcast traffic indiscriminately, they are rarely used in modern networks.

Procedures provide detailed, actionable steps explaining how to perform tasks in compliance with policies and standards.

Spoofing involves falsifying identity information such as IP or MAC addresses to bypass security controls.

The principle of least privilege states that users, systems, and processes should be granted only the minimum permissions required to perform their assigned tasks—nothing more. This principle reduces the attack surface and limits potential damage from compromised accounts or insider threats.

If an attacker gains access to a low-privilege account, the impact is significantly reduced compared to a highly privileged account. Least privilege also helps prevent accidental misuse of system resources.

Two-person control requires two individuals to approve an action. Job rotation reduces fraud by changing responsibilities. Separation of privileges ensures critical tasks require multiple permissions. While all are valid security concepts, least privilege directly addresses permission minimization.

This principle is foundational in access control models, identity and access management (IAM), and zero trust architectures. NIST and CIS explicitly recommend least privilege as a core security control for protecting systems and sensitive data.

High availability (HA) refers to system designs that ensure continuous operation by minimizing downtime in the event of component failures. Adding a backup firewall that automatically takes over when the primary firewall fails is a classic example of high availability.

HA solutions often use failover mechanisms, heartbeat monitoring, and redundancy to ensure seamless service continuity. The goal is to maintain availability, which is a core pillar of the CIA triad.

Component redundancy describes duplicated parts, but high availability focuses on the operational outcome—continued service. Load balancing distributes traffic, not failover. Clustering involves multiple systems working together, but HA specifically emphasizes fault tolerance and uptime.

High availability is critical for security infrastructure such as firewalls, authentication servers, and monitoring tools. NIST and ISO frameworks stress HA as essential for business continuity, disaster recovery, and resilient security operations.

A complete BCP includes response procedures, communication plans, and management authority to ensure coordinated recovery.