ISC CC - CC - Certified in Cybersecurity

Crime Prevention Through Environmental Design (CPTED) uses environmental design principles such as visibility, lighting, access control, and territorial reinforcement to deter criminal activity.

Cross-site scripting (XSS) attacks exploitinput validation vulnerabilitiesin web applications. These vulnerabilities occur when an application fails to properly validate, sanitize, or encode user-supplied input before including it in web pages. As a result, attackers can inject malicious scripts that are executed in the browsers of other users.

XSS attacks commonly occur through form fields, URL parameters, cookies, or HTTP headers. Once executed, malicious scripts can steal session cookies, capture keystrokes, redirect users to malicious sites, or perform actions on behalf of the victim.

ARP spoofing and DNS poisoning target network-level trust relationships, not application input validation. Pharming redirects users to fake websites by manipulating DNS or host files, again unrelated to input validation.

Preventing XSS relies heavily on strong input validation, output encoding, content security policies (CSP), and secure coding practices. OWASP and NIST explicitly identify XSS as a validation-related vulnerability and emphasize defensive coding as the primary mitigation.

HIPAA applies to healthcare providers, insurers, and their business associates to protect patient health information (PHI).

The ISC2 Code of Ethics prioritizesprotecting society and the public, including users, over employer interests.

VLAN hopping exploits weaknesses in Layer 2 switching mechanisms such as trunking and tagging.

While managementparticipatesin BCP, “management” alone is not a documented component. The other options represent formal, documented BCP elements.

The three core structural components of an SQL database aretables,views, andschemas. Tables store the actual data in rows and columns. Views are virtual tables created from queries that present data in a specific way without duplicating it. Schemas act as logical containers that organize database objects and define ownership and access control.

Object-oriented interfaces are not a fundamental component of an SQL database. While modern databases may support object-relational features or APIs that allow object-oriented programming languages to interact with the database, these interfaces exist outside the core database structure.

SQL databases are based on the relational model, not the object-oriented model. Even though object-relational mapping (ORM) tools exist, they are middleware components rather than native database structures.

Understanding core database components is important for security professionals when managing access controls, permissions, and data exposure risks.

Integrity applies broadly—to data, systems, processes, and organizational operations—ensuring accuracy, completeness, and trustworthiness.

A threat actor is the individual or group responsible for carrying out attacks. Threat vectors describe methods, not entities.

Asecurity breachrefers to an incident where an unauthorized individual successfully gains access to a system, application, network, or data resource. Unlike a general security event, a breach confirms that confidentiality, integrity, or availability has been compromised. According to NIST SP 800-61, a breach occurs when security controls fail and protected information is accessed, disclosed, altered, or destroyed without authorization.

Not every event or intrusion results in a breach. For example, a blocked attack detected by an IDS is an event, not a breach. A breach has legal, regulatory, and business implications, often triggering notification requirements, forensic investigations, and remediation actions.