Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Security Principles practice sets

ISC2 CC Security Principles • Complete Question Bank

ISC2 CC Security Principles — All Questions With Answers

Complete ISC2 CC Security Principles question bank — all 0 questions with answers and detailed explanations.

159
Questions
Free
No signup
Certifications/ISC2 CC/Practice Test/Security Principles/All Questions
Question 1easymultiple choice
Read the full Security Principles explanation →

A security analyst discovers that an employee's workstation has been infected with ransomware. Which security principle has been directly violated?

Question 2mediummultiple choice
Read the full Security Principles explanation →

A company is designing a new authentication system for remote employees. They want to ensure that if one authentication factor is compromised, the system remains secure. Which security principle should they apply?

Question 3hardmultiple choice
Read the full Security Principles explanation →

During a security audit, it is found that a database administrator can access payroll data. The company policy states that administrators should not have access to sensitive HR data. Which security principle is being violated?

Question 4easymultiple choice
Read the full Security Principles explanation →

A company has implemented a policy where all employees must use a smart card and PIN to access the data center. Which security principle does this practice support?

Question 5mediummultiple choice
Read the full Security Principles explanation →

A security engineer is configuring a firewall to allow web traffic but block all other inbound connections. The firewall is set to deny all traffic by default and only allow specific ports. Which security principle is being applied?

Question 6hardmultiple choice
Read the full Security Principles explanation →

An organization is implementing a new system that processes financial transactions. To reduce the risk of fraud, they ensure that no single individual can both initiate and approve a transaction. Which security principle is this?

Question 7easymultiple choice
Read the full Security Principles explanation →

A company's security policy states that employees should only have access to the data necessary to perform their job functions. This is an example of which principle?

Question 8mediummultiple choice
Read the full Security Principles explanation →

After a security breach, it was discovered that an attacker used a stolen certificate to sign malicious code. Which security principle was compromised?

Question 9hardmultiple choice
Read the full Security Principles explanation →

A security analyst is reviewing logs and finds that a user accessed files outside of their department. The user claims it was necessary for a project. Which principle should the analyst use to assess whether this was appropriate?

Question 10mediummultiple choice
Read the full Security Principles explanation →

A company wants to ensure that if a server fails, it does not cause a security breach. Which principle should guide the design?

Question 11easymultiple choice
Read the full Security Principles explanation →

A security team implements a policy that requires all access to sensitive data to be logged and audited. Which principle is being enforced?

Question 12mediummulti select
Read the full Security Principles explanation →

Which TWO of the following are fundamental security principles? (Select TWO.)

Question 13hardmulti select
Read the full Security Principles explanation →

Which THREE of the following are examples of implementing defense in depth? (Select THREE.)

Question 14easymulti select
Read the full Security Principles explanation →

Which TWO of the following are principles of the CIA triad? (Select TWO.)

Question 15mediummulti select
Read the full Security Principles explanation →

Which THREE of the following are examples of the principle of least privilege? (Select THREE.)

Question 16mediummultiple choice
Read the full Security Principles explanation →

An analyst reviews the exhibit. Which security principle is being violated by allowing root login via SSH?

Exhibit

Refer to the exhibit.

```
Oct 15 10:23:45 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:46 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:47 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:48 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Oct 15 10:23:49 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
```
Question 17hardmultiple choice
Read the full Security Principles explanation →

An analyst reviews the exhibit. What security principle is best demonstrated by this policy?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::bucket1/*",
      "Condition": {
        "IpAddress": {"aws:SourceIp": "10.0.0.0/24"}
      }
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::bucket2/*"
    }
  ]
}
```
Question 18easymultiple choice
Read the full Security Principles explanation →

An administrator reviews the exhibit. Which security principle is being violated?

Exhibit

Refer to the exhibit.

