ISC2-CC Domain 1: Security Principles Welcome to your ISC2-CC Domain 1: Security Principles 1. CC: Security Principles In the context of security principles, which of the following best exemplifies the concept of 'least privilege'? A. Granting every user admin rights to ensure ease of system access. B. Assigning permissions based on the minimum necessary for job functions. C. Implementing multi-factor authentication for all system users. D. Encrypting all data stored on the company's servers. None 2. CC: Security Principles Which of the following best describes the principle of 'defense in depth' in cybersecurity? A. Using a single, strong firewall to protect the network perimeter. B. Implementing multiple layers of security controls throughout an IT system. C. Focusing exclusively on external threats to strengthen network security. D. Deploying antivirus software on all endpoint devices. None 3. CC: Security Principles In terms of security principles, what does the concept of 'fail-safe defaults' entail? A. Systems default to an open access state in case of failure. B. Systems default to a secure state, denying access when a failure occurs. C. Automatic backup of all system data during a security breach. D. Immediate shutdown of systems when a security breach is detected. None 4. CC: Security Principles Which principle emphasizes the importance of ongoing, cyclical processes for improving security posture? A. Security through obscurity. B. Security as a business enabler. C. Continuous improvement. D. Risk management. None 5. CC: Security Principles What does the principle of 'security by design' advocate for? A. Adding security features to a product after it has been developed. B. Integrating security considerations into the development process from the outset. C. Focusing on physical security measures during the design phase. D. Designing security policies and procedures after system deployment. None 6. CC: Security Principles In cybersecurity, what is meant by the term 'risk transference'? A. Eliminating all potential risks from a system. B. Shifting the responsibility for risk to a third party, such as through insurance. C. Reducing risk by implementing security controls. D. Ignoring risk in favor of operational efficiency. None 7. CC: Security Principles Which concept is central to understanding 'information security governance'? A. Ensuring that all users have unrestricted access to information. B. Bypassing standard security protocols to speed up system performance. C. Aligning information security strategies with business objectives. D. Focusing solely on technical solutions to secure information. None 8. CC: Security Principles What is the primary focus of 'data sovereignty' in the context of cybersecurity? A. The encryption standards used to secure data. B. The physical location where data is stored and its legal implications. C. The amount of data an organization can store. D. The speed at which data can be accessed. None 9. CC: Security Principles In cybersecurity, 'non-repudiation' ensures that: A. Users can deny their actions on a system. B. Data cannot be duplicated without authorization. C. An entity cannot deny the authenticity of their signature on a document or message. D. All network communications are encrypted. None 10. CC: Security Principles Which principle underlies the concept of 'compartmentalization' in securing information systems? A. Granting every user access to all system resources for transparency. B. Dividing system resources and information into distinct segments to limit access. C. Centralizing all data storage for easier management and security. D. Removing all barriers to information flow within an organization. None 11. CC: Security Principles In the context of security principles, the concept of 'separation of duties' is designed to: A. Concentrate all critical tasks within a single department for efficiency. B. Assign all security-related tasks to the IT department only. C. Prevent fraud and errors by dividing tasks among multiple individuals or groups. D. Ensure that all employees have the ability to perform each other's jobs. None 12. CC: Security Principles In the context of access control, the concept of "context-based access control" primarily relies on which of the following factors? A. The strength of the user's password. B. The user's role within the organization. C. Environmental or situational attributes. D. The encryption method used for data transmission. None 13. CC: Security Principles Which of the following best describes the principle of "pervasive security monitoring"? A. Monitoring only the network perimeter for potential threats. B. Continuously monitoring all layers of an IT system for security threats. C. Implementing security measures only after a breach has been detected. D. Focusing security efforts solely on high-value assets. None 14. CC: Security Principles The cybersecurity principle of "asset classification and control" is crucial for which reason? A. It ensures all users have equal access to information resources. B. It mandates the use of strong passwords for all system accounts. C. It helps in identifying and applying appropriate protections based on asset value. D. It requires the encryption of all data, regardless of its sensitivity. None 15. CC: Security Principles What is the primary objective of "threat modeling" in cybersecurity? A. To design aesthetically pleasing security interfaces. B. To predict and prioritize potential threats to an IT system. C. To ensure compliance with international cybersecurity standards. D. To monitor network traffic in real-time for anomaly detection. None 16. CC: Security Principles In cybersecurity, "security convergence" refers to: A. The merging of physical and information security practices. B. The use of a single password across multiple systems. C. The consolidation of all security logs into one database. D. The alignment of security and business goals. None 17. CC: Security Principles Which principle advocates for the creation of security policies that adapt over time based on new insights and evolving threats? A. Static security policy. B. Adaptive security policy. C. Fixed security framework. D. Immutable security guidelines. None 18. CC: Security Principles The concept of "zero trust security" is based on which of the following assumptions? A. Trust is granted once and is valid for all network interactions. B. Trust is never assumed and must be continuously verified. C. Trust is only necessary for external connections. D. Trust is based solely on the physical location of access attempts. None 19. CC: Security Principles What is the primary goal of "data minimization" in privacy and security practices? A. To collect as much data as possible for future analysis. B. To limit data collection to the minimum necessary for the intended purpose. C. To maximize the storage of data for regulatory compliance. D. To encrypt all collected data regardless of its sensitivity. None 20. CC: Security Principles In cybersecurity, "quantitative risk analysis" primarily involves: A. Estimating the impact of risks using descriptive language. B. Calculating the potential impact of risks using numerical data. C. Ignoring low-impact risks to focus on high-impact ones. D. Focusing solely on the qualitative aspects of security vulnerabilities. None 1 out of 20 Time is Up! Time's up
