Free ISC CC Practice Exam with Questions & Answers | Set: 8

AVirtual Private Network (VPN)creates an encrypted tunnel across untrusted networks such as the Internet. VPNs protect confidentiality and integrity by encrypting authentication credentials and data traffic.

TLS Session Resumption is used to optimize the TLS handshake process by reducing the number of round trips required between the client and server. Instead of performing a full handshake, session resumption allows previously negotiated security parameters to be reused.

This significantly improves performance and reduces latency, especially for applications with frequent connections such as web services and APIs. Session resumption can be implemented using session IDs or session tickets.

TLS renegotiation re-establishes parameters mid-session, TLS heartbeat is unrelated and historically associated with vulnerabilities, and “TLS FastTrack” is not a valid standard. TLS Session Resumption is formally defined in TLS specifications and is widely used in modern secure communications.

Distributed Denial of Service (DDoS) attacks primarily impactavailability, one of the three pillars of the CIA triad. DDoS attacks overwhelm systems, networks, or applications with massive volumes of traffic, exhausting resources such as bandwidth, CPU, or memory and preventing legitimate users from accessing services.

The goal of a DDoS attack is not to steal data, alter information, or deny accountability, but rather todisrupt access. Confidentiality and integrity may remain intact, but users are unable to reach the system, resulting in service outages, financial loss, and reputational damage.

Availability is a critical security objective for public-facing services such as websites, APIs, and online platforms. Defenses against DDoS attacks include traffic filtering, rate limiting, content delivery networks (CDNs), scrubbing services, and redundant architectures.

Security frameworks such as NIST and ISO/IEC explicitly associate denial-of-service attacks with availability risks, making availability the most directly affected cybersecurity principle.

A security incident is any event that actually or potentially compromises confidentiality, integrity, or availability.

Simulations provide realistic testing by executing scenarios that closely mirror real disruptions, revealing gaps and readiness levels better than discussions or reviews.

Microsegmentationdivides networks into granular zones protected by internal firewalls or policy enforcement points. It limits lateral movement and is a core Zero Trust principle.

Security benchmarks define baseline performance and configuration standards against which systems are measured.

BCPs should be testedroutinely(e.g., tabletop, simulations) to ensure readiness and relevance.

ABusiness Continuity Plan (BCP)ensures critical business functions continue or are restored during and after disruptions.

The primary objective of DRP is restoring IT systems to a reliable operational state.