Security Operations
Drill 20 practice questions focused entirely on Security Operations for the ISC2 CC exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A system administrator built all company web servers from a documented secure baseline last year. During a recent review, several servers were found running services and settings that no longer match that baseline, even though no approved changes were recorded. What is the BEST way to describe and address this situation?
Two companies that have never exchanged keys before want to begin sending encrypted messages to each other over the internet. They need a way for each party to share a value that lets the other encrypt data without ever transmitting a secret key that an eavesdropper could capture. Which type of cryptography is designed to solve this problem?
A new employee is going through onboarding and receives a document that outlines what activities are permitted when using the company's computers, email, and internet connection, along with the consequences for misuse. Which type of policy is the employee reviewing?
A company allows employees to use their own smartphones and tablets to access corporate email and applications. Management is concerned about protecting company data on these personal devices. Which policy should the organization implement to define the security requirements and responsibilities for using personally owned devices for work?
A critical vulnerability is being actively exploited, and the security team must deploy an emergency patch to production servers outside the normal maintenance window. According to sound change management practice, what should the team do to remain compliant while acting quickly?
A company's security team notices that sensitive printed documents are frequently left on desks overnight, and unlocked workstations often display confidential information. Which best-practice security policy should the team implement to directly address both issues?
A security analyst maintains a documented list of all approved hardware and software assets connected to the corporate network. During a routine review, the analyst compares a network scan against this list and discovers three devices that are not recorded anywhere. Which configuration management practice made this discovery possible?
A company is rolling out a new data governance program. Before staff can determine which storage, encryption, and sharing rules apply to a given file, what must first be assigned to that data?
A company stores customer records in a cloud provider's encrypted storage service. When a contract ends, the company must ensure the data is unrecoverable, but it has no physical access to the provider's drives, which are shared with other tenants. Which secure destruction method is most appropriate in this situation?
A company recently completed classifying all of its data into categories such as Public, Internal, and Confidential. A security analyst notices that employees still routinely email Confidential files without encryption because they cannot tell which files are sensitive. Which action would MOST directly address this problem?
A company is retiring a batch of solid-state drives (SSDs) that stored confidential customer data. A technician plans to run a strong magnetic degausser over the drives to ensure the data cannot be recovered before disposal. Why is this approach flawed for these devices?
A company is retiring a batch of old magnetic hard drives that stored sensitive financial records. The drives will be sent to an off-site recycling vendor, and management wants to ensure the data cannot be recovered before the drives leave the building. Which method most reliably renders the data on these magnetic drives unrecoverable?
A company's data retention policy states that customer support email records must be kept for exactly three years, after which they are no longer needed for legal or business purposes. A batch of support emails has now reached the four-year mark and is still sitting in the archive system. According to good data handling practice, what should happen to these records?
A financial controller must send quarterly reports to external auditors by email. Management requires proof that each report genuinely came from the controller and was not altered in transit, and the controller should not be able to later deny sending it. Which cryptographic technique best satisfies these requirements?
A field technician carries customer records on a USB flash drive between client sites. Management is concerned that if the drive is lost or stolen, the records could be read by an unauthorized person. Which control most directly protects the confidentiality of the data stored on the drive?
A systems administrator is deploying 50 new web servers. To ensure every server starts with the same approved, hardened settings — including disabled unnecessary services, applied patches, and standardized configurations — the administrator builds a single approved image and uses it for all deployments. What configuration management practice is the administrator using?
A systems administrator downloads a firmware update and wants to confirm the file was not altered during transfer. The vendor publishes a SHA-256 value alongside the download. After downloading, the administrator computes the SHA-256 of the local file and compares it to the published value. What security goal does this process primarily support?
A department manager asks the IT team to immediately delete a batch of system access logs to free up storage space. The organization's retention schedule requires these logs to be kept for 18 months to satisfy compliance requirements, and the logs are currently 6 months old. What is the MOST appropriate response from the IT team?
An IT technician is repurposing several older hard disk drives from a decommissioned finance department workstation. The drives will be reassigned to a different internal team, so they must remain functional after sanitization. Which method BEST ensures the previous financial data cannot be recovered while keeping the drives usable?
A system administrator receives a critical security patch from a vendor for the company's production database servers. Before deploying it fleet-wide, what should the administrator do first according to sound configuration and patch management practices?
More CC practice
Keep going with the other ISC2 CC — Certified in Cybersecurity domains, or take a full timed mock exam.
← Back to CC overview