Pass the ISC ISC certification CC Questions and answers with CertsForce

DNS primarily usesport 53over UDP and TCP for name resolution.

Secure Shell (SSH) is the secure alternative to Telnet. Telnet transmits data, including credentials, in clear text, making it vulnerable to interception. SSH encrypts all communications, providing confidentiality, integrity, and authentication.

HTTPS secures web traffic, SFTP is used for file transfer, and LDAPS secures directory services—not remote terminal access. SSH is the industry-standard replacement for Telnet.

The primary purpose of multi-factor authentication (MFA) is to add additional layers of security to user authentication by requiring more than one authentication factor. These factors typically include something you know, something you have, and something you are.

MFA significantly reduces the risk of unauthorized access, even if one factor—such as a password—is compromised. Attackers would still need access to the additional factors to authenticate successfully.

While MFA can help reduce the likelihood of breaches, it does not directly prevent malware or ensure data integrity. Its focus is on strengthening identity verification.

NIST, CIS, and other security frameworks strongly recommend MFA, particularly for remote access, privileged accounts, and cloud environments, due to its proven effectiveness in preventing account compromise.

VLAN hopping exploits weaknesses in Layer 2 switching mechanisms such as trunking and tagging.

Disaster Recovery Planning focuses specifically on restoring IT infrastructure, systems, and communications.

Modern firewalls operate at Layers 3, 4, and 7, supporting packet filtering, stateful inspection, and application-layer filtering.

Policies created by leadership to define acceptable behavior and usage areadministrative (management) controls. They guide organizational behavior, define responsibilities, and establish governance expectations.

Technical controls enforce policies, while physical controls protect facilities. This scenario clearly describes governance and oversight, making it an administrative control.

Two-factor authentication (2FA) requires users to verify their identity usingtwo independent authentication factorsfrom different categories, such as something you know and something you have.

The purpose of 2FA is to strengthen authentication security and reduce the risk of unauthorized access. Even if one factor is compromised, the attacker cannot authenticate without the second factor.

2FA is a subset of multi-factor authentication and is strongly recommended by modern security standards, particularly for remote access, cloud services, and privileged accounts.

Theprimary purpose of security trainingis to reduce the likelihood and impact of attacks—especially human-centric threats such as phishing, social engineering, and credential theft. While training may also support compliance and efficiency, its most critical role is risk reduction.

Humans are often the weakest link in security. Awareness training helps users recognize threats, follow secure practices, and respond appropriately to suspicious activity, significantly lowering the organization’s attack surface.

Website spoofing involves impersonating legitimate sites to deceive users. Phishing often uses spoofed sites but is the broader attack method.