Free ISC CC Practice Exam with Questions & Answers | Set: 4

Password Authentication Protocol (PAP) is the least secure option because it transmits credentials in clear text over the network. This makes PAP highly vulnerable to eavesdropping and credential theft.

CHAP improves security by using challenge-response mechanisms. EAP supports strong authentication methods, including certificates and MFA. IPsec provides encrypted and authenticated network communication.

Because PAP lacks encryption and protection mechanisms, it is generally discouraged and considered obsolete. Modern security standards strongly advise against its use in favor of encrypted authentication protocols.

Cross-Site Request Forgery (CSRF) tricks an authenticated user’s browser into sending unauthorized requests to a trusted server. Because the user is already authenticated, the server processes the request as legitimate.

XSS injects malicious scripts, while spoofing involves impersonation. CSRF exploits trust in an existing authenticated session. Defenses include CSRF tokens, same-site cookies, and proper request validation.

Most VPNs (e.g., IPSec) operate atLayer 3 (Network layer), encapsulating IP packets to create secure tunnels.

TheBusiness Continuity Planincludes immediate response actions, communication plans, and leadership guidance.

An Advanced Persistent Threat (APT) involves stealthy, long-term access to systems for espionage, data theft, or sabotage.

An Incident Response Plan (IRP) defines procedures for managing and mitigating security incidents.

ABusiness Impact Analysis (BIA)identifies critical systems, dependencies, and acceptable downtime to prioritize recovery and continuity strategies.

When incidents escalate beyond containment and business continuity measures are insufficient, theDisaster Recovery Plan (DRP)is activated to restore IT systems and infrastructure.

IPSec uses sequence numbers in AH and ESP headers to detect and reject duplicate packets. This prevents attackers from capturing and replaying valid packets. Anti-replay protection is a core IPSec security feature defined by the IETF.

Disaster Recovery (DR)focuses specifically on restoring IT systems and communications following outages.