Back to ISC2 Certified in Cybersecurity CC questions

Scenario-based practice

Select Two (Multi-Select) Questions

Practise ISC2 Certified in Cybersecurity CC practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

20
scenario questions
CC
exam code
ISC2
vendor

Scenario guide

How to approach select two (multi-select) questions

Multi-select questions tell you to 'Choose TWO' or 'Choose THREE'. Getting partial credit is not a thing — you must select all correct answers with no incorrect ones. The stem always states how many to choose, so trust it. These questions require precision, not best-guess elimination.

Quick answer

Select Two (Multi-Select) Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related CC topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1hardmulti select
Study the full AAA explanation →

A security administrator is reviewing the principles of access control. Which TWO of the following are core components of the AAA framework? (Select TWO.)

Question 2hardmulti select
Full question →

Which TWO of the following are primary objectives of an incident response plan? (Choose two.)

Question 3easymulti select
Full question →

A network security team is implementing a defense-in-depth strategy. Which TWO of the following controls are examples of network segmentation? (Choose two.)

Question 4hardmulti select
Read the full NAT/PAT explanation →

A SOC analyst is investigating an incident where an employee's workstation was compromised via a phishing email. The analyst has captured the following indicators: the email originated from a known malicious domain, the attachment was a macro-enabled document, and the macro executed a PowerShell command that downloaded a payload from a remote server. Which TWO actions should the analyst take immediately as part of the incident response process? (Choose two.)

Question 5mediummulti select
Full question →

Which TWO are characteristics of Role-Based Access Control (RBAC)?

Question 6mediummulti select
Full question →

Which TWO of the following are core components of the ISC2 Code of Ethics? (Choose two.)

Question 7hardmulti select
Full question →

Which THREE of the following are recognized security control types according to ISC2? (Choose three.)

Question 8hardmulti select
Full question →

Which THREE are valid methods for authenticating a user in an access control system?

Question 9hardmulti select
Full question →

Which THREE of the following are characteristics of a stateful firewall? (Select exactly three.)

Question 10mediummulti select
Full question →

Which THREE of the following are examples of the principle of least privilege? (Select THREE.)

Question 11mediummulti select
Full question →

Which THREE elements are essential components of a business continuity plan (BCP)?

Question 12mediummulti select
Full question →

Which TWO of the following are core principles of information security?

Question 13hardmulti select
Full question →

Which TWO actions are appropriate during the identification phase of incident response?

Question 14easymulti select
Full question →

Which TWO of the following are types of security controls used in defense in depth? (Select TWO.)

Question 15mediummulti select
Full question →

Which TWO of the following are common indicators of a phishing email? (Select TWO.)

Question 16mediummulti select
Full question →

Which TWO scenarios best illustrate the principle of least privilege?

Question 17mediummulti select
Full question →

Which TWO are true about a differential backup? (Select two.)

Question 18mediummulti select
Full question →

Which TWO are key components of an effective incident response plan? (Select TWO.)

Question 19hardmulti select
Full question →

In incident response, which TWO are considered volatile data that should be collected first? (Select exactly 2.)

Question 20mediummulti select
Full question →

Which THREE are commonly defined in a disaster recovery plan? (Select exactly 3.)

These CC practice questions are part of Courseiva's free ISC2 certification practice question bank. Courseiva provides original exam-style CC questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.