Pass the ISC ISC certification CC Questions and answers with CertsForce

At Layer 3 (Network Layer), data is encapsulated intopacketsfor routing across networks.

BCP is anorganization-wide responsibility. While IT plays a key role, BCP requires participation from all business units, leadership, HR, facilities, and external partners.

ATrojanis a direct form of malware that disguises itself as legitimate software to perform malicious actions.

Network Access Control (NAC) enforces policies that determine whether devices can connect to a network based on posture, identity, and compliance.

The purpose of multi-factor authentication (MFA) in Identity and Access Management (IAM) is to strengthen authentication by requiring users to present two or more independent factors from different categories: something you know, something you have, or something you are. This layered approach significantly reduces the risk of unauthorized access, even if one factor—such as a password—is compromised.

MFA addresses common attack techniques such as phishing, credential stuffing, and brute-force attacks. For example, even if an attacker steals a user’s password, they would still need access to the user’s hardware token or biometric factor to authenticate successfully.

MFA does not simplify access, remove authentication, or grant unrestricted access. Instead, it deliberately increases verification requirements to improve security. NIST SP 800-63 and other security frameworks strongly recommend MFA for privileged accounts, remote access, and cloud services because of its proven effectiveness in preventing account compromise.

SSDs do not reliably respond to overwriting or degaussing due to wear-leveling. Physical destruction such as disintegration is the most secure sanitization method, per NIST SP 800-88.

Internal consistency ensures that all copies of data remain identical in content and meaning.

In information security, privacy refers to protecting personal and sensitive information from unauthorized access, use, or disclosure. Privacy focuses specifically on data related to individuals, such as PII, and ensuring it is handled according to legal, ethical, and regulatory requirements.

While privacy is closely related to confidentiality, it places greater emphasis on individual rights and consent. Ensuring privacy means limiting access to personal data and preventing misuse.

Integrity and availability address different aspects of the CIA triad, while option D is incomplete and incorrect. Security frameworks treat privacy as a critical objective, especially in environments handling personal data.

Private or ephemeral ports (49152–65535) are dynamically assigned to client applications for temporary communication sessions.

BCPs should be testedroutinely(e.g., tabletop, simulations) to ensure readiness and relevance.