CISSP exam

Question 1

Which of the following BEST describes the responsibilities of a data owner?
A. Ensuring quality and validation through periodic audits for ongoing data integrity
B. Maintaining fundamental data availability, including data storage and archiving
C. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security
D. Determining the impact the information has on the mission of the organization

Answer 1

C. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

Question 2

An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth.
The organization hires several contractors whose onsite time is limited. The IT department has pushed its limits building servers and rolling out workstations and has a backlog of account management requests.
Which contract is BEST in offloading the task from the IT staff?
A. Platform as a Service (PaaS)
B. Identity as a Service (IDaaS)
C. Desktop as a Service (DaaS)
D. Software as a Service (SaaS)

Answer 2

B. Identity as a Service (IDaaS)

Question 3

When implementing a data classification program, why is it important to avoid too much granularity?

Answer 3

A. The process will require too many resources

Question 4

In a data classification scheme, the data is owned by the
A. system security managers
B. business managers
C. Information Technology (IT) managers
D. end users

Answer 4

B. business managers

Question 5

Which of the following is an initial consideration when developing an information security management system?
A. Identify the contractual security obligations that apply to the organizations
B. Understand the value of the information assets
C. Identify the level of residual risk that is tolerable to management
D. Identify relevant legislative and regulatory compliance requirements

Answer 5

B. Understand the value of the information assets

Question 6

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

Answer 6

D. Asymmetric Card Authentication Key (CAK) challenge-response

Question 7

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?
A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements
B. Data stewardship roles, data handling and storage standards, data lifecycle requirements
C. Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements
D. System authorization roles and responsibilities, cloud computing standards, lifecycle requirements

Answer 7

A. System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements

Question 8

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?
A. Log all activities associated with sensitive systems
B. Provide links to security policies
C. Confirm that confidentially agreements are signed
D. Employ strong access controls

Answer 8

D. Employ strong access controls

Question 9

Which of the following is the MOST appropriate action when reusing media that contains sensitive data?
A. Erase
B. Sanitize
C. Encrypt
D. Degauss

Answer 9

B. Sanitize

Question 10

An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?
A. Diffle-Hellman (DH) algorithm
B. Elliptic Curve Cryptography (ECC) algorithm
C. Digital Signature algorithm (DSA)
D. Rivest-Shamir-Adleman (RSA) algorithm

Answer 10

A. Diffle-Hellman (DH) algorithm

Question 11

Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?
A. Inert gas fire suppression system
B. Halon gas fire suppression system
C. Dry-pipe sprinklers
D. Wet-pipe sprinklers

Answer 11

A. Inert gas fire suppression system

Question 12

Unused space in a disk cluster is important in media analysis because it may contain which of the following?
A. Residual data that has not been overwritten
B. Hidden viruses and Trojan horses
C. Information about the File Allocation table (FAT)
D. Information about patches and upgrades to the system

Answer 12

A. Residual data that has not been overwritten

Question 13

A company seizes a mobile device suspected of being used in committing fraud. What would be the BEST method used by a forensic examiner to isolate the powered-on device from the network and preserve the evidence?
A. Put the device in airplane mode
B. Suspend the account with the telecommunication provider
C. Remove the SIM card
D. Turn the device off

Answer 13

A. Put the device in airplane mode

Question 14

Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?
A. Triple Data Encryption Standard (3DES)
B. Advanced Encryption Standard (AES)
C. Message Digest 5 (MD5)
D. Secure Hash Algorithm 2(SHA-2)

Answer 14

B. Advanced Encryption Standard (AES)

Question 15

Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?
A. Use Software as a Service (SaaS)
B. Whitelist input validation
C. Require client certificates
D. Validate data output

Answer 15

B. Whitelist input validation