Notesale: Turn your study into money

Document Preview

Extracts from the notes are below, to see the PDF you'll receive please use the links above

---

ISC2 PRE-ASSESSMENT: 2025–2026 LATEST EXAM PRACTICE
80 QUESTIONS WITH MOST TESTED TOPICS (HARVARD
STYLE)
DESIGNED TO HELP CANDIDATES PREPARE FOR ISC2 CERTIFICATIONS, THIS 2025–2026 PREASSESSMENT INCLUDES HIGH-YIELD QUESTIONS COVERING CORE SECURITY CONCEPTS, ACCESS
CONTROL, NETWORK DEFENSE, AND INCIDENT RESPONSE
...


The Triffid Corporation publishes a strategic overview of the company's intent to secure all the data
the company possesses
...
What kind of
document is this? (D1, L1
...
1)
Question options:
A) Policy
B) Procedure
C) Standard
D) Law
A) Policy
A is correct
...
B is incorrect; this is a
strategic overview, not a specific process or practice, so it is not a procedure
...
D is
incorrect; this is not a legal mandate issued by a government, so it is not a law
...
After
attending a few online sessions, Tina learns that some participants in the group are sharing malware
with each other, in order to use it against other organizations online
...
5
...
The ISC2 Code of Ethics requires that members "protect society, the common
good, necessary public trust and confidence, and the infrastructure"; this would include a prohibition
against disseminating and deploying malware for offensive purposes
...
Tina should stop participating in the group, and
perhaps (for Tina's own protection) document when participation started and stopped, but no other
action is necessary on Tina's part
...
This is a type of ________ control
...
3
...
A software firewall is a technical control, because it is a part of the IT environment
...
B is incorrect; a
software firewall is not a rule or process
...
However, answer D is a much better way to describe a software firewall
...


We have an expert-written solution to this problem!
Aphrodite is a member of ISC2 and a data analyst for Triffid Corporation
...
What should Aphrodite do? (D1, L1
...
1)
Question options:
A) Inform ISC2
B) Inform law enforcement
C) Inform Triffid management

D) Nothing
C) Inform Triffid management
C is the best answer
...
" This includes reporting policy violations to Triffid management
(Triffid is the principal, in this case)
...


The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc
...
What kind of control is this?
(D1, L1
...
1)
Question options:
A) Administrative
B) Entrenched
C) Physical
D) Technical
D) Technical
D is correct
...
A is incorrect
...
B is incorrect; "entrenched" is not a term commonly used to describe a particular type of
security control, and is used here only as a distractor
...


Triffid Corporation has a policy that all employees must receive security awareness instruction before
using email; the company wants to make employees aware of potential phishing attempts that the
employees might receive via email
...
3
...
Both the policy and the instruction are administrative controls; rules and governance are
administrative
...
C is incorrect; training is not a tangible object,
so this is not a physical control
...


The senior leadership of Triffid Corporation decides that the best way to minimize liability for the
company is to demonstrate the company's commitment to adopting best practices recognized
throughout the industry
...

The Triffid document is a ______, and the SANS documents are ________
...
4
...
The Triffid document is a strategic, internal rule published by senior
management; this is a policy
...
A and C are incorrect, because neither document was issued by a governmental
body, so they are not laws
...


What is the overall objective of a disaster recovery (DR) effort? (D2, L2
...
1)
Question options:
A) Save money
B) Return to normal, full operations
C) Preserve critical business functions during a disaster
D) Enhance public perception of the organization

B) Return to normal, full operations
B is correct
...
A is
incorrect; DR is often quite expensive, and not a cost-saving measure
...
D is incorrect; DR efforts are intended to return the organization to
normal, full operations, not enhance public perception
...
3
...
Resuming full normal operations too soon after a disaster might mean personnel are put
in danger by whatever effects the disaster caused
...
D is incorrect; saving money is not
a risk, it is a benefit
...
1
...
The overall incident response effort is to reduce the impact incidents might have on the
organization's operations
...
" C is
incorrect; security practitioners are neither law enforcers nor superheroes
...


What is the goal of Business Continuity efforts? (D2, L2
...
1)
Question options:
A)Save money
B)Impress customers
C)Ensure all IT systems continue to operate
D)Keep critical business functions operational
Hide question 24 feedback
D is correct
...
A is incorrect;
Business Continuity efforts often require significant financial expenditures
...
C is incorrect;
Business Continuity efforts should focus specifically on critical business functions, not the entire IT
environment
...
3
...
Alternate operations are typically more costly than normal operations, in terms of
impact to the organization; extended alternate operations could harm the organization as much as a
disaster
...
C is incorrect;
this would actually be an argument for delaying alternate operations, but it doesn't make much
sense
...


Prachi works as a database administrator for Triffid, Inc
...
When Prachi logs onto the system, an
access control list (ACL) checks to determine which permissions Prachi has
...
1
...
Prachi is manipulating the database, so the database is the object in the subject-objectrule relationship in this case
...
D is incorrect because "site" has no meaning in this context
...
Bruce wants to determine which personnel at the branch can
get access to systems, and under which conditions they can get access
...
3
...
B is the correct answer
...
C is
incorrect; in role-based access control, managers do not have the authority to determine who gets
access to particular assets
...


Prachi works as a database administrator for Triffid, Inc
...
When Prachi logs onto the system, an
access control list (ACL) checks to determine which permissions Prachi has
...
1
...
The ACL, in this case, acts as the rule in the subject-object-rule relationship
...
A and B are
incorrect, because the ACL is the rule in this case
...


A security solution installed on an endpoint in order to detect potentially anomalous activity
...
2
L4
...
2)
Question options:
A)
Router
B)
Host-based intrusion prevention system
C)
Switch
D)
Security incident and event management system (SIEM)
Hide question 5 feedback

Correct
...


The common term used to describe the mechanisms that control the temperature and humidity in a
data center
...
3 L4
...
1)
Question options:
A)
VLAN (virtual local area network)
B)

HVAC (heating, ventilation and air conditioning)
C)
STAT (system temperature and timing)
D)
TAWC (temperature and water control)
Hide question 7 feedback

B Correct
...


A cloud arrangement whereby the provider owns and manages the hardware, operating system, and
applications in the cloud, and the customer owns the data
...
3 L4
...
2)
Question options:
A)
Infrastructure as a service (IaaS)
B)
Morphing as a service (MaaS)
C)
Platform as a service (PaaS)
D)
Software as a service (SaaS)
Hide question 8 feedback

Correct
...


Which of the following does not normally influence an organization’s retention policy for logs? (D5,
L5
...
3)

A
...
Audits

C
...
Regulations

Check Answer

Correct answer: B
...
Organizations must maintain adherence to retention policy for logs as prescribed by law,
regulations and corporate governance
...
1, L5
...
1)
Question options:
A)
Encryption
B)
Hashing
C)
Hard copy
D)
Data life cycle
Hide question 1 feedback

Correct
...


Who is responsible for publishing and signing the organization's policies? (D5
...
3
...
Policies are direct organizational mandates from senior management
...
1, L5
...
3)
Question options:
A)
Logs should be very detailed
B)
Logs should be in English
C)
Logs should be concise
D)
Logs should be stored separately from the systems they're logging
Hide question 4 feedback

Correct
...


A ready visual cue to let anyone in contact with the data know what the classification is
...
1,
L5
...
1)

Question options:
A)
Encryption
B)
Label
C)
Graphics
D)
Photos
Hide question 6 feedback

Correct
...


A mode of encryption for ensuring confidentiality efficiently, with a minimum amount of processing
overhead (D5
...
1
...
Asymmetric encryption can provide confidentiality but entails more processing overhead
than symmetric encryption

---