ISC Updated CC Exam Questions and Answers by bleu

When a device does not meet security baseline requirements, it poses a risk to the environment. Best practice is todisable or quarantine the deviceto prevent potential compromise or lateral movement. Network Access Control (NAC) solutions commonly automate this process.

Isolation ensures the device cannot interact with production systems until it is patched, configured correctly, and verified as compliant. This approach aligns with NIST and Zero Trust principles, emphasizing continuous compliance and containment.

Common IRT models includededicated,leveraged, andhybridteams. In these models, response capabilities exist within the organization. While organizations mayusethird-party assistance, a fullyoutsourcedIRT is generally not considered a core internal IRT model because incident response requires immediate organizational authority, access, and accountability.

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) operate at theTransport layer (Layer 4)of the OSI model. This layer is responsible for end-to-end communication, segmentation, flow control, and error handling.

TCP provides reliable, connection-oriented communication with acknowledgments and retransmissions. UDP provides connectionless communication optimized for speed and low latency.

The Session layer manages session establishment, and the Presentation layer handles formatting and encryption. Neither is responsible for transport-level data delivery.

Understanding protocol placement is essential for firewall rules, intrusion detection, and network troubleshooting. Most security controls rely heavily on Transport-layer awareness.

Intercepting traffic to capture credentials is commonly achieved throughpacket sniffing, which targets theData Link layer (Layer 2). Techniques such as ARP poisoning operate at this layer to redirect traffic to the attacker.

While credentials belong to applications, the interception itself occurs at Layer 2.