CISSP - Certified Information Systems Security Professionals
Go back to
ISC2
Example Questions
What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?
An access control list
Under the Lattice Based Access Control model, a container of information is a(n):
Object
An expert system that has rules of the form If w is low and x is high then y is intermediate, where w and x are input variables and y is the output variable, is called a:
Fuzzy expert system
Similarity between all recovery plans is:
They become obsolete quickly
How do you distinguish between a bridge and a router?
The bridge connects multiple networks at the data link layer, while router connects multiple networks at the network layer.
What does CSMA stand for?
Carrier Sense Multiple Access
The lattice-based model aims at protecting against:
Illegal information flow among the entities.
Controls are implemented to:
mitigate risk and reduce the potential for loss
A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Overt channel
What is another name for the Orange Book?
The Trusted Computer System Evaluation Criteria (TCSEC)
A back door into a network refers to what?
Mechanisms created by hackers to gain network access at a later time
IDSs verify, itemize, and characterize threats from:
Outside and inside your organization's network.
The quality of finger prints is crucial to maintain the necessary:
FRR and FAR
What is the most crucial piece of developing a disaster recovery plan?
Management support
Using another company's facilities in the event of a disaster is called what?
Reciprocal agreement
Which of the following layers of the ISO/OSI model do packet filtering firewalls operate at?
Network layer
Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)?
It is believed to require shorter keys for equivalent security.
A storage information architecture does not address which of the following?
archiving of data
What does normalizing data in a data warehouse mean?
Redundant data is removed.
Which of the following questions is less likely to help in assessing controls over audit trails?
Are incidents monitored and tracked until resolved?
Which of the following statements pertaining to dealing with the media after a disaster occurred and disturbed the organization's activities is incorrect?
The CEO should always be the spokesperson for the company during a disaster
Traditional access control process uses all but which of the following?
Provisioning
Which of the following DoD Model layer provides non-repudiation services?
application layer.
Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)?
TCP is connection-oriented, UDP is not.
Which choice below BEST describes the difference between the System Owner and the Information Owner?
One system could have multiple information owners.
What is searching for data correlations in the data warehouse called?
Data mining
Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access?
Single Sign-On (SSO)
Which statement below is NOT true about security awareness, training, and educational programs?
Security education assists management in determining who should be promoted.
The alternate processing strategy in a business continuity plan can provide for required backup computing capacity through a hot site, a cold site, or
An online backup program.
The purpose of initiating emergency actions right after a disaster takes place is to prevent loss of life, attend to injuries, and __________.
Mitigate further damage
A business impact analysis (BIA) is considered a______________ in which a team collects data through interviews and documentary sources and documents business functions, activities, and transactions.
Functionality analysis
In which LAN transmission method is a source packet copied and sent to specific multiple destinations but not ALL of the destinations on the network?
Multicast
Individual privacy rights as defined in the HIPAAPrivacy Rule include consent and authorization by the patient for the release of PHI. The difference between consent and authorization as used in the Privacy Rule is:
Consent grants general permission to use or disclose PHI, and authorization limits permission to the purposes and the parties specified in the authorization.
Which security measure BEST provides non-repudiation in electronic mail?
Digital signature
Which of the following can prevent hijacking of a web session?
SSL
What is an important factor affecting the time required to perpetrate a manual trial and error attack to gain access to a target computer system?
Keyspace for the password.
Which type of password token involves time synchronization?
Synchronous dynamic password tokens
An area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability can be defined as:
Network availability
Which minimum TCSEC security class category specifies trusted distribution controls?
A1
Which of the following is not a property of the Rijndael block cipher algorithm?
It operates on 64-bit plaintext blocks and uses a 128 bit key.
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?
Capacitance detectors
RAID Software can run faster in the operating system because neither use the hardware-level parity drives by?
Simple striping or mirroring.
A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:
Non-Discretionary Access Control
Which of the following is a detective control?
Audit trails
A DMZ is located:
right behind your first Internet facing firewall
Which of the following security modes of operation involved the highest risk?
Multilevel Security Mode
The Implementation Guides
are referred to in the Transaction Rule
The Internet Activities Board (IAB) considers which of the following behaviors relative to the Internet as unethical?
Negligence in the conduct of Internet experiments
The Wireless Transport Layer Security (WTLS) Protocol in the Wireless Application Protocol (WAP) stack is based on which Internet Security Protocol?
TLS
What two factors should a backup program track to ensure the serviceability of backup tape media?
The physical characteristics and rotation cycle of the media.
Study Guides