CISSP - 2

Question 1

Which of the following is considered unacceptable for access control? A. Voice pattern systems B. Signature dynamics systems C. Fingerprint systems D. Retina pattern systems

Answer 1

B. Signature dynamics systems

Question 2

Which of the following is an information owner’s responsibility? A. Establishing a formal audit process for determining ownership B. Establishing the criteria for classifying the data based on the business function C. Conducting awareness training relating to the criticality of assigning ownership D. Reviewing and confirming that the authorization process is working as defined

Answer 2

D. Reviewing and confirming that the authorization process is working as defined

Question 3

A detective control includes what type of function? A. Intrusion B. Logging C. Alarm D. Cut-off

Answer 3

B. Logging

Question 4

Secure Sockets Layer exists between the A. HTTP browser and the Application Layer B. Software application and the Presentation Layer C. Transport Layer and the Application Layer D. Certificate Server and Authentication Authority

Answer 4

C. Transport Layer and the Application Layer

Question 5

Access Server Authentication A. are general purpose communication devices B. are implemented primarily on mainframes C. use Kerberos for a single sign on D. are freestanding hardware devices

Answer 5

A. are general purpose communication devices

Question 6

Which factor primarily drives the security manager’s budgeting decisions? A. Alignment with organizational objectives B. Effectiveness of security technologies C. Scarcity of security resources D. Knowledge of future risks

Answer 6

A. Alignment with organizational objectives

Question 7

Metrics for tracking the improvement of a security program include the A. number of Denial of Service attacks B. quantity of new policies and procedures drafted C. percentage of successful external attack attempts D. Mean time to incident resolution

Answer 7

D. Mean time to incident resolution

Question 8

During the Certification and Accreditation process for application software, the MOST important discovery is that A. The installed security measures are similar to the network controls and are not needed B. least privilege is implemented but not required C. the application was not adequately tested in production D. the installed security measures provide only a false sense of security

Answer 8

D. the installed security measures provide only a false sense of security

Question 9

A vital feature to ensure the security of a program is known as A. type safety B. memory safety C. safe language D. safety pointer

Answer 9

B. memory safety

Question 10

The primary goal of cryptanalysis is to A. decipher encrypted coded signals B. ensure that the key has no repeating segments C. reduce the system overhead for cryptographic functions D. determine the number of encryption permutations required

Answer 10

A. decipher encrypted coded signals

Question 11

Your organization has decided to implement PKI. What service will this infrastructure provide to the organization? A. Nonrepudiation B. Availability C. Authorization D. Identification

Answer 11

A. Nonrepudiation

Question 12

A problem with the International Common Criteria for Information Technology Security Evaluation is that A. it is limited in security functionality scope B. it is only used by the United States, Canada, Great Britain, and Australia C. It is very complicated to implement D. the certification process is extremely expensive

Answer 12

D. the certification process is extremely expensive

Question 13

Which type of malware is unique to networked computers? A. Virus attacks B. Trojan horse attacks C. Worms D. Denial of Service attacks

Answer 13

C. Worms

Question 14

What is the term used to describe a virus that can infect both program files and boot sectors? A. Polymorphic B. Multipartite C. Stealth D. Multiple encrypting

Answer 14

B. Multipartite

Question 15

Which of the following is the MOST difficult to detect with anti-virus software? A. Worm B. Trojan horse C. Rootkit D. metamorphic virus

Answer 15

A. Worm

Question 16

The primary goals of BIA are to A. develop a plan to mitigate threats to the organizational data and reduce the costs of recovery B. prioritize time-critical business processes and estimate their recovery time objectives C. evaluate and prioritize all potential threats to the organization D. document the existing business continuity practices for senior management and assign responsibility for COOP.

Answer 16

B. prioritize time-critical business processes and estimate their recovery time objectives

Question 17

Which of the following are the phases to the recovery process? A. Continuation, resumption, restoration B. Planning, relocation, restoration C. Relocation, restoration. operation D. Resumption, continuation, operation

Answer 17

A. Continuation, resumption, restoration

Question 18

Which of the following is one of the two major international copyright treaties? A. The Kyoto Protocol B. The Montreal Protocol C. The Berne Convention D. The Bali Convention

Answer 18

C. The Berne Convention

Question 19

Which of the following should be included in a Privacy Impact Analysis? A. who is collection the data and when the data will be used B. what data will be collected and how the data will be used C. how the data will be shared and how data errors will be corrected D. how the data will be secured and the cost of securing the data

Answer 19

B. what data will be collected and how the data will be used

Question 20

Which of the following is an explanation of the difference between compliance and audit? A. Compliance is the action of meeting information security objectives. Audit evaluates how those objectives are met B. Compliance is the action of meeting information security objectives. Audit specifies what those objectives should be C. Compliance is the action of evaluating information security objectives. Audit specifies what those objective should be D. Compliance is the action of specifying information security objectives. Audit evaluates how those objectives are met

Answer 20

A. Compliance is the action of meeting information security objectives. Audit evaluates how those objectives are met

Question 21

When the use of a zoom lens is not practical ins CCTV installation, scene magnification can be achieved by A. increasing the field of view B. decreasing the camera sensor size C. increasing the monitor size D. decreasing the focal length of the lens

Answer 21

C. increasing the monitor size

Question 22

Which of the following is the GREATEST concern a physical security manager has when implementing physical security technologies? A. maintenance of a single vendor-based solution B. communications between the technologies and the response team C. technical manuals for each of the implemented technologies D. end-user acceptance of the technology

Answer 22

D. end-user acceptance of the technology

Question 23

What is the biggest advantage of using a locked cage in a data center? A. subdivide a large raised floor area B. circumvent the faulty card reader and help the system administrator to get to the equipment C. Provide a restrictive barrier within a server environment D. Allow people to look in and see what is going on

Answer 23

C. Provide a restrictive barrier within a server environment

Question 24

What fire suppression system is chosen for computer facilities because it does not damage electronic equipment or harm humans? A. CO2 B. FM-200 C. Foam D. Heavy Water

Answer 24

B. FM-200

Question 25

Which of the following represents the PRIMARY security vulnerability associated with e-mail cryptography using a symmetric algorithm? A. Public Key compromise B. Private Key compromise C. Clear text sessions D. Symmetric Methods

Answer 25

A. Public Key compromise