CISSP - 7

Question 1

The most common security breach of the physical access control at a work place is A. piggy back at the entrance B. Shoulder surfing someone C. using social networking D. allowing a smart phone

Answer 1

A. piggy back at the entrance

Question 2

An efficient identity management solution would A. support any number of users necessary B. reduce repetitive tasks of user management C. properly manage profiles among diverse system D. allow complete, timely and accurate user management

Answer 2

B. reduce repetitive tasks of user management

Question 3

Wired equivalent privacy uses which of the following ciphers? A. Rivest-Shamir Adleman B. Triple Data Encryption Standard C. Advanced Encryption Standard D. Rivest Cipher 4

Answer 3

D. Rivest Cipher 4

Question 4

The first step in a transport layer security handshake is A. client sends the highest tls protocol version it supports to the server B. server sends the highest tls protocol version it supports to the client C. server provides its digital certificate to the client D. client provides its digital certificate to the server

Answer 4

A. client sends the highest tls protocol version it supports to the server

Question 5

Which of the following is most important for an organization’s information security program to be effective? A. visible and active support from top management B. sufficient funds allocated to the information security program C. trained security and information technology staff D. strong security awareness program

Answer 5

A. visible and active support from top management

Question 6

According to ISO/IEC 17799, which of the following terms should be considered in contracts involving third parties who have access to an organization’s facilities and in contracts involving outsourcing? A. when the company has the right to conduct an audit B. who is responsible for hardware and software installation and maintenance C. what levels of physical security are to be provided for equipment D. how the availability of services is to be maintained in the event of a disaster

Answer 6

B. who is responsible for hardware and software installation and maintenance

Question 7

The Bell-LaPadula Model ensures confidentiality by comparing an object’s level of classification with a subject’s clearance and only allowing access if the clearance is A. Not related to the classification B. Related to the classification C. Equal to or higher than the classification D. lower than the classification

Answer 7

C. Equal to or higher than the classification

Question 8

What is the purpose of a security assurance case? A. demonstrates a systems claims as a secure application B. validates the change management process supports security C. coordinates software test with network access lists D. plans the software module cycles against project plans

Answer 8

A. demonstrates a systems claims as a secure application

Question 9

Software maintenance refers to A. changes to code during the development stage B. modifications of code currently in operation C. testing during user acceptance D. recovering of corrupted data files

Answer 9

B. modifications of code currently in operation

Question 10

Which of the following application security development practices apply only to web based applications? A. keep the application current with vendor patches and hotfixes B. subscribe to vendor and third-party security advisories C. obtain cross-site scripting exploit code for testing D. follow proven system development life cycle methodologies

Answer 10

C. obtain cross-site scripting exploit code for testing

Question 11

Block ciphers increase their strength through the use of A. encoding B. collisions C. transpositions D. symmetric keys

Answer 11

C. transpositions

Question 12

A transposition cipher is easily broken by A. geometric analysis B. rotating cylinders C. frequency analysis D. diagram tables

Answer 12

C. frequency analysis

Question 13

An organization has set up a public key infrastructure using the strict hierarchy of Certification Authorities model. The root CA is the A. only CA that certifies entities B. starting point for trust C. only CA not trusted by entities D. end point for trust

Answer 13

B. starting point for trust

Question 14

The security practitioner has determined that they obtained a fake Certification Revocation List. This occurred because an attacker obtained the A. practitioners private key B. Certificate Authority’s private key C. practitioner’s public key D. Certificate Authority public key

Answer 14

B. Certificate Authority’s private key

Question 15

A non interference model may be considered a type of which of the following security models? A. matrix-based B. multi-level C. information flow D. state machine

Answer 15

B. multi-level

Question 16

Which of the following refers to the method of scavenging for sensitive data by claiming a large amount of disk space? A. object remanence B. object resue C. object mediation D. object recycle

Answer 16

B. object resue

Question 17

Heuristic anti-virus programs typically verify that the A. program type matches the program language B. entry point of a file points to the last section of the application C. creation date and modification date are valid D. virus signature does not appear in the program header

Answer 17

B. entry point of a file points to the last section of the application

Question 18

An organization only allows checks to be written for over $50,000 when they are signed by two managers. If either does not sign, the check is not valid. This is an example of which of the following security principles? A. securing the weakest link B. least common mechanism C. reluctance to trust D. separation of privilege

Answer 18

D. separation of privilege

Question 19

An active content module that attempts to monopolize and exploit system resources is called a A. macro virus B. hostile applet C. worm D. cookie

Answer 19

B. hostile applet

Question 20

Immediately following the deployment of a patch, a critical organizational system fails. The first response for the patch team should be to A. contact the manufacturer B. execute the rollback plan C. contact senior management D. restart the failed system

Answer 20

B. execute the rollback plan

Question 21

The standard definition of a configuration management system includes which of the following operational aspects A. identification, control, status accounting, and audit review B. review, testing, implementation, report, and follow up C. identification, analysis, directive, and review D. audit, report, configure, and review

Answer 21

A. identification, control, status accounting, and audit review

Question 22

As part of a BCP, which two characteristics of a business or function must be identified? A. reason and initiator B. cost and distribution C. sequence and location D. result and requirements

Answer 22

D. result and requirements

Question 23

An important aspect of a computer ethics program involves consideration of A. risk environment B. budget constraints C. regulatory requirements D. the level of security awareness

Answer 23

C. regulatory requirements

Question 24

A potential security issue arising from the use of non-key combination locks is A. inherent weaknesses of mechanism B. a loss of individual accountability C. circumvention of least privilege D. conflicts in separation of duties

Answer 24

B. a loss of individual accountability

Question 25

Early warning fire detection systems should A. deactivate all power, including power from UPS and generators, before the system activates B. be installed and maintained in accordance with national or international standards C. discharge immediately upon the detection of a fire threat D. be installed in areas where gas suppression systems are used

Answer 25

B. be installed and maintained in accordance with national or international standards