CC Exam Dumps - CC - Certified in Cybersecurity

Athreatis any actor or condition capable of exploiting a vulnerability to cause harm.

The primary objective of DRP is restoring IT systems to a reliable operational state.

A hierarchical database organizes data in a tree-like structure where each parent record can have multiple child records, but each child has only one parent. This model resembles a file system hierarchy and is designed to represent one-to-many relationships efficiently.

Hierarchical databases were among the earliest database models and are still used in specific environments such as legacy systems and mainframe applications. Data access is fast when the hierarchy is well understood, but the model lacks flexibility when relationships become complex.

Relational databases use tables with rows and columns, object-oriented databases store objects, and network databases allow many-to-many relationships. Only the hierarchical model strictly enforces a tree structure.

Understanding database models is important for security professionals when evaluating access control, data exposure, and system design risks.

A replay attack occurs when an attacker captures valid authentication data—such as login credentials, session tokens, or cryptographic handshakes—and later reuses that data to gain unauthorized access. The attacker does not need to know the actual password; instead, they replay previously captured authentication information.

Replay attacks often exploit systems that lack proper protections such as timestamps, nonces, session expiration, or cryptographic challenge-response mechanisms. These attacks are particularly dangerous in poorly secured authentication protocols or legacy systems.

A man-in-the-middle attack involves intercepting and potentially altering communications in real time, while a replay attack focuses on reusing captured data. Smurf attacks and DDoS attacks target availability, not authentication.

Security controls such as time-based tokens, one-time passwords, mutual authentication, and secure protocols (e.g., TLS) are commonly used to prevent replay attacks. NIST authentication guidelines explicitly recommend replay resistance as a core requirement for secure authentication systems.

Authorization determines what actions a user is allowed to perform after their identity has been authenticated. Identification claims an identity, authentication verifies it, and authorization grants permissions.

VLANslogically separate networks at Layer 2 while sharing the same physical infrastructure.

Distributed Denial of Service (DDoS) attacks primarily impactavailability, one of the three pillars of the CIA triad. DDoS attacks overwhelm systems, networks, or applications with massive volumes of traffic, exhausting resources such as bandwidth, CPU, or memory and preventing legitimate users from accessing services.

The goal of a DDoS attack is not to steal data, alter information, or deny accountability, but rather todisrupt access. Confidentiality and integrity may remain intact, but users are unable to reach the system, resulting in service outages, financial loss, and reputational damage.

Availability is a critical security objective for public-facing services such as websites, APIs, and online platforms. Defenses against DDoS attacks include traffic filtering, rate limiting, content delivery networks (CDNs), scrubbing services, and redundant architectures.

Security frameworks such as NIST and ISO/IEC explicitly associate denial-of-service attacks with availability risks, making availability the most directly affected cybersecurity principle.

Ransomware affects victims’ files primarily byencryptingthem, rendering the data inaccessible without a decryption key. Attackers then demand a ransom in exchange for restoring access.

While modern ransomware may also steal data, encryption is the defining characteristic of ransomware attacks. Destroying or selling files is not the primary mechanism.

Strong backups, access controls, and endpoint protection are key defenses against ransomware, as emphasized by NIST and CIS.