Free ISC CC Practice Exam with Questions & Answers | Set: 5

An Incident Response Plan (IRP) defines how to detect, analyze, contain, eradicate, and recover from security incidents.

In Business Continuity Planning (BCP), the termbusinessrefers primarily to theoperational aspects of the organization—the people, processes, and activities required to deliver products and services. While IT systems, finances, and facilities support operations, BCP focuses on ensuring thatcritical business functions continueduring and after disruptions.

This includes customer service, supply chain operations, payroll, compliance activities, and decision-making processes. BCP is broader than disaster recovery, which focuses mainly on restoring IT systems. According to NIST SP 800-34, business continuity emphasizes mission-essential functions and their dependencies, including personnel, third parties, facilities, and technology.

Personally Identifiable Information (PII) refers to any data that can be used to identify a specific individual, either directly or indirectly. Examples include full name, Social Security number, date of birth, address, email address, phone number, and biometric identifiers.

PII is regulated by numerous laws and standards, including privacy regulations and data protection frameworks. Protecting PII is critical to prevent identity theft, fraud, and privacy violations.

Health information is a subset of sensitive data (often classified as PHI). Trade secrets and business data fall under intellectual property. Information classification levels describe value, not identity.

Security controls for PII typically include encryption, access control, monitoring, and data loss prevention mechanisms.

Hashing is the best control for detecting unauthorized changes to source code. By generating cryptographic hash values for approved versions of files, any modification—intentional or accidental—will result in a different hash, immediately indicating tampering.

Backups help recover data but do not prevent or detect unauthorized changes. File labels provide classification but do not ensure integrity. Security audits review compliance but do not continuously detect changes.

Hashing supports integrity assurance, which is a core security objective. Tools such as file integrity monitoring (FIM) systems rely on hashing to alert administrators when files are altered unexpectedly.

NIST and CIS controls emphasize hashing and integrity monitoring as essential for protecting code repositories, system files, and critical configurations, especially in DevOps and CI/CD environments.

This scenario describes areplay attack, in which an attacker captures valid authentication data and reuses it later to gain unauthorized access. Juli is passively monitoring network traffic, capturing credentials as they are transmitted, and planning to reuse them in a future attack.

Replay attacks often occur when authentication mechanisms do not use protections such as encryption, nonces, timestamps, or session tokens. If credentials are transmitted in clear text or without replay protection, attackers can intercept and reuse them without needing to crack passwords.

Brute-force and dictionary attacks involve guessing credentials, not capturing them. Social engineering relies on human manipulation rather than technical interception.

Replay attacks highlight the importance of secure protocols such as TLS, encrypted authentication exchanges, challenge-response mechanisms, and one-time passwords. NIST authentication guidance explicitly identifies replay resistance as a critical requirement for secure authentication systems.

An intranet is a private network that uses internet technologies (such as TCP/IP and web browsers) but is accessible only to an organization’s internal users. It mirrors the structure and functionality of the internet while remaining private.

An extranet extends limited access to external partners. A VLAN is a logical network segmentation technique. A VPN is a secure communication tunnel, not a network architecture.

Intranets are commonly used for internal portals, documentation, collaboration tools, and internal services. From a security standpoint, intranets require strong authentication, segmentation, and access controls.

AnOn-Path (Man-in-the-Middle)attack allows attackers to intercept, modify, or replay communications between two parties without their knowledge.

An IPSec replay attack occurs when an attacker captures legitimate encrypted packets and attempts to retransmit (replay) them to gain unauthorized access or disrupt communication. The attacker does not need to decrypt the packets; instead, they rely on resending previously valid packets within an existing session.

Without proper protections, replayed packets could be accepted as valid, allowing attackers to impersonate legitimate users or repeat sensitive actions. IPSec defends against replay attacks usingsequence numbers and sliding windows, which ensure packets are processed only once and in the correct order.

Packet modification, eavesdropping, and traffic flooding are different attack types and are not specifically replay attacks. Replay attacks are particularly dangerous in authentication and session-based protocols, which is why anti-replay protection is a mandatory IPSec feature defined by the IETF.

A session key is a temporary cryptographic key used to encrypt communication between two systems for a single session. Session keys are typically symmetric keys generated during secure key exchange processes such as TLS handshakes.

They provide confidentiality and efficiency because symmetric encryption is much faster than asymmetric encryption. Once the session ends, the key is discarded, limiting exposure even if the key is later compromised.

Public keys are used for key exchange and authentication, not bulk data encryption. “Temporary key” and “section key” are not standard cryptographic terms.

Session keys are fundamental to secure network communications and are recommended by all modern cryptographic standards due to their performance and security benefits.

Anintrusionis an unauthorized attempt to access systems or networks. Not all intrusions succeed or result in breaches, but they represent active threats.