ISC2 CC Security Principles • Complete Question Bank
Complete ISC2 CC Security Principles question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` Oct 15 10:23:45 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 Oct 15 10:23:46 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 Oct 15 10:23:47 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 Oct 15 10:23:48 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 Oct 15 10:23:49 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2 ```
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucket1/*",
"Condition": {
"IpAddress": {"aws:SourceIp": "10.0.0.0/24"}
}
},
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket2/*"
}
]
}
```Refer to the exhibit. ``` User: jdoe Groups: Domain Users, VPN Users, HR-Read Effective Permissions on \\server\HRDocs: - Read - Write (inherited from HR-Read group) - Deny Delete ```
Refer to the exhibit. syslog: 2025-03-15T10:23:45Z FW01 %SEC-6-IPACCESSLOGP: list 101 denied tcp 10.0.1.15(54321) -> 10.0.2.10(23), 1 packet
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Attaches to files and spreads
Self-replicates without a host file
Disguised as legitimate software
Encrypts data for payment
Secretly monitors user activity
Drag a concept onto its matching description — or click a concept then click the description.
Rules for using company assets
How long data is kept
Steps to restore IT after a disaster
Maintain operations during disruptions
iptables -P INPUT DROP iptables -A INPUT -p tcp --dport 22 -j ACCEPT
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "192.168.1.0/24"
}
}
}
]
}Mar 15 09:45:22 server sshd[1234]: Failed password for invalid user admin from 10.0.0.5 port 22 ssh2 Mar 15 09:45:23 server sshd[1235]: Failed password for invalid user admin from 10.0.0.5 port 22 ssh2 Mar 15 09:45:24 server sshd[1236]: Failed password for invalid user admin from 10.0.0.5 port 22 ssh2
Refer to the exhibit. ``` -rw-r-x--- 1 user1 developers 1024 Apr 12 10:00 config.cfg ``` The security policy states that only the file owner (user1) and members of the developers group should be able to read the file. Which change is necessary to align with the principle of least privilege?
Refer to the exhibit. ```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}``` A security analyst reviews this AWS S3 bucket policy. The policy currently allows anyone to read objects. Which change would implement the principle of least privilege?
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}
```
A security analyst reviews this AWS S3 bucket policy. The policy currently allows anyone to read objects. Which change would implement the principle of least privilege?Refer to the exhibit. ```
C:\> netstat -an | find "LISTENING"
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 192.168.1.10:3389 0.0.0.0:0 LISTENING ``` A server administrator runs this command and sees the output. Which service is listening on a port that should typically be disabled to reduce the attack surface?
Refer to the exhibit. ``` C:\> netstat -an | find "LISTENING" TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 192.168.1.10:3389 0.0.0.0:0 LISTENING ``` A server administrator runs this command and sees the output. Which service is listening on a port that should typically be disabled to reduce the attack surface?
Error log: [2024-03-15 10:23:45] User 'jsmith' failed authentication from IP 192.168.1.50 [2024-03-15 10:23:47] User 'jsmith' failed authentication from IP 192.168.1.50 [2024-03-15 10:23:49] User 'jsmith' failed authentication from IP 192.168.1.50 [2024-03-15 10:23:51] User 'jsmith' account locked due to multiple failed attempts.
Firewall configuration snippet: access-list 101 permit tcp any host 10.0.1.100 eq 80 access-list 101 permit tcp any host 10.0.1.100 eq 443 access-list 101 deny ip any any log
JSON policy snippet:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/16"
}
}
},
{
"Effect": "Deny",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.1.0/24"
}
}
}
]
}Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "s3:DeleteBucket",
"Resource": "arn:aws:s3:::critical-data"
}
]
}
```Refer to the exhibit. ``` Chain INPUT (policy ACCEPT) target prot opt source destination DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW ```
Refer to the exhibit. ``` Jul 15 09:32:17 firewall kernel: [429493.77] IN=eth0 OUT= MAC=00:1a:2b:3c:4d:5e:00:11:22:33:44:55:08:00 SRC=203.0.113.5 DST=198.51.100.20 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=54321 PROTO=TCP SPT=44523 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ```
Refer to the exhibit. ``` $ cat /etc/sudoers.d/admin %admin ALL=(ALL) ALL Defaults:admin !authenticate ```
Refer to the exhibit. ``` Aug 12 14:23:45 server sshd[12345]: Failed password for root from 10.0.0.99 port 54321 ssh2 Aug 12 14:23:46 server sshd[12345]: Failed password for root from 10.0.0.99 port 54321 ssh2 Aug 12 14:23:47 server sshd[12345]: Failed password for root from 10.0.0.99 port 54321 ssh2 Aug 12 14:23:48 server sshd[12345]: Failed password for root from 10.0.0.99 port 54321 ssh2 ```
Refer to the exhibit. ``` interface GigabitEthernet0/1 ip access-group BLOCK_TELNET in ! ip access-list extended BLOCK_TELNET deny tcp any any eq 23 permit ip any any ```
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::corporate-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
},
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": "arn:aws:s3:::corporate-bucket/executive/*"
}
]
}
```Refer to the exhibit. ``` May 12 10:00:00 server sshd[1234]: Failed password for root from 192.168.1.10 port 22 ssh2 May 12 10:00:05 server sshd[1234]: Failed password for root from 192.168.1.10 port 22 ssh2 May 12 10:00:10 server sshd[1234]: Failed password for root from 192.168.1.10 port 22 ssh2 May 12 10:00:15 server sshd[1235]: Accepted password for admin from 10.0.0.5 port 22 ssh2 ```