```
User: jdoe
Groups: Domain Users, VPN Users, HR-Read
Effective Permissions on \\server\HRDocs:
  - Read
  - Write (inherited from HR-Read group)
  - Deny Delete
```
Question 19mediummultiple choice
Read the full Security Principles explanation →

A mid-sized company has a network with 200 employees. The security team has implemented a policy that requires all employees to use complex passwords and change them every 60 days. However, the company has experienced multiple phishing attacks where employees have willingly provided their credentials to fake websites. The CEO wants to implement a more robust authentication method. The company uses Microsoft Active Directory and has a budget for new security tools. They also have a remote workforce. Which of the following is the BEST course of action to address the phishing risk?

Question 20hardmultiple choice
Read the full Security Principles explanation →

A financial services firm has a data center that houses customer financial records. They have implemented a defense-in-depth strategy including firewalls, IDS/IPS, and encryption. Recently, an internal audit revealed that a junior administrator has been logging into the database server with a shared admin account and has made unauthorized changes to customer records. The company wants to prevent such incidents in the future while maintaining operational efficiency. The current environment uses Linux servers with PostgreSQL databases. There is no centralized authentication system. What is the BEST action to take?

Question 21easymultiple choice
Read the full Security Principles explanation →

A security administrator notices that a user with standard privileges was able to modify a system file. Which security principle has been violated?

Question 22mediummultiple choice
Read the full Security Principles explanation →

A company deploys a web application firewall (WAF), performs regular vulnerability scans, and implements strict access controls. Which security principle is being applied?

Question 23hardmultiple choice
Read the full Security Principles explanation →

An organization requires that two separate administrators approve and implement changes to firewall rules. This practice enforces which security principle?

Question 24mediummulti select
Read the full Security Principles explanation →

Which TWO of the following are core principles of information security?

Question 25mediummultiple choice
Read the full Security Principles explanation →

Refer to the exhibit. What action did the firewall take on the traffic from 10.0.1.15 to 10.0.2.10?

Exhibit

Refer to the exhibit.

syslog: 2025-03-15T10:23:45Z FW01 %SEC-6-IPACCESSLOGP: list 101 denied tcp 10.0.1.15(54321) -> 10.0.2.10(23), 1 packet
Question 26hardmultiple choice
Read the full Security Principles explanation →

A small e-commerce company hosts its web application on a single server with a public IP address. The server runs a Linux OS with Apache, MySQL, and PHP. The company recently experienced a data breach where an attacker gained access to the customer database. The investigation reveals that the attacker exploited a vulnerability in the PHP application to execute arbitrary commands. The server logs show that the attacker used an unauthenticated HTTP POST request to a legacy script that should have been removed. Additionally, the server had default firewall rules allowing all inbound traffic on ports 80 and 443. The company wants to prevent future breaches without redesigning the entire application. Which course of action is the most effective?

Question 27mediummultiple choice
Read the full Security Principles explanation →

A company's security policy requires that all data at rest be encrypted. Which of the following is the BEST approach to ensure compliance while maintaining performance?

Question 28easymultiple choice
Read the full Security Principles explanation →

A security administrator notices that an employee is able to access files in a project folder they should not have access to. Which security principle is being violated?

Question 29hardmultiple choice
Read the full Security Principles explanation →

A company is designing a new application that processes credit card payments. They want to ensure that no single administrator can bypass security controls to approve a fraudulent transaction. Which principle should be implemented?

Question 30easymultiple choice
Read the full Security Principles explanation →

An organization wants to ensure that data remains unaltered during transmission over the internet. Which security goal is being addressed?

Question 31mediummultiple choice
Read the full NAT/PAT explanation →

A security team is designing a network for a hospital. They need to ensure that patient data is accessible to doctors only when needed, but also protected from unauthorized access. Which principle BEST balances these requirements?

Question 32mediummultiple choice
Read the full Security Principles explanation →

A company's security policy mandates that all changes to the firewall configuration must be approved by two different administrators before implementation. This is an example of which security principle?

Question 33hardmultiple choice
Read the full Security Principles explanation →

An organization is implementing a new identity management system. They want to ensure that users can only access resources necessary for their job roles. Which principle should guide the access control design?

Question 34mediummulti select
Read the full Security Principles explanation →

Which TWO of the following are core components of the ISC2 Code of Ethics? (Choose two.)

Question 35hardmulti select
Read the full Security Principles explanation →

Which THREE of the following are recognized security control types according to ISC2? (Choose three.)

Question 36hardmultiple choice
Read the full VPN explanation →

A mid-sized financial services company has recently experienced a security incident where an attacker gained access to the internal network through a compromised VPN account. The account belonged to a remote employee who had been granted full network access. The company's security team is now reviewing their security principles to prevent a recurrence. The company has 500 employees, with 50 remote workers. They use a traditional perimeter-based firewall and VPN for remote access. The incident revealed that the compromised account had access to the entire internal network, including sensitive financial databases. The security team is considering implementing a new access control model. They have identified the following requirements: (1) Remote workers should only access specific applications necessary for their roles, (2) Access should be granted based on identity and device posture, (3) Network segmentation should be enforced regardless of location. Which of the following approaches BEST addresses these requirements?

Question 37easymultiple choice
Read the full Security Principles explanation →

A security analyst notices that a user's account has been used to access sensitive files outside of normal working hours from an unknown IP address. Which security principle is most directly violated?

Question 38mediumdrag order
Read the full Security Principles explanation →

Drag and drop the steps to perform a password reset on a Windows user account into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 39mediumdrag order
Read the full wireless explanation →

Drag and drop the steps to configure a wireless access point with WPA2-PSK security into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 40mediummatching
Read the full Security Principles explanation →

Match each type of malware to its primary behavior.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Attaches to files and spreads

Self-replicates without a host file

Disguised as legitimate software

Encrypts data for payment

Secretly monitors user activity

Question 41mediummatching
Read the full Security Principles explanation →

Match each security policy type to its focus.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Rules for using company assets

How long data is kept

Steps to restore IT after a disaster

Maintain operations during disruptions

Question 42easymultiple choice
Read the full Security Principles explanation →

A company requires employees to use biometric authentication to access the data center. This is an example of which security principle?

Question 43easymultiple choice
Read the full Security Principles explanation →

An organization implements a rule that an employee cannot approve their own expenses. This is an example of which security principle?

Question 44easymultiple choice
Read the full Security Principles explanation →

A security team configures a system to record all user activities for audit purposes. Which principle is being applied?

Question 45mediummultiple choice
Read the full Security Principles explanation →

After a ransomware attack, the company wants to ensure that critical data can be restored. Which principle is being addressed?

Question 46mediummultiple choice
Read the full Security Principles explanation →

An organization deploys firewalls at the network perimeter, antivirus on endpoints, and encryption for data at rest. This approach best exemplifies which security principle?

Question 47mediummultiple choice
Read the full Security Principles explanation →

A company wants to ensure that a message received was not altered in transit. Which principle is of primary concern?

Question 48hardmultiple choice
Read the full Security Principles explanation →

An organization's security policy requires that all access to sensitive data must be approved by a data owner. An administrator configures a system to enforce this. Which principle is being implemented?

Question 49hardmultiple choice
Read the full Security Principles explanation →

A company implements a policy that after an employee leaves, their account must be disabled within 24 hours. Which principle is this policy primarily intended to support?

Question 50hardmultiple choice
Read the full Security Principles explanation →

A security professional is evaluating a system that uses a trust model where every component authenticates to each other before communicating. Which security principle does this model exemplify?

Question 51easymulti select
Read the full Security Principles explanation →

Which TWO of the following are examples of security principles?

Question 52mediummulti select
Read the full Security Principles explanation →

Which TWO of the following are primary goals of the security principle of confidentiality?

Question 53hardmulti select
Read the full Security Principles explanation →

Which THREE of the following are considered essential security principles according to ISC2?

Question 54easymultiple choice
Read the full Security Principles explanation →

Refer to the exhibit. The security principle demonstrated by the default policy is:

Exhibit

iptables -P INPUT DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Question 55mediummultiple choice
Read the full Security Principles explanation →

Refer to the exhibit. Which security principle is this policy primarily enforcing?

Exhibit

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": "s3:GetObject",
         "Resource": "arn:aws:s3:::example-bucket/*",
         "Condition": {
            "IpAddress": {
               "aws:SourceIp": "192.168.1.0/24"
            }
         }
      }
   ]
}
Question 56hardmultiple choice
Read the full Security Principles explanation →

Refer to the exhibit. Which security principle is being supported by the logging of these events?

Exhibit

Mar 15 09:45:22 server sshd[1234]: Failed password for invalid user admin from 10.0.0.5 port 22 ssh2
Mar 15 09:45:23 server sshd[1235]: Failed password for invalid user admin from 10.0.0.5 port 22 ssh2
Mar 15 09:45:24 server sshd[1236]: Failed password for invalid user admin from 10.0.0.5 port 22 ssh2
Question 57easymultiple choice
Read the full Security Principles explanation →

A system administrator is configuring permissions for a new file server. To adhere to the principle of least privilege, which approach should the administrator take?

Question 58mediummultiple choice
Read the full NAT/PAT explanation →

An organization wants to implement defense in depth for its web application. Which combination of controls best illustrates this principle?

Question 59hardmultiple choice
Read the full Security Principles explanation →

A security incident report indicates that an employee used their access to view confidential records unrelated to their job. Which security principle was most likely violated?

Question 60easymultiple choice
Read the full Security Principles explanation →

Which control type is considered a physical security control?

Question 61mediummultiple choice
Read the full Security Principles explanation →

A security manager is designing a policy to prevent one person from both approving and disbursing payments. Which principle is being applied?

Question 62hardmultiple choice
Read the full Security Principles explanation →

After a security breach, investigators find that an attacker exploited a vulnerability in a publicly accessible application to gain access to internal databases. Which security principle would have most effectively limited the impact?

Question 63easymultiple choice
Read the full Security Principles explanation →

Which concept ensures that a user cannot deny having performed a specific action?

Question 64mediummultiple choice
Read the full Security Principles explanation →

A company's security policy requires that all sensitive data be encrypted both at rest and in transit. This is an example of applying which security principle?

Question 65hardmultiple choice
Read the full Security Principles explanation →

An organization implements a role-based access control (RBAC) system. To maintain the principle of least privilege, what should the administrator do when a user changes roles?

Question 66mediummulti select
Read the full Security Principles explanation →

Which TWO of the following are examples of administrative security controls? (Choose two.)

Question 67hardmulti select
Read the full Security Principles explanation →

Which TWO principles are essential for ensuring accountability in an information system? (Choose two.)

Question 68easymulti select
Read the full Security Principles explanation →

Which THREE are core components of the CIA triad? (Choose three.)

Question 69mediummultiple choice
Read the full Security Principles explanation →

Refer to the exhibit. ``` -rw-r-x--- 1 user1 developers 1024 Apr 12 10:00 config.cfg ``` The security policy states that only the file owner (user1) and members of the developers group should be able to read the file. Which change is necessary to align with the principle of least privilege?

Exhibit

Refer to the exhibit.
```
-rw-r-x--- 1 user1 developers 1024 Apr 12 10:00 config.cfg
```
The security policy states that only the file owner (user1) and members of the developers group should be able to read the file. Which change is necessary to align with the principle of least privilege?
Question 70hardmultiple choice
Read the full Security Principles explanation →

Refer to the exhibit. ```

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}

``` A security analyst reviews this AWS S3 bucket policy. The policy currently allows anyone to read objects. Which change would implement the principle of least privilege?

Exhibit

Refer to the exhibit.
```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*"
    }
  ]
}
```
A security analyst reviews this AWS S3 bucket policy. The policy currently allows anyone to read objects. Which change would implement the principle of least privilege?
Question 71easymultiple choice
Read the full Security Principles explanation →

Refer to the exhibit. ```

C:\> netstat -an | find "LISTENING"

TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 192.168.1.10:3389 0.0.0.0:0 LISTENING ``` A server administrator runs this command and sees the output. Which service is listening on a port that should typically be disabled to reduce the attack surface?

Exhibit

Refer to the exhibit.
```
C:\> netstat -an | find "LISTENING"
  TCP    0.0.0.0:80     0.0.0.0:0    LISTENING
  TCP    0.0.0.0:443    0.0.0.0:0    LISTENING
  TCP    192.168.1.10:3389  0.0.0.0:0    LISTENING
```
A server administrator runs this command and sees the output. Which service is listening on a port that should typically be disabled to reduce the attack surface?
Question 72easymultiple choice
Read the full Security Principles explanation →

A company implements a policy that requires two employees to approve any financial transaction over $10,000. Which security principle is being applied?

Question 73easymultiple choice
Read the full Security Principles explanation →

A security analyst notices that a user has been granted access to files beyond their job function. Which principle is violated?

Question 74easymultiple choice
Read the full Security Principles explanation →

A company uses encryption to protect data at rest and in transit. This primarily addresses which aspect of the CIA triad?

Question 75mediummultiple choice
Read the full Security Principles explanation →

During a security audit, it is discovered that a single administrator can create user accounts, assign privileges, and review audit logs. Which principle is most likely being violated?

Question 76mediummultiple choice
Read the full Security Principles explanation →

A company experiences a ransomware attack that encrypts all files on a server. Which security control would MOST effectively allow recovery without paying the ransom?

Question 77mediummultiple choice
Read the full Security Principles explanation →

A security policy requires that all changes to a production system go through a formal change management process with approval from a change control board. This is an example of which security principle?

Question 78hardmultiple choice
Read the full Security Principles explanation →

A security architect is designing a system that must ensure that a sender cannot later deny having sent a message. Which cryptographic mechanism should be implemented?

Question 79hardmultiple choice
Read the full Security Principles explanation →

An organization wants to implement a policy where employees must use a smart card and a PIN to access sensitive data. This is an example of:

Question 80hardmultiple choice
Read the full Security Principles explanation →

A company's security policy states that sensitive data must be encrypted using AES-256. During an audit, it is found that some data is encrypted with AES-128. Which security objective is most directly compromised?

Question 81easymulti select
Read the full Security Principles explanation →

Which THREE of the following are considered fundamental security principles? (Select three).

Question 82mediummulti select
Read the full Security Principles explanation →

Which TWO of the following are methods to ensure non-repudiation? (Select two).

Question 83hardmulti select
Read the full Security Principles explanation →

Which THREE of the following are valid security control categories based on function? (Select three).

Question 84easymultiple choice
Read the full Security Principles explanation →

Refer to the exhibit. Which security control is MOST likely triggered?

Exhibit

Error log:
[2024-03-15 10:23:45] User 'jsmith' failed authentication from IP 192.168.1.50
[2024-03-15 10:23:47] User 'jsmith' failed authentication from IP 192.168.1.50
[2024-03-15 10:23:49] User 'jsmith' failed authentication from IP 192.168.1.50
[2024-03-15 10:23:51] User 'jsmith' account locked due to multiple failed attempts.
Question 85mediummultiple choice
Study the full ACL explanation →

Refer to the exhibit. What is the effect of this ACL?

Exhibit

Firewall configuration snippet:
access-list 101 permit tcp any host 10.0.1.100 eq 80
access-list 101 permit tcp any host 10.0.1.100 eq 443
access-list 101 deny ip any any log
Question 86hardmultiple choice
Read the full Security Principles explanation →

Refer to the exhibit. A user from IP 10.0.1.5 attempts to download an object from example-bucket. What will happen?

Exhibit

JSON policy snippet:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/16"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.1.0/24"
        }
      }
    }
  ]
}
Question 87easymultiple choice
Read the full Security Principles explanation →

A company wants to implement a security control that ensures users are who they claim to be before granting access to a system. Which type of control should they prioritize?

Question 88easymultiple choice
Read the full Security Principles explanation →

An organization is developing a security policy that defines the rules for acceptable use of company resources. Which principle should guide the creation of this policy to ensure it is enforceable and effective?

Question 89easymultiple choice
Read the full Security Principles explanation →

A security analyst discovers that an employee shared their password with a colleague to complete a task. Which security principle has been violated?

Question 90mediummultiple choice
Read the full Security Principles explanation →

A company experiences a data breach where customer PII was exfiltrated. The incident response team contains the breach and restores systems. Which step in the risk management process should the company prioritize next to prevent recurrence?

Question 91mediummultiple choice
Read the full Security Principles explanation →

A security architect is designing access controls for a new application. The requirement is that only managers can approve expense reports above $10,000. Which control model best fits this requirement?

Question 92mediummultiple choice
Read the full Security Principles explanation →

A network administrator needs to ensure that sensitive financial data remains confidential while in transit over the internet. Which technology should they implement?

Question 93hardmultiple choice
Read the full Security Principles explanation →

A financial institution requires that no single employee can both initiate and approve a wire transfer. This policy enforces which security principle?

Question 94hardmultiple choice
Read the full Security Principles explanation →

An organization is designing a security architecture for a cloud-based application. They implement firewalls, intrusion detection systems, and encryption, and also conduct regular security awareness training. This approach demonstrates which security principle?

Question 95hardmultiple choice
Read the full Security Principles explanation →

A software developer is designing a web application that will store user credentials. What is the most secure method for storing passwords?

Question 96easymulti select
Read the full Security Principles explanation →

Which TWO of the following are core components of the CIA triad?

Question 97mediummulti select
Read the full Security Principles explanation →

Which THREE of the following are recognized security principles according to NIST and ISC2?

Question 98hardmulti select
Read the full Security Principles explanation →

Which THREE of the following are acceptable risk treatment options according to NIST risk management framework?

Question 99mediummultiple choice
Read the full Security Principles explanation →

An AWS administrator attached this IAM policy to a user. What is the effect of this policy?

Exhibit

Refer to the exhibit.
```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "s3:DeleteBucket",
      "Resource": "arn:aws:s3:::critical-data"
    }
  ]
}
```
Question 100hardmultiple choice
Read the full Security Principles explanation →

A system administrator runs `iptables -L INPUT` and sees this rule. What is the immediate effect on the system?

Exhibit

Refer to the exhibit.
```
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW
```
Question 101hardmultiple choice
Read the full Security Principles explanation →

A security analyst reviews this firewall log entry. What type of activity is most likely being attempted?

Exhibit

Refer to the exhibit.
```
Jul 15 09:32:17 firewall kernel: [429493.77] IN=eth0 OUT= MAC=00:1a:2b:3c:4d:5e:00:11:22:33:44:55:08:00 SRC=203.0.113.5 DST=198.51.100.20 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=54321 PROTO=TCP SPT=44523 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0
```
Question 102easymultiple choice
Read the full Security Principles explanation →

A security administrator needs to ensure that only authorized personnel can access the server room. Which physical control is most appropriate?

Question 103easymultiple choice
Read the full NAT/PAT explanation →

An organization's security policy mandates that data must be encrypted both at rest and in transit. Which combination of controls meets this requirement?

Question 104mediummultiple choice
Read the full Security Principles explanation →

During a security audit, you discover that a financial application stores passwords using MD5 hashing without salt. What is the primary security concern with this practice?

Question 105mediummultiple choice
Read the full Security Principles explanation →

You are designing a backup strategy for a critical database. The business requires that in the event of a failure, data loss must not exceed 15 minutes. Which metric primarily addresses this requirement?

Question 106hardmultiple choice
Read the full Security Principles explanation →

A system administrator configured the sudoers file as shown. What is the primary security risk of this configuration?

Exhibit

Refer to the exhibit.

```
$ cat /etc/sudoers.d/admin
%admin ALL=(ALL) ALL
Defaults:admin !authenticate
```
Question 107easymultiple choice
Read the full Security Principles explanation →

A company's security policy requires that employees must change their passwords every 90 days and passwords must be at least 12 characters. Which security principle is being enforced?

Question 108mediummultiple choice
Read the full Security Principles explanation →

During a forensic investigation, it is crucial to preserve the original evidence. What is the first step the investigator should take when acquiring a hard drive?

Question 109mediummultiple choice
Read the full Security Principles explanation →

A security analyst observes the log entries on an SSH server as shown. What is the most likely type of attack in progress?

Exhibit

Refer to the exhibit.

```
Aug 12 14:23:45 server sshd[12345]: Failed password for root from 10.0.0.99 port 54321 ssh2
Aug 12 14:23:46 server sshd[12345]: Failed password for root from 10.0.0.99 port 54321 ssh2
Aug 12 14:23:47 server sshd[12345]: Failed password for root from 10.0.0.99 port 54321 ssh2
Aug 12 14:23:48 server sshd[12345]: Failed password for root from 10.0.0.99 port 54321 ssh2
```
Question 110hardmultiple choice
Read the full Security Principles explanation →

You are implementing a security control to prevent unauthorized devices from connecting to the corporate wired network. Which network access control method should be used?

Question 111easymulti select
Read the full Security Principles explanation →

Which TWO of the following are examples of administrative security controls?

Question 112mediummulti select
Read the full Security Principles explanation →

Which THREE of the following are core principles of the CIA triad?

Question 113hardmulti select
Read the full Security Principles explanation →

Which TWO of the following are best practices for implementing the principle of least privilege?

Question 114hardmultiple choice
Read the full Security Principles explanation →

A cloud security engineer reviews the following S3 bucket policy. What is the primary security risk?

Network Topology
$ aws s3api get-bucket-policybucket my-company-dataRefer to the exhibit.```"Version": "2012-10-17","Statement": ["Effect": "Allow","Principal": "*","Action": "s3:GetObject","Resource": "arn:aws:s3:::my-company-data/*"
Question 115easymultiple choice
Study the full ACL explanation →

A network administrator configures the ACL on a router as shown. What is the effect of this access list?

Exhibit

Refer to the exhibit.

```
interface GigabitEthernet0/1
 ip access-group BLOCK_TELNET in
!
ip access-list extended BLOCK_TELNET
 deny tcp any any eq 23
 permit ip any any
```
Question 116hardmultiple choice
Read the full Security Principles explanation →

A security team discovers that an internal database server is sending large amounts of data to an unknown external IP address. The server is not supposed to communicate externally. Which security control should be implemented to prevent such data exfiltration?

Question 117easymultiple choice
Read the full Security Principles explanation →

A security administrator needs to ensure that a user cannot view the contents of a file but can execute it. Which access control principle should be applied?

Question 118mediummultiple choice
Read the full Security Principles explanation →

A company deploys a web application that stores user passwords using a salted hash. During a security review, an auditor recommends switching from SHA-1 to SHA-256. What is the primary security benefit of this change?

Question 119hardmultiple choice
Read the full Security Principles explanation →

A security analyst discovers that an organization's firewall rule set allows all inbound traffic on TCP port 443 from any source to a single web server. Additionally, the server has a known critical vulnerability in its TLS implementation. Which principle of security architecture is most directly violated by this configuration?

Question 120easymultiple choice
Read the full Security Principles explanation →

A system administrator must grant a help desk technician the ability to reset user passwords but not change user roles. Which security principle does this scenario enforce?

Question 121mediummultiple choice
Read the full Security Principles explanation →

A security engineer is designing a backup strategy for a critical database. The database must be recoverable within four hours in the event of a failure. Which security principle primarily drives this requirement?

Question 122hardmultiple choice
Read the full Security Principles explanation →

During an incident response, a forensics analyst captures a memory dump from a compromised server. The analyst needs to ensure the dump is not altered during analysis. Which practice best maintains integrity?

Question 123easymultiple choice
Read the full Security Principles explanation →

An organization requires that two different administrators approve changes to firewall rules. This is an example of which security principle?

Question 124mediummultiple choice
Read the full Security Principles explanation →

A company's security policy states that all sensitive data must be encrypted both at rest and in transit. Which threat model does this control primarily address?

Question 125hardmultiple choice
Read the full Security Principles explanation →

A security architect is evaluating a biometric authentication system. The system's false positive rate is 0.1%, and the false negative rate is 2%. Which security principle is most compromised if the organization prioritizes user convenience over security?

Question 126easymulti select
Read the full Security Principles explanation →

Which TWO of the following are core principles of the CIA triad?

Question 127mediummulti select
Read the full Security Principles explanation →

Which TWO of the following controls are examples of defense in depth?

Question 128hardmulti select
Read the full Security Principles explanation →

Which THREE of the following are considered methods to ensure accountability in a system?

Question 129easymultiple choice
Read the full Security Principles explanation →

The exhibit shows the current iptables rules. Which security principle is most clearly enforced by the default policy?

Network Topology
0 0 ACCEPT alllo * 0.0.0.0/0100 5000 ACCEPT tcp50 2500 DROP tcpRefer to the exhibit.```
Question 130mediummultiple choice
Read the full Security Principles explanation →

The exhibit shows an AWS S3 bucket policy. What is the net effect for a user with IP 10.1.1.1 trying to read the object 'executive/salary.xlsx'?

Exhibit

Refer to the exhibit.
```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::corporate-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/8"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::corporate-bucket/executive/*"
    }
  ]
}
```
Question 131hardmultiple choice
Read the full Security Principles explanation →

The exhibit shows a snippet of /var/log/auth.log on a Linux server. Which security principle is most likely violated if the failed attempts continue without action?

Exhibit

Refer to the exhibit.
```
May 12 10:00:00 server sshd[1234]: Failed password for root from 192.168.1.10 port 22 ssh2
May 12 10:00:05 server sshd[1234]: Failed password for root from 192.168.1.10 port 22 ssh2
May 12 10:00:10 server sshd[1234]: Failed password for root from 192.168.1.10 port 22 ssh2
May 12 10:00:15 server sshd[1235]: Accepted password for admin from 10.0.0.5 port 22 ssh2
```
Question 132easymultiple choice
Read the full Security Principles explanation →

A small business wants to protect its customer data by ensuring that only employees who need access to perform their jobs can view it. Which security principle is being applied?

Question 133easymultiple choice
Read the full Security Principles explanation →

A security administrator notices that a user's account has been used to access sensitive files at unusual hours. Which security principle would most effectively help detect this type of activity?

Question 134mediummultiple choice
Read the full Security Principles explanation →

A company implements two-factor authentication (2FA) for all remote access. Which primary security goal is this enhancing?

Question 135mediummultiple choice
Read the full Security Principles explanation →

During a security audit, it is discovered that a single employee can approve purchase orders and also receive the goods. Which security principle is being violated?

Question 136hardmultiple choice
Read the full Security Principles explanation →

A company's security policy requires that all sensitive data be encrypted at rest and in transit. However, a recent breach occurred because an attacker exploited a misconfigured web server that exposed a database directly. Which principle was most lacking in this scenario?

Question 137hardmultiple choice
Read the full Security Principles explanation →

A security engineer is designing a system that must ensure that any changes to a configuration file are logged with the identity of the person who made the change. Which principle is being implemented?

Question 138easymultiple choice
Read the full Security Principles explanation →

An organization decides to implement multiple security controls, including firewalls, intrusion detection systems, and antivirus software. Which security principle does this represent?

Question 139mediummultiple choice
Read the full Security Principles explanation →

A company implements role-based access control (RBAC) to ensure users have only the permissions necessary for their job roles. This is an example of:

Question 140hardmultiple choice
Read the full Security Principles explanation →

A system administrator accidentally grants a user full administrative rights instead of read-only. Which control would best detect this error?

Question 141easymulti select
Read the full Security Principles explanation →

Which TWO of the following are examples of preventive security controls?

Question 142mediummulti select
Read the full Security Principles explanation →

A security policy requires that all changes to production systems be approved by a change management board. Which THREE of the following principles best support this requirement?

Question 143hardmulti select
Read the full Security Principles explanation →

When designing a secure network, which TWO of the following are fundamental security principles that should be applied?

Question 144easymultiple choice
Read the full Security Principles explanation →

A small financial firm has a single server that hosts a critical database and also runs a web application. The server is located in a closet with a simple lock. An intern accidentally left the closet door open, and an unauthorized person gained physical access, connected a laptop to the server, and copied the database. The company wants to prevent such incidents in the future. Which of the following is the most effective course of action?

Question 145mediummultiple choice
Read the full VPN explanation →

A healthcare organization uses a legacy application that stores patient records in plain text. The IT team is planning to upgrade the system but needs to ensure compliance with HIPAA. The new system will be hosted on-premises and accessed by doctors and nurses via a web portal. The security team proposes implementing a VPN for remote access, but the CEO wants to allow access from any device without VPN for convenience. Which principle should guide the decision?

Question 146hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation has a policy that all sensitive emails must be digitally signed and encrypted. However, during a recent internal audit, it was discovered that many employees were not using digital signatures because the process was cumbersome. As a result, the company could not prove that certain emails were actually sent by the claimed sender. The security team needs to improve compliance without sacrificing security. Which of the following is the best approach?

Question 147mediummultiple choice
Study the full ACL explanation →

A company is designing a secure network architecture for its new headquarters. The security team proposes implementing multiple layers of security controls, including firewalls, intrusion detection systems, and access control lists. Which security principle is being primarily applied?

Question 148easymulti select
Read the full Security Principles explanation →

Which TWO of the following are fundamental principles of information security that form the CIA triad?

Question 149hardmulti select
Read the full Security Principles explanation →

Which TWO of the following are examples of implementing the principle of least privilege?

Question 150mediummulti select
Read the full Security Principles explanation →

Which THREE of the following are key objectives of a security risk management program?

Question 151hardmultiple choice
Read the full VPN explanation →

You are a security analyst at a mid-sized financial firm. The company has a policy that all remote access must be secured using a VPN. Recently, an employee reported that they were able to connect to the internal network from a coffee shop without using the VPN client. The employee accidentally left the client running but it was not authenticating. Upon investigation, you find that the network administrator had configured a rule on the firewall to allow RDP traffic from any public IP to a specific internal server for maintenance purposes. The rule was supposed to be temporary but was never removed. The server contains sensitive customer data. The incident has been reported to management. Which of the following is the most immediate corrective action you should take?

Question 152mediummultiple choice
Read the full NAT/PAT explanation →

You are the IT security officer for a hospital that handles protected health information (PHI). The hospital uses an electronic health record (EHR) system. You receive a report that a nurse accessed the medical records of a celebrity patient without a legitimate medical reason. The access was logged. The hospital policy requires all employees to access only the minimum necessary information for their job duties. The nurse claims they were just curious. This is a violation of which security principle, and what is the best course of action?

Question 153easymultiple choice
Read the full Security Principles explanation →

A small business owner wants to ensure that their company's data remains accurate and unaltered during transmission over the internet. They regularly send financial reports to their accountant via email. The owner is concerned that a hacker might intercept and modify the reports before they reach the accountant. Which security principle is most directly threatened in this scenario, and what is the best technical control to implement?

Question 154mediummultiple choice
Read the full Security Principles explanation →

Your organization is implementing a new access control system to protect a highly sensitive research database. The security policy mandates that no single individual should have the ability to both approve and execute changes to the database. This is to prevent fraud and errors. Which security principle does this policy enforce, and which of the following best implements it?

Question 155hardmultiple choice
Read the full Security Principles explanation →

A company has implemented a role-based access control (RBAC) system. A new employee in the finance department is granted the 'Finance User' role, which allows them to view invoices but not create payments. However, after a system upgrade, it is discovered that the 'Finance User' role now includes the ability to create payments due to a misconfiguration. The employee did not request this additional privilege and has not exploited it. The security team is notified. Which principle has been violated, and what is the most appropriate immediate action?

Question 156easymultiple choice
Read the full NAT/PAT explanation →

A government agency stores classified documents on a secure server. The server is connected to the internet, but access is restricted using a firewall and requires two-factor authentication. An auditor discovers that the server's operating system has not been patched for over a year, making it vulnerable to remote code execution attacks. Which security principle is most directly compromised by this missing patch, and what is the best corrective action?

Question 157mediummultiple choice
Read the full Security Principles explanation →

A company's security policy requires that all employees use strong passwords and change them every 90 days. An employee writes their password on a sticky note and attaches it to their monitor. Another employee sees it and uses it to log into the first employee's account to send a fake email. The security team is conducting a post-incident review. Which security principle failed, and what is the most effective long-term solution to prevent this type of incident?

Question 158hardmultiple choice
Read the full Security Principles explanation →

A financial institution is implementing a new transaction approval process. The process requires that for any transaction over $10,000, two managers must approve: one from the sales department and one from the finance department. However, due to a system configuration error, a single manager can approve the entire transaction if they are logged in from a specific IP address. This error is discovered during a routine audit. Which security principle has been circumvented, and what is the best remediation?

Question 159easymultiple choice
Read the full NAT/PAT explanation →

A healthcare organization uses smart cards and PINs to control access to patient records. An employee loses their smart card and reports it immediately. The security administrator revokes the lost smart card. However, the next day, someone attempts to use the lost smart card at a different facility, and the access is denied because the card was revoked. Which security principle is demonstrated by the fact that access was denied?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

ISC2 CC Practice Test 1 — 10 Questions→ISC2 CC Practice Test 2 — 10 Questions→ISC2 CC Practice Test 3 — 10 Questions→ISC2 CC Practice Test 4 — 10 Questions→ISC2 CC Practice Test 5 — 10 Questions→ISC2 CC Practice Exam 1 — 20 Questions→ISC2 CC Practice Exam 2 — 20 Questions→ISC2 CC Practice Exam 3 — 20 Questions→ISC2 CC Practice Exam 4 — 20 Questions→Free ISC2 CC Practice Test 1 — 30 Questions→Free ISC2 CC Practice Test 2 — 30 Questions→Free ISC2 CC Practice Test 3 — 30 Questions→ISC2 CC Practice Questions 1 — 50 Questions→ISC2 CC Practice Questions 2 — 50 Questions→ISC2 CC Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Access Controls ConceptsBusiness Continuity, DR & Incident ResponseSecurity PrinciplesNetwork SecuritySecurity Operations

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Security Principles setsAll Security Principles questionsISC2 CC Practice Hub