ISC Updated CC Exam Questions and Answers by brianna

Recovery controls restore systems and data after an incident. Examples include backups, failover systems, and disaster recovery procedures.

Microsoft SQL Server commonly uses TCP port 1433, which falls in the registered port range.

John the Ripper is a well-known password cracking tool used to test the strength of passwords by performing brute-force, dictionary, and hybrid attacks. It is commonly used by security professionals during penetration testing and password audits to identify weak credentials.

Burp Suite is a web application testing tool, Nslookup is a DNS query utility, and Wireshark is a packet analyzer. None of these tools are designed specifically for password cracking.

While John the Ripper can be used maliciously, it is also widely used defensively to improve password policies and enforce strong authentication practices. Its existence highlights the importance of strong passwords, hashing, salting, and multi-factor authentication.

Type 1 authenticationrefers to “something you know,” such as a password, PIN, or passphrase. This is the most common and oldest form of authentication used in information systems.

Other authentication types include Type 2 (something you have, such as a smart card or token) and Type 3 (something you are, such as biometrics). Some models also define additional types, such as location-based or behavior-based authentication.

While easy to implement, Type 1 authentication is considered the weakest because secrets can be guessed, reused, stolen, or phished. For this reason, security best practices strongly recommend combining it with other authentication types using multi-factor authentication (MFA).

NIST and CIS guidelines consistently discourage reliance on single-factor, knowledge-based authentication for sensitive systems due to its susceptibility to compromise.