CISSP - Certified Information Systems Security Professionals

Go back to ISC2

Example Questions

What can be defined as a list of subjects along with their access rights that are authorized to access a specific object? Under the Lattice Based Access Control model, a container of information is a(n): An expert system that has rules of the form If w is low and x is high then y is intermediate, where w and x are input variables and y is the output variable, is called a: Similarity between all recovery plans is: How do you distinguish between a bridge and a router? What does CSMA stand for? The lattice-based model aims at protecting against: Controls are implemented to: A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)? What is another name for the Orange Book? A back door into a network refers to what? IDSs verify, itemize, and characterize threats from: The quality of finger prints is crucial to maintain the necessary: What is the most crucial piece of developing a disaster recovery plan? Using another company's facilities in the event of a disaster is called what? Which of the following layers of the ISO/OSI model do packet filtering firewalls operate at? Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)? A storage information architecture does not address which of the following? What does normalizing data in a data warehouse mean? Which of the following questions is less likely to help in assessing controls over audit trails? Which of the following statements pertaining to dealing with the media after a disaster occurred and disturbed the organization's activities is incorrect? Traditional access control process uses all but which of the following? Which of the following DoD Model layer provides non-repudiation services? Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)? Which choice below BEST describes the difference between the System Owner and the Information Owner? What is searching for data correlations in the data warehouse called? Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access? Which statement below is NOT true about security awareness, training, and educational programs? The alternate processing strategy in a business continuity plan can provide for required backup computing capacity through a hot site, a cold site, or The purpose of initiating emergency actions right after a disaster takes place is to prevent loss of life, attend to injuries, and __________. A business impact analysis (BIA) is considered a______________ in which a team collects data through interviews and documentary sources and documents business functions, activities, and transactions. In which LAN transmission method is a source packet copied and sent to specific multiple destinations but not ALL of the destinations on the network? Individual privacy rights as defined in the HIPAAPrivacy Rule include consent and authorization by the patient for the release of PHI. The difference between consent and authorization as used in the Privacy Rule is: Which security measure BEST provides non-repudiation in electronic mail? Which of the following can prevent hijacking of a web session? What is an important factor affecting the time required to perpetrate a manual trial and error attack to gain access to a target computer system? Which type of password token involves time synchronization? An area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability can be defined as: Which minimum TCSEC security class category specifies trusted distribution controls? Which of the following is not a property of the Rijndael block cipher algorithm? Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? RAID Software can run faster in the operating system because neither use the hardware-level parity drives by? A central authority determines what subjects can have access to certain objects based on the organizational security policy is called: Which of the following is a detective control? A DMZ is located: Which of the following security modes of operation involved the highest risk? The Implementation Guides The Internet Activities Board (IAB) considers which of the following behaviors relative to the Internet as unethical? The Wireless Transport Layer Security (WTLS) Protocol in the Wireless Application Protocol (WAP) stack is based on which Internet Security Protocol? What two factors should a backup program track to ensure the serviceability of backup tape media?

Study Guides