CISSP Lesson 1 PreTest Flashcards

1
Q

What is a threat?

A) Any weakness in a system that compromises security
B) Any potential danger
C) The likelihood that a security compromise is realized

A

Any potential danger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

According to RFC 1087, which action is considered unethical?

A) Appropriating other peoples intellectual output
B) Copying software for which one has not paid
C) Disrupting the intended use of the Internet

A

Disrupting the intended use of the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The annual loss expectancy equation is single loss expectancy multiplied by annual rate of occurrence.

A) TRUE
B) FALSE

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which data security properties primarily concern commercial organizations?

A) Confidentiality and integrity
B) Availability and confidentiality
C) Integrity and availability

A

Integrity and availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which should occur following the termination of an employee? Choose all that apply.

A) Revoke privileges
B) Escort employee out of the building
C) Have the employee sign a nondisclosure agreement
D) Conduct exit interview

A

Revoke privileges
Escort employee out of the building
Conduct exit interview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which approach leads to solid security administration?

A) Bottom-up (IT staff takes the lead)
B) Top-down (management takes the lead)

A

Top-down (management takes the lead)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which statements are true regarding qualitative assessment? Choose all that apply.

A) Process is automated
B) Ranks risks by impact and likelihood
C) Process-intensive
D) Shows which controls provide the most protection regardless of cost

A

Ranks risks by impact and likelihood

Shows which controls provide the most protection regardless of cost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which type of security policy contains strong statements that specify behavior and associated consequences?

A) Regulatory
B) Informative
C) Advisory

A

Advisory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Firewalls and intrusion detection systems help to ensure confidentiality and integrity.

A) TRUE
B) FALSE

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which are the three components of the security triad?

A) Confidentiality
B) Reliability
C) Availability
D) Maintainability
E) Integrity
A

Confidentiality
Availability
Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does confidentiality protect data against?

A) Protect society, the commonwealth, and the infrastructure
B) Advance and protect the profession
C) Act honorably, honestly, justly, responsibly, and legally
D) Provide diligent and competent service to principals

A

Protect society, the commonwealth, and the infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which type of risk assessment assigns real costs to damage and controls?

A) Qualitative
B) Quantitative

A

Quantitative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which is a characteristic of standards?

A) Explains how to do a job
B) Less specific than a policy
C) Tells what to do

A

Tells what to do

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which type of security goals are considered short-term?

A) Operational
B) Tactical
C) Strategic

A

Operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the equation used to calculate single loss expectancy?

A) Asset value minus vulnerability
B) Asset value plus likelihood of attack
C) Asset value multiplied by exposure factor

A

Asset value multiplied by exposure factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Legal entities may require proof of due care and due diligence.

A) TRUE
B) FALSE

A

TRUE

18
Q

Which are canons of the (ISC)2 Code of Ethics? Choose all that apply.

A) Advance and protect the profession
B) Protect society, the commonwealth, and the infrastructure
C) Provide diligent and competent service to principals
D) Act honorably, honestly, justly, responsibly, and legally

A

Advance and protect the profession
Protect society, the commonwealth, and the infrastructure
Provