CC Exam Dumps - CC - Certified in Cybersecurity

Crime Prevention Through Environmental Design (CPTED) uses environmental design principles such as visibility, lighting, access control, and territorial reinforcement to deter criminal activity.

Risk management is an ongoing process that identifies threats, evaluates risk, and applies controls to reduce risk to acceptable levels. It is foundational to cybersecurity governance.

Firewalls are not particularly effective against insider threats because insiders already have authorized access to internal systems and networks. Firewalls are designed to control traffic between trusted and untrusted networks, not to monitor legitimate internal user behavior.

Least privilege limits what insiders can access, reducing potential damage. Background checks help identify risky individuals before hiring. Separation of duties prevents any one person from having complete control over critical processes.

Insider threats involve misuse of legitimate access, whether malicious or accidental. Effective controls against insiders focus on access management, monitoring, auditing, and behavioral analysis—not perimeter defenses.

Security frameworks consistently emphasize that insider threats require administrative, detective, and procedural controls rather than traditional network perimeter tools like firewalls.

Integrityis the primary factor in system and information reliability. Reliable systems must ensure that data is accurate, complete, and protected from unauthorized modification. If integrity is compromised, decisions based on the data become unreliable—even if systems are available or confidential. NIST and ISO frameworks emphasize integrity as essential to trustworthiness and operational reliability.

Risk appetitedefines the level of risk an organization is willing to tolerate and guides decision-making across the enterprise.

Regulations are legally enforceable requirements issued by governments or regulatory bodies. Violating regulations such as GDPR, HIPAA, or PCI DSS can result in fines and penalties.

Standards, policies, and procedures may influence compliance but do not carry direct legal penalties unless codified into law.

The Data Link layer (Layer 2) handles MAC addressing and frame delivery within local networks.

Website spoofing involves impersonating legitimate sites to deceive users. Phishing often uses spoofed sites but is the broader attack method.