CC Exam Dumps - CC - Certified in Cybersecurity

Discretionary Access Control (DAC) allows the owner or creator of an object to decide who can access it and what permissions they receive. This delegation capability is a defining feature of DAC systems.

MAC enforces centrally controlled policies, RBAC assigns permissions through roles, and ABAC uses attributes evaluated by a policy engine. Only DAC explicitly allows object owners to grant or revoke access at their discretion.

Internal consistency ensures that all copies of data remain identical in content and meaning.

A MAC (Media Access Control) address is 48 bits long and is divided into two main parts. The first24 bitsrepresent theOrganizationally Unique Identifier (OUI), which is assigned by IEEE to hardware manufacturers.

The remaining 24 bits are assigned by the manufacturer to uniquely identify individual network interfaces. The OUI allows network administrators and tools to identify the vendor of a network device.

Understanding MAC addressing is important for network security, device identification, and troubleshooting. MAC addresses are commonly used in access control mechanisms such as MAC filtering, although they should not be relied upon as a strong security control due to spoofing risks.

IPSec (Internet Protocol Security) operates atLayer 3 – the Network Layerof the OSI model. IPSec is designed to secure IP communications by authenticating and encrypting each IP packet in a data stream. Because it works directly with IP packets, it naturally fits at the network layer.

Operating at Layer 3 gives IPSec a major advantage: it can protectall network traffic, regardless of the application or transport protocol being used. This means IPSec can secure TCP, UDP, and ICMP traffic transparently without requiring changes to applications. IPSec is commonly used to implementVirtual Private Networks (VPNs), including site-to-site and remote-access VPNs.

IPSec uses protocols such asAuthentication Header (AH)andEncapsulating Security Payload (ESP)to provide confidentiality, integrity, authentication, and anti-replay protection. Key management is typically handled by IKE (Internet Key Exchange).

Although IPSec may appear in some diagrams as interacting with other layers, standards bodies such as NIST and IETF clearly define IPSec as aLayer 3 (Network Layer)security protocol.

Authentication is the phase of the AAA (Authentication, Authorization, Accounting) model in which a user proves their identity. During authentication, the system verifies that the user is who they claim to be by validating credentials such as passwords, biometrics, smart cards, or cryptographic keys.

Identification occurs first, when a user claims an identity (for example, entering a username). Authentication then confirms that claim. Authorization follows authentication and determines what actions the authenticated user is permitted to perform. Accounting tracks and logs user activities for auditing and monitoring purposes.

Strong authentication is critical to system security because all subsequent access control decisions depend on its accuracy. Weak authentication mechanisms increase the risk of unauthorized access, credential theft, and impersonation attacks.

Modern security frameworks emphasize multi-factor authentication (MFA) to strengthen this phase. NIST SP 800-63 highlights authentication as a core security function essential to protecting systems, data, and services from unauthorized access.

Electromagnetic eavesdropping (TEMPEST attacks) exploits signal leakage. EMI shielding blocks emissions, screened rooms prevent signal escape, and white noise generators mask signals. Together, these controls provide comprehensive protection.

A Smurf attack amplifies ICMP traffic to overwhelm targets.

DNSSEC (Domain Name System Security Extensions) adds cryptographic signatures to DNS records to ensure authenticity and integrity. It prevents attacks such as DNS spoofing and cache poisoning.

DNSSEC allows clients to verify that DNS responses have not been altered. It is the industry-standard solution recommended by security frameworks for protecting DNS infrastructure.