Pass the ISC certification CC Questions and answers with Dumpstech

Modern firewalls operate at Layers 3, 4, and 7, supporting packet filtering, stateful inspection, and application-layer filtering.

Disaster Recovery Planning focuses specifically on restoring IT infrastructure, systems, and communications.

Anintrusionis an unauthorized attempt to access systems or resources, whether successful or not.

Electromagnetic eavesdropping (TEMPEST attacks) exploits signal leakage. EMI shielding blocks emissions, screened rooms prevent signal escape, and white noise generators mask signals. Together, these controls provide comprehensive protection.

Criticality reflects how essential an asset is to business operations or mission success. It influences prioritization, recovery planning, and protection strategies.

A security incident is an event that threatens or violates CIA principles. Not all incidents result in breaches.

Distributed Denial of Service (DDoS) attacks primarily impactavailability, one of the three pillars of the CIA triad. DDoS attacks overwhelm systems, networks, or applications with massive volumes of traffic, exhausting resources such as bandwidth, CPU, or memory and preventing legitimate users from accessing services.

The goal of a DDoS attack is not to steal data, alter information, or deny accountability, but rather todisrupt access. Confidentiality and integrity may remain intact, but users are unable to reach the system, resulting in service outages, financial loss, and reputational damage.

Availability is a critical security objective for public-facing services such as websites, APIs, and online platforms. Defenses against DDoS attacks include traffic filtering, rate limiting, content delivery networks (CDNs), scrubbing services, and redundant architectures.

Security frameworks such as NIST and ISO/IEC explicitly associate denial-of-service attacks with availability risks, making availability the most directly affected cybersecurity principle.

Distributed Denial-of-Service (DDoS) attacks overwhelm targets with traffic from multiple sources, disrupting availability.

Authentication is the phase of the AAA (Authentication, Authorization, Accounting) model in which a user proves their identity. During authentication, the system verifies that the user is who they claim to be by validating credentials such as passwords, biometrics, smart cards, or cryptographic keys.

Identification occurs first, when a user claims an identity (for example, entering a username). Authentication then confirms that claim. Authorization follows authentication and determines what actions the authenticated user is permitted to perform. Accounting tracks and logs user activities for auditing and monitoring purposes.

Strong authentication is critical to system security because all subsequent access control decisions depend on its accuracy. Weak authentication mechanisms increase the risk of unauthorized access, credential theft, and impersonation attacks.

Modern security frameworks emphasize multi-factor authentication (MFA) to strengthen this phase. NIST SP 800-63 highlights authentication as a core security function essential to protecting systems, data, and services from unauthorized access.

GDPR directly addresses privacy, while FIPS and MOUs can also relate to privacy controls and data handling requirements.