ISC Updated CC Exam Questions and Answers by agnes

A Disaster Recovery Plan (DRP) provides procedures to restore IT systems, applications, and infrastructure after an outage.

The Internet Engineering Task Force (IETF) develops and maintains Internet standards through RFCs.

A URL filter is the most effective control for restricting access to specific websites. URL filtering allows administrators to block access based on domain names, URLs, or content categories such as gambling, social media, or malicious sites.

IP address blocking is less precise because many websites share IP addresses or use dynamic hosting. DLP solutions focus on data protection, not web access control. IPS systems detect and block attacks but are not designed for enforcing acceptable-use browsing policies.

URL filtering is commonly implemented in firewalls, secure web gateways, and proxy servers and is widely used to enforce organizational internet usage policies.

A subject in cybersecurity is an active entity that initiates actions and requests access to resources. Among the options provided, auseris the correct example of a subject because users actively authenticate, request access, and perform operations on systems.

Files and filenames are objects, not subjects. They are passive entities that store data and do not initiate actions. A fence is a physical security control and does not function as a subject within access control models.

Subjects can include human users, system processes, applications, or services acting on behalf of users. In access control decisions, systems evaluate whether a subject is authorized to perform a specific action on an object based on identity, role, or security label.

Understanding the distinction between subjects and objects is essential for designing secure systems and implementing access control policies. It supports core principles such as least privilege and separation of duties. Without clearly identifying subjects, organizations cannot accurately enforce permissions, monitor activity, or perform effective auditing and incident response.