Pass the ISC certification CC Questions and answers with Dumpstech

Criticality reflects how essential an asset or system is to business success or mission accomplishment. It is commonly determined during a Business Impact Analysis (BIA) and influences recovery priorities.

John the Ripper is a well-known password cracking tool used to test the strength of passwords by performing brute-force, dictionary, and hybrid attacks. It is commonly used by security professionals during penetration testing and password audits to identify weak credentials.

Burp Suite is a web application testing tool, Nslookup is a DNS query utility, and Wireshark is a packet analyzer. None of these tools are designed specifically for password cracking.

While John the Ripper can be used maliciously, it is also widely used defensively to improve password policies and enforce strong authentication practices. Its existence highlights the importance of strong passwords, hashing, salting, and multi-factor authentication.

A Content Delivery Network (CDN) provides the greatest resilience against large-scale DDoS attacks by distributing traffic across a globally dispersed network of edge servers. CDNs absorb and filter malicious traffic before it reaches the origin infrastructure.

Increasing servers or bandwidth helps only to a limited extent and can still be overwhelmed by volumetric attacks. IPS-based mitigation is effective for smaller attacks but is not designed to handle massive distributed floods. CDNs combine traffic absorption, rate limiting, caching, and threat filtering at scale.

Major CDNs operate with terabits of capacity and specialized DDoS defenses, making them highly effective against attacks that would cripple individual organizations.

For public-facing applications, CDNs are considered a best-practice defensive control against availability attacks.

A hierarchical database organizes data in a tree-like structure where each parent record can have multiple child records, but each child has only one parent. This model resembles a file system hierarchy and is designed to represent one-to-many relationships efficiently.

Hierarchical databases were among the earliest database models and are still used in specific environments such as legacy systems and mainframe applications. Data access is fast when the hierarchy is well understood, but the model lacks flexibility when relationships become complex.

Relational databases use tables with rows and columns, object-oriented databases store objects, and network databases allow many-to-many relationships. Only the hierarchical model strictly enforces a tree structure.

Understanding database models is important for security professionals when evaluating access control, data exposure, and system design risks.

Type 1 authentication is “something you know,” such as passwords or PINs. Other options represent possession-based or biometric authentication.

While managementparticipatesin BCP, “management” alone is not a documented component. The other options represent formal, documented BCP elements.

Non-repudiation is a core security principle that ensures an individual or system cannot deny having performed a specific action. In cybersecurity, this concept is critical for accountability, auditing, and legal enforcement. Non-repudiation provides assurance that an action—such as sending an email, approving a transaction, or signing a document—can be definitively attributed to a specific user.

This principle is commonly enforced using cryptographic techniques such as digital signatures, public key infrastructure (PKI), hashing, and secure logging. For example, when a user digitally signs a document using their private key, anyone can later verify that signature using the corresponding public key. This prevents the signer from denying authorship.

Non-repudiation is particularly important in financial systems, legal documents, and regulated environments where proof of action is required. It differs from authentication, which verifies identity, and authorization, which defines permissions. Non-repudiation focuses on ensuring that actions are traceable and undeniable, supporting forensic investigations and compliance with security and legal requirements.

A Red Book is ahard-copy version of critical business continuity and emergency procedures. It is essential when disasters such as hurricanes, earthquakes, or cyberattacks disable power, networks, or electronic backups. In such scenarios, electronic access may be impossible, making physical documentation vital.

NIST publishes standards and frameworks. GDPR and HIPAA are regulations and laws, not standards bodies.

Security testing is used to verify that a specific control is functioning as intended. In this scenario, John wants to confirm that authentication controls operate correctly, which requires actively testing them under real or simulated conditions.

Security assessments evaluate overall security posture and risk, audits focus on compliance and policy adherence, and walkthroughs are informal reviews or demonstrations. None of these directly validate control effectiveness as precisely as testing.

Security testing may include functional testing, penetration testing, or control validation exercises to confirm expected behavior. For authentication controls, this might involve testing login mechanisms, MFA enforcement, failure handling, and session management.

NIST SP 800-53 and ISO/IEC 27001 both emphasize testing as a critical step in ensuring security controls are implemented correctly and remain effective over time.