ISC2 CC — Certified in Cybersecurity · Domain 5 · 18% of exam

Security Operations

Drill 20 practice questions focused entirely on Security Operations for the ISC2 CC exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.

Verified answer20 questions
Question 1 of 20

A system administrator built all company web servers from a documented secure baseline last year. During a recent review, several servers were found running services and settings that no longer match that baseline, even though no approved changes were recorded. What is the BEST way to describe and address this situation?

Reviewed for accuracy · Report an issue
Question 2 of 20

Two companies that have never exchanged keys before want to begin sending encrypted messages to each other over the internet. They need a way for each party to share a value that lets the other encrypt data without ever transmitting a secret key that an eavesdropper could capture. Which type of cryptography is designed to solve this problem?

Reviewed for accuracy · Report an issue
Question 3 of 20

A new employee is going through onboarding and receives a document that outlines what activities are permitted when using the company's computers, email, and internet connection, along with the consequences for misuse. Which type of policy is the employee reviewing?

Reviewed for accuracy · Report an issue
Question 4 of 20

A company allows employees to use their own smartphones and tablets to access corporate email and applications. Management is concerned about protecting company data on these personal devices. Which policy should the organization implement to define the security requirements and responsibilities for using personally owned devices for work?

Reviewed for accuracy · Report an issue
Question 5 of 20

A critical vulnerability is being actively exploited, and the security team must deploy an emergency patch to production servers outside the normal maintenance window. According to sound change management practice, what should the team do to remain compliant while acting quickly?

Reviewed for accuracy · Report an issue
Question 6 of 20

A company's security team notices that sensitive printed documents are frequently left on desks overnight, and unlocked workstations often display confidential information. Which best-practice security policy should the team implement to directly address both issues?

Reviewed for accuracy · Report an issue
Question 7 of 20

A security analyst maintains a documented list of all approved hardware and software assets connected to the corporate network. During a routine review, the analyst compares a network scan against this list and discovers three devices that are not recorded anywhere. Which configuration management practice made this discovery possible?

Reviewed for accuracy · Report an issue
Question 8 of 20

A company is rolling out a new data governance program. Before staff can determine which storage, encryption, and sharing rules apply to a given file, what must first be assigned to that data?

Reviewed for accuracy · Report an issue
Question 9 of 20

A company stores customer records in a cloud provider's encrypted storage service. When a contract ends, the company must ensure the data is unrecoverable, but it has no physical access to the provider's drives, which are shared with other tenants. Which secure destruction method is most appropriate in this situation?

Reviewed for accuracy · Report an issue
Question 10 of 20

A company recently completed classifying all of its data into categories such as Public, Internal, and Confidential. A security analyst notices that employees still routinely email Confidential files without encryption because they cannot tell which files are sensitive. Which action would MOST directly address this problem?

Reviewed for accuracy · Report an issue
Question 11 of 20

A company is retiring a batch of solid-state drives (SSDs) that stored confidential customer data. A technician plans to run a strong magnetic degausser over the drives to ensure the data cannot be recovered before disposal. Why is this approach flawed for these devices?

Reviewed for accuracy · Report an issue
Question 12 of 20

A company is retiring a batch of old magnetic hard drives that stored sensitive financial records. The drives will be sent to an off-site recycling vendor, and management wants to ensure the data cannot be recovered before the drives leave the building. Which method most reliably renders the data on these magnetic drives unrecoverable?

Reviewed for accuracy · Report an issue
Question 13 of 20

A company's data retention policy states that customer support email records must be kept for exactly three years, after which they are no longer needed for legal or business purposes. A batch of support emails has now reached the four-year mark and is still sitting in the archive system. According to good data handling practice, what should happen to these records?

Reviewed for accuracy · Report an issue
Question 14 of 20

A financial controller must send quarterly reports to external auditors by email. Management requires proof that each report genuinely came from the controller and was not altered in transit, and the controller should not be able to later deny sending it. Which cryptographic technique best satisfies these requirements?

Reviewed for accuracy · Report an issue
Question 15 of 20

A field technician carries customer records on a USB flash drive between client sites. Management is concerned that if the drive is lost or stolen, the records could be read by an unauthorized person. Which control most directly protects the confidentiality of the data stored on the drive?

Reviewed for accuracy · Report an issue
Question 16 of 20

A systems administrator is deploying 50 new web servers. To ensure every server starts with the same approved, hardened settings — including disabled unnecessary services, applied patches, and standardized configurations — the administrator builds a single approved image and uses it for all deployments. What configuration management practice is the administrator using?

Reviewed for accuracy · Report an issue
Question 17 of 20

A systems administrator downloads a firmware update and wants to confirm the file was not altered during transfer. The vendor publishes a SHA-256 value alongside the download. After downloading, the administrator computes the SHA-256 of the local file and compares it to the published value. What security goal does this process primarily support?

Reviewed for accuracy · Report an issue
Question 18 of 20

A department manager asks the IT team to immediately delete a batch of system access logs to free up storage space. The organization's retention schedule requires these logs to be kept for 18 months to satisfy compliance requirements, and the logs are currently 6 months old. What is the MOST appropriate response from the IT team?

Reviewed for accuracy · Report an issue
Question 19 of 20

An IT technician is repurposing several older hard disk drives from a decommissioned finance department workstation. The drives will be reassigned to a different internal team, so they must remain functional after sanitization. Which method BEST ensures the previous financial data cannot be recovered while keeping the drives usable?

Reviewed for accuracy · Report an issue
Question 20 of 20

A system administrator receives a critical security patch from a vendor for the company's production database servers. Before deploying it fleet-wide, what should the administrator do first according to sound configuration and patch management practices?

Reviewed for accuracy · Report an issue

More CC practice

Keep going with the other ISC2 CC — Certified in Cybersecurity domains, or take a full timed mock exam.

← Back to CC overview