ISC2 CC PRACTICE EXAM NEWEST
QUESTIONS AND DETAILED CORRECT
ANSWERS | ISC2 STUDY GUIDE 2024-
2025
According to the canon "Provide diligent and competent
service to principals", ISC2 professionals are to: Correct
Answer Avoid apparent or actual conflicts of interest.
(The direction for applying the ethical principles of
ISC2 states that avoiding conflicts of interest or the
appearance thereof is a consequence of providing
diligent and competent service to principals (see
https://resources.infosecinstitute.com/certification/the
-isc2-code-of-ethics-a-binding-requirement-for-
certification/). The other options are consequences of
the remaining three ethical principles.
Topic: PE1-1.4 (ISC)2 Code of Ethics - Chapter 1,
Domain 1.4)
Which of the following canons is found in the ISC2 code of
ethics? Correct Answer Provide diligent and competent
service to principals
(Only "Provide diligent and competent service to
principals" contains the accurate text of the ISC2 code
of ethics. Although a security professional should
discourage unsafe practices, no direct reference to
,acting safely exists in the canons. Aside from society,
the common good and infrastructure, security
professionals are expected to protect public trust and
confidence. Finally, they are expected to protect the
profession, and not just advance and promote it.
Topic: PE1-1.4 (ISC)2 Code of Ethics - Chapter 1,
Domain 1.4)
The detailed steps to complete tasks supporting
departmental or organizational policies are typically
documented in: Correct Answer Procedures
(Policies are high-level documents that frame all
ongoing activities of an organization to ensure that it
complies with industry standards and regulations.
Regulations are usually devised by governments.
Standards are created by governing or professional
bodies to support regulations. Both regulations and
standards are created outside of the organization (see
ISC2 Study Guide Chapter 1, Module 4).
Topic: PE1-1.5 Governance Elements - Chapter 1,
Domain 1.5)
Which of the following documents contains elements that
are NOT mandatory? Correct Answer Guidelines
(Only guidelines contain elements that may not be
mandatory. Compliance with policies, procedures and
regulations is mandatory (see ISC2 Study Guide
Chapter 1, Module 4).
,Topic: PE1-1.5 Governance Elements - Chapter 1,
Domain 1.5)
Governments can impose financial penalties as a
consequence of breaking a: Correct Answer Regulation
(Standards are created by governing or professional
bodies (not by governments themselves). Policies and
procedures are created by organizations, and are
therefore not subject to financial penalties (see ISC2
Study Guide Chapter 1, Module 4)
Topic: PE1-1.5 Governance Elements - Chapter 1,
Domain 1.5)
The predetermined set of instructions or procedures to
sustain business operations after a disaster is commonly
known as: Correct Answer Business Continuity Plan
(A Business Continuity Plan (BCP) is a pre-determined
set of instructions describing how an organization's
mission/business processes will be sustained during
and after a significant disruption (see Chapter 2 ISC2
Study Guide, module 4, under Terms and Definitions).
A Business Impact Analysis (BIA) is a technique for
analyzing how disruptions can affect an organization.
A Disaster Recovery Plan is a written plan for
recovering information systems in response to a
major failure or disaster. The term 'Business Impact
Plan' does not exist.)
, Which of these has the PRIMARY objective of identifying
and prioritizing critical business processes? Correct
Answer Business Impact Analysis
(The term 'Business Impact Plan' does not exist. A
Business Impact Analysis (BIA) is a technique for
analyzing how disruptions can affect an organization,
and determines the criticality of all business activities
and associated resources. A Business Continuity Plan
(BCP) is a pre-determined set of instructions
describing how the mission/business processes of an
organization will be sustained during and after a
significant disruption. A Disaster Recovery Plan is a
written plan for recovering information systems in
response to a major failure or disaster.
Topic: PE1-2.1 Business Continuity (BC) - Chapter 2.1,
Domain 2.1)
Which of these is the most efficient and effective way to
test a business continuity plan? Correct Answer
Simulations
(Simulations are full re-enactments of business
continuity procedures and can involve most, if not all,
of your workforce. They also tend to take place on-site
in the relevant business areas. Thus, they are an
exceptionally effective way to test your business
continuity plan. Walkthroughs verbally carry out
specific recovery steps stipulated in the business
Continuity plan. Discussion and reviews are static
ways of testing the business continuity plan.)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TUTORWAC. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $22.99. You're not tied to anything after your purchase.