CC Exam Dumps - ISC certification Questions and Answers

Cross-Site Request Forgery (CSRF) tricks an authenticated user’s browser into sending unauthorized requests to a trusted server. Because the user is already authenticated, the server processes the request as legitimate.

XSS injects malicious scripts, while spoofing involves impersonation. CSRF exploits trust in an existing authenticated session. Defenses include CSRF tokens, same-site cookies, and proper request validation.

A guard dog deters unauthorized access by increasing perceived risk. Deterrent controls discourage attacks before they occur.

A user ID provides identification—it claims an identity. Authentication verifies that claim using credentials like a password.

GDPR is a privacy regulation governing the protection of personal data for individuals in the EU.

IPSec uses sequence numbers in AH and ESP headers to detect and reject duplicate packets. This prevents attackers from capturing and replaying valid packets. Anti-replay protection is a core IPSec security feature defined by the IETF.

Logical access controls are implemented through software and system configurations. They include settings such as user permissions, authentication mechanisms, firewall rules, and system policies managed through GUIs or command-line interfaces. Logical controls protect digital assets by restricting access based on identity and authorization.

Asecurity breachrefers to an incident where an unauthorized individual successfully gains access to a system, application, network, or data resource. Unlike a general security event, a breach confirms that confidentiality, integrity, or availability has been compromised. According to NIST SP 800-61, a breach occurs when security controls fail and protected information is accessed, disclosed, altered, or destroyed without authorization.

Not every event or intrusion results in a breach. For example, a blocked attack detected by an IDS is an event, not a breach. A breach has legal, regulatory, and business implications, often triggering notification requirements, forensic investigations, and remediation actions.

An incident response policy establishes authority, scope, and direction. Without management approval, IR activities lack legitimacy.

An intranet is a private network that uses internet technologies (such as TCP/IP and web browsers) but is accessible only to an organization’s internal users. It mirrors the structure and functionality of the internet while remaining private.

An extranet extends limited access to external partners. A VLAN is a logical network segmentation technique. A VPN is a secure communication tunnel, not a network architecture.

Intranets are commonly used for internal portals, documentation, collaboration tools, and internal services. From a security standpoint, intranets require strong authentication, segmentation, and access controls.

Registered ports (1024–49151) are typically assigned to vendor-specific or proprietary applications, such as database services.