Selected CC ISC certification Questions Answers

Impact measures the severity of consequences if a security event occurs. It is a key component of risk calculations along with likelihood.

An IPS monitors traffic, detects malicious activity, and actively blocks attacks. Encryption is handled by protocols such as TLS or IPSec, not IPS devices.

An Intrusion Detection System (IDS) consists of three fundamental functional components: information sources, analysis engines, and response mechanisms. Information sources collect data such as network packets, logs, or system events. Analysis engines evaluate this data to detect suspicious behavior. Response components generate alerts or notifications.

While IDS systems typically do not block traffic (unlike IPS), they still perform response actions such as logging, alerting, and triggering workflows.

All three components work together to detect and report security incidents. This architecture is well documented in NIST intrusion detection guidance and forms the basis of both host-based and network-based IDS solutions.

Authentication is the phase of the AAA (Authentication, Authorization, Accounting) model in which a user proves their identity. During authentication, the system verifies that the user is who they claim to be by validating credentials such as passwords, biometrics, smart cards, or cryptographic keys.

Identification occurs first, when a user claims an identity (for example, entering a username). Authentication then confirms that claim. Authorization follows authentication and determines what actions the authenticated user is permitted to perform. Accounting tracks and logs user activities for auditing and monitoring purposes.

Strong authentication is critical to system security because all subsequent access control decisions depend on its accuracy. Weak authentication mechanisms increase the risk of unauthorized access, credential theft, and impersonation attacks.

Modern security frameworks emphasize multi-factor authentication (MFA) to strengthen this phase. NIST SP 800-63 highlights authentication as a core security function essential to protecting systems, data, and services from unauthorized access.