Priya Dogra – Certification | Jobs | Internships
Related Articles
Certified Cybersecurity Educator Professional (CCEP) CERTIFICATION Exam Answers
Apply Here: FREE Certified Cybersecurity Educator Professional Certificate
The Certified Cybersecurity Educator Professional (CCEP) certification is designed for cybersecurity professionals who not only possess deep technical knowledge, but also have the ability to effectively teach, guide, and mentor others in the industry.
This certification assesses expertise across key cybersecurity disciplines—covering Network & Security Fundamentals, Security Architecture, Identity and Access Management (IAM), Offensive Tactics, Cloud Security, Security Operations, Application Security, and Incident Handling.
The exam includes 80 questions, modeled after real-world professional certification formats. Each question focuses on evaluating conceptual clarity and applied reasoning rather than simple recall, with balanced and thoughtfully structured answer choices.
Ideal Candidates
This certification is suitable for cybersecurity trainers, instructors, analysts, solution architects, Red/Blue Team specialists, security leaders, and professionals responsible for educating teams or delivering cybersecurity training programs.
What Successful Candidates Demonstrate
- Ability to design, assess, and enhance secure environments across both cloud and on-premise systems
- Competence in managing security operations and coordinating incident response activities
- Strong understanding of threat mitigation, risk assessment, and connecting technical outcomes with business objectives
- Effective communication and teaching skills to simplify and deliver complex cybersecurity knowledge
Exam Details
- Passing Requirement: 80%
- Exam Duration: 2 hours
FREE 1 ATTEMPT: USE COUPON CCEP100OFF
Question 1:
Which control enforces least privilege for a new SaaS admin?
A) Scoped role with just-in-time elevation
B) Global admin with quarterly review
C) Full access protected by MFA only
D) Rely on network ACL enforcement
Question 2:
A bank must detect any change in transaction records. Which security property is primary?
A) Availability of systems and data
B) Non-repudiation guarantees
C) Integrity to prevent undetected modification
D) Confidentiality of transaction contents
Question 3:
Which router setting best prevents IP spoofing from internal hosts?
A) Apply uRPF on edge interfaces
B) Implement source address validation
C) Enable DNS sinkholing internally
D) Use static ARP tables on all switches
Question 4:
Mandatory vacations and job rotation for SOC staff primarily reduce which risk?
A) Reduce probability of DDoS incidents
B) Decrease chance of insider fraud and single-person silos
C) Mitigate insider fraud by exposing malicious activity
D) Expose and deter insider fraud through rotation
Question 5:
Which mechanism provides integrity and origin authentication for BGP sessions?
A) IPsec transport protecting BGP
B) Using TLS on port 443 for BGP
C) Rely on route reflectors alone
D) MD5 in SNMPv2
Question 6:
Which segregation of duties setup best supports CI/CD security?
A) Code owners approve merges, release manager deploys
B) Single dev does merge and deploy
C) Require separate approvals for merge and deployment
D) Use shared pipeline admin accounts
Question 7:
What is the main objective of threat modeling during design?
A) Optimize performance metrics
B) Replace the need for code review
C) Identify and prioritize attack scenarios and mitigations
D) Ensure UI consistency
Question 8:
Which approach gives just-in-time, auditable access to production databases?
A) Short-lived ephemeral credentials issued via a broker
B) Static credentials rotated quarterly
C) Local OS accounts with sudo
D) Shared VPN access to jump host
Question 9:
Which control most directly prevents LLMNR/NBT-NS poisoning attacks?
A) Rotate service account passwords monthly
B) Ensure strong EDR on endpoints
C) Increase account lockout thresholds
D) Disable LLMNR/NBT-NS and harden DNS
Question 10:
Which cloud control most reduces blast radius if an access key is exposed?
A) Use scoped, short-lived tokens via IAM roles
B) Long-lived keys with narrow scopes
C) Short-lived instance roles and scoped policies
D) Open security groups broadly
Question 11:
What is a primary benefit of mapping detections to MITRE ATT&CK in a SOC?
A) Standardized view of coverage and detection gaps
B) Removes need for SIEM
C) Guarantees no false positives
D) Replaces incident response playbooks
Question 12:
Which practice most reduces SSRF risk in cloud-native services?
A) Disable TLS
B) Allow all redirects
C) Block access to metadata and link-local addresses
D) Increase instance CPU limits
Question 13:
Which backup approach gives evidence that backups cannot be modified by ransomware?
A) Immutable, air-gapped or WORM-capable backups with restore tests
B) Backups on same domain with admin access
C) Encrypt backups without immutability
D) Rely on RAID and snapshots
Question 14:
Which IAM concept grants access only when device posture and context match?
A) Context-aware (risk-based) access
B) Permanent RBAC roles
C) Open network trust model
D) Always-on admin elevation
Question 15:
When should eradication begin during incident response?
A) Immediately before containment
B) After containment and scoping
C) Only after full recovery
D) Once evidence is erased
Question 16:
Which best defines a compensating control?
A) A temporary measure offering comparable risk reduction
B) An equivalent safeguard when primary control is infeasible
C) A decorative compliance note
D) A documented exception only
Question 17:
DevOps stores secrets in code. Which practice most effectively fixes this?
A) Move secrets to a secrets manager with short TTLs
B) Base64-encode secrets in repo
C) Store in comments and private branches
D) Rely only on .gitignore
Question 18:
Which defense-in-depth stack best reduces email phishing?
A) DMARC/DKIM/SPF, sandboxing, URL rewriting, and reporting
B) User training alone
C) Block all attachments outright
D) Rely on legacy antivirus
Question 19:
In zero trust, how is access treated?
A) Trust once per device and never re-evaluate
B) Continuous verification using identity and context
C) Perimeter firewall suffices for trust
D) Network location solely determines trust
Question 20:
Which control most effectively prevents Pass-the-Hash in AD?
A) Enforce Credential Guard/LSA protection and restrict admin logons
B) Disable SMB signing
C) Use telnet for admin tasks
D) Reuse local admin passwords
Question 21:
Which logging setup most improves forensic readiness?
A) Delete logs monthly
B) Use local text logs and rotate frequently
C) Centralize logs into secure, immutable store with time sync
D) Disable audit logs for performance
Question 22:
Which token handling best prevents JWT replay?
A) Bind tokens to channel or use DPoP with short TTL and revocation
B) Use long lifetimes
C) Use same HS256 key everywhere
D) Disable expiration
Question 23:
Which approach best breaks the kill chain during lateral movement?
A) Block C2 DNS only
B) Disable backups globally
C) Network microsegmentation and credential hygiene
D) Remove logs to hinder attackers
Question 24:
How should organizations reduce risk from third-party libraries?
A) Ignore transitive dependencies
B) Pin versions forever without review
C) Use software composition analysis, SBOMs and rapid patching
D) Only use popular libraries without review
Question 25:
Which activity belongs to IR ‘Preparation’ phase?
A) Tabletop exercises and playbook validation
B) Host isolation during active incident
C) Malware eradication
D) Evidence imaging
Question 26:
If a container escapes via kernel bug, which control limits impact?
A) Run all containers as root
B) Use seccomp/AppArmor and least-privilege nodes
C) Expose docker daemon over TCP
D) Disable auditing for performance
Question 27:
Which cryptographic method provides forward secrecy?
A) ECDHE ephemeral key exchange
B) Static RSA key exchange
C) MD5-based signatures
D) Pre-shared symmetric keys only
Question 28:
What is the primary purpose of a data classification policy?
A) Define handling and protection based on sensitivity
B) Increase storage use
C) Boost marketing reach
D) Mandate tape backups
Question 29:
Which testing method most accurately simulates a motivated external adversary with limited intel?
A) White-box testing with full details
B) Black-box penetration test with goal-based scope
C) Unit testing only
D) Static code analysis alone
Question 30:
DLP flags upload to personal cloud. Best immediate action?
A) Ignore alert if low priority
B) Block all internet access
C) Terminate employee immediately
D) Quarantine transfer and investigate context
Question 31:
Which scenario most requires a Privacy Impact Assessment?
A) Launching a new analytics platform processing PII
B) Upgrading server RAM
C) Changing office furniture
D) Regular OS patching
Question 32:
Which network design best limits broadcast storms and lateral movement?
A) Flat L2 network
B) VLAN segmentation with ACLs and firewalls between zones
C) Single DMZ for all services
D) Disabling STP on switches
Question 33:
Developers need production DB access occasionally. Best control?
A) Break-glass, time-bound read access with approval
B) Permanent read-write access for developers
C) Shared DB admin password
D) No developer access at any time
Question 34:
Which cloud logging control helps detect unauthorized security group changes?
A) Cloud control-plane audit logs with alerts on IAM/SG changes
B) VPC flow logs only
C) Object storage access logs only
D) Disabling logs to cut costs
Question 35:
A risk rated high-likelihood but low-impact. Best treatment?
A) Avoid by shutting unit
B) Transfer without monitoring
C) Accept with monitoring and minimal controls
D) Ignore without documentation
Question 36:
Which measures best mitigate credential stuffing?
A) Account lockout after one failure
B) Implement MFA
C) Disable HTTPS
D) Require complex passwords only
Question 37:
To reduce orphaned SaaS access which is best?
A) Automated JML with SCIM and periodic certification
B) Manual spreadsheets
C) Grant lifetime access
D) Disable SSO for apps
Question 38:
What is the primary goal of red team exercises?
A) Replace vulnerability scanning
B) Only to pass compliance checks
C) Emulate realistic adversaries to test detection and response
D) Intentionally break production systems
Question 39:
When is ABAC preferable to RBAC?
A) Access decisions depend on attributes like device, location and data sensitivity
B) Static job roles never change
C) Tiny team with fixed roles
D) Legacy single-tenant app
Question 40:
Which control best reduces Windows privilege escalation through vulnerable drivers?
A) Enable driver block rules and application control (WDAC)
B) Allow unsigned drivers for compatibility
C) Disable Windows Update
D) Grant local admin to all users
Question 41:
Which property prevents a sender from later denying they sent a message?
A) Integrity
B) Confidentiality
C) Non-repudiation
D) Availability
Question 42:
Hunting for Kerberoasting should prioritize which telemetry?
A) NTFS permission changes
B) Failed VPN logins only
C) Web proxy logs alone
D) Excessive AS-REQ/TGS-REQ for SPNs and unusual hash extraction activity
Question 43:
Which metric measures acceptable amount of data loss in time?
A) MTBF (Mean Time Between Failures)
B) RTO (Recovery Time Objective)
C) RPO (Recovery Point Objective)
D) MTTR (Mean Time To Repair)
Question 44:
Which is the best pattern to protect API keys used by a SPA?
A) Hide keys in comments
B) Embed keys in client-side JavaScript
C) Store keys in localStorage
D) Move secrets to a backend proxy and issue user-scoped tokens
Question 45:
Primary goal of secure architecture reviews?
A) Improve UI aesthetics
B) Identify systemic design risks early and prescribe controls
C) Replace coding standards
D) Avoid documentation
Question 46:
Which cloud storage configuration most reduces public exposure?
A) Block public access at org level, apply least-privilege and access logs
B) Public-by-default buckets with obscure names
C) Disable encryption for simplicity
D) Rely on object name secrecy
Question 47:
What is the process typically targeted by credential dumps in Windows?
A) explorer.exe
B) NisSrv.exe
C) MsMpEng.exe
D) lsass.exe
Question 48:
What is the main outcome of a purple team exercise?
A) Collaborative improvement of detection and controls based on simulated attacks
B) Strict enforcement of separation between red and blue
C) Eliminate SOC analysts
D) Penalize developers for defects
Question 49:
Which authentication method most resists phishing?
A) TOTP mobile app tokens
B) Email-based one-time links
C) FIDO2/WebAuthn hardware security keys
D) SMS OTP
Question 50:
Best mitigation to reduce supply-chain risk in CI/CD?
A) Cache secrets in build logs for speed
B) Allow self-hosted runners from PRs
C) Enforce signed artifacts (SLSA), isolate runners and least-privilege tokens
D) Disable branch protection
Question 51:
Assume-breach runbooks primarily provide what benefit?
A) They accelerate containment by prioritizing isolation and scoping
B) They eliminate false positives
C) They remove need for threat hunting
D) They allow skipping notifications
Question 52:
Best defense against domain fronting at egress?
A) Block DNS entirely
B) Allow all CDNs
C) TLS inspection with SNI and Host header policy enforcement
D) Rely on user training only
Question 53:
Which control best limits exfiltration via DNS tunneling?
A) Use FTP for DNS transfers
B) Disable DHCP on the network
C) Increase DNS TTLs
D) DNS firewall with query-length and entropy analytics
Question 54:
For large IoT deployments, which is best for device identity and trust?
A) Unauthenticated MQTT endpoints
B) Shared default passwords per vendor
C) Per-device X.509 certificates from private CA and secure boot
D) Plain HTTP telemetry
Question 55:
Which vulnerability is most likely when user input is concatenated into SQL without parameterization?
A) SQL Injection
B) Cross-Site Scripting (XSS)
C) Cross-Site Request Forgery (CSRF)
D) Clickjacking
Question 56:
According to the certificate information, why is this website considered insecure?
A) The certificate uses an unsupported signature algorithm.
B) The certificate has expired beyond its valid date range.
C) The certificate was issued by an untrusted authority.
D) The public key length is too short.
Question 57:
Based on the Details tab, which signature algorithm was used for this certificate?
A) sha1RSA
B) md5RSA
C) sha256RSA
D) sha512RSA
Question 58:
One word: The process of proving identity before authorization is granted.
Authentication
Question 59:
One word: The CIA triad element that ensures data is accurate and unaltered.
Integrity
Question 60:
One word: The CIA triad element focused on uptime and resilience.
Availability
Question 61:
One word: Attack technique that tricks a user into executing code or divulging secrets.
Phishing
Question 62:
One word: The process of converting plaintext to ciphertext.
Encryption
Question 63:
One word: Access model granting the minimum necessary permissions.
Least-privilege
Question 64:
One word: Malware that encrypts files and demands payment.
Ransomware
Question 65:
One word: A record of security-relevant events used for investigation.
Log
Question 66:
One word (acronym): Framework mapping adversary tactics and techniques.
MITRE ATT&CK
Question 67:
One word: Security model that assumes no implicit trust based on network location.
Zero-trust
Question 68:
Which control most limits lateral movement from compromised developer laptops?
A) Network microsegmentation with device posture checks
B) Flat VLAN with full connectivity
C) Shared admin accounts for convenience
D) Port mirroring only for monitoring
Question 69:
How verify container images haven’t been tampered with?
A) Disable registries
B) Image signing and policy enforcement (e.g., Sigstore)
C) Pull unsigned images over HTTP
D) Rely on image tags only
Question 70:
Best mitigation for unsafe deserialization vulnerabilities?
A) Increase server CPU cores
B) Accept all classes for convenience
C) Use HTTP instead of HTTPS
D) Whitelist types, avoid unsafe deserialization and sign objects
Question 71:
Buying cyber insurance is an example of which risk treatment?
A) Mitigation by reducing probability
B) Acceptance of risk without transfer
C) Transfer of risk to insurer
D) Avoidance by eliminating asset
Question 72:
Which logging feature is most critical for non-repudiation of admin actions?
A) Tie actions to unique identities and tamper-evident storage
B) Enable anonymous logging to preserve privacy
C) Rotate logs hourly and discard
D) Disable NTP and time sync
Question 73:
A WAF should be tuned to primarily defend against:
A) Common web exploits such as SQLi and XSS
B) Layer 2 switching loops
C) Power failures
D) BGP route hijacks
Question 74:
Which config best prevents object takeover for cloud-hosted static sites?
A) Private buckets, origin access policies and signed update URLs
B) Public write permissions on bucket
C) Rely on long cache TTLs
D) Disable object versioning
Question 75:
Which practice most advances early AppSec findings?
A) Rely solely on bug bounty
B) Pentest after release only
C) Shift-left with SAST/DAST/SCA in CI and dev training
D) Disable code reviews
Question 76:
The vulnerability of the first figure relates to…?
A) LFI
B) XSS
C) CSRF
D) SSRF
Question 76:
The vulnerability of the first figure relates to…?
A) LFI
B) XSS
C) CSRF
D) SSRF
Question 77:
The vulnerability of the second figure relates to…?
A) LFI
B) IDOR
C) XSS
D) SQL Injection
Question 78:
Which statement about CSRF defenses is most accurate?
A) SameSite cookies and anti-CSRF tokens mitigate state-changing requests
B) CSRF can be fully prevented by input validation alone
C) GET requests should change state
D) HTTPS eliminates CSRF risk
Question 79:
Which improves detection of insider HTTPS exfiltration most?
A) TLS inspection combined with DLP and UEBA
B) Block all HTTPS traffic
C) Disable logging for privacy
D) Monthly manual audits only
Question 80:
Which measure best prevents API key exposure in public repos?
A) Store keys in configuration files checked into VCS
B) Embed keys in code with base64 encoding
C) Use secrets scanning in CI and rotate compromised keys
D) Rely on obscure file names
Question 81:
In the depicted attack flow, how does the adversary gain access to the victim’s authenticated session?
A) They steal the password and reuse it
B) They intercept MFA code and log in
C) They proxy the credentials/session and obtain the session cookie
D) Trick the user into installing malware
Question 82:
In a ZTNA model, how does the ZTNA Service decide whether to grant access?
A) It trusts all internal users by default
B) It verifies user identity, device posture, and policy compliance
C) It grants access only based on IP
D) It allows all authenticated users full access
Question 83:
What is one key advantage of implementing ZTNA compared to a traditional VPN?
A) Users can access any server without authentication
B) ZTNA eliminates encryption overhead
C) ZTNA provides application-level access control
D) ZTNA requires physical proximity
