CSC Study Guide 2026
Everything you need to pass the CSC exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.
📚 CSC Topics to Study (21)
✍️ Sample CSC Questions & Answers
1. Which of the following best describes the primary purpose of the 'Prepare' step in the NIST Risk Management Framework (RMF)?
The 'Prepare' step (Step 1) is foundational and focuses on activities at both the organization and system levels to ensure that the organization is ready to manage its security and privacy risks. This includes establishing a risk management strategy, identifying key roles, determining risk tolerance, and identifying common controls.
2. Under PCI DSS, what is the maximum number of digits that may be displayed when masking a primary account number (PAN)?
PCI DSS allows displaying the first six and last four digits of a PAN; all other digits must be masked.
3. What does identity lifecycle management encompass in an IAM compliance program?
Identity lifecycle management covers the complete process of provisioning, modifying, and deprovisioning user accounts and access rights throughout an employee's tenure to maintain compliance.
4. Which factor is critical in risk prioritization?
In risk prioritization, the most critical factors are the potential impact of a risk event and the likelihood of it occurring. Risks with a high impact and high likelihood demand immediate attention and resources. By assessing these two dimensions, organizations can effectively allocate resources to manage the most significant threats first.
5. What is the maximum number of days most U.S. state breach notification laws require businesses to notify affected individuals after discovering a breach?
U.S. state breach notification deadlines vary, but most fall between 30 and 90 days from discovery, with some states like Florida mandating 30 days.
6. What is a technical control in cybersecurity?
A technical control in cybersecurity refers to security measures that are implemented through technology. Firewalls, encryption tools, intrusion detection systems, and access control lists are prime examples. These controls leverage software and hardware to protect systems and data from unauthorized access, use, disclosure, disruption, modification, or destruction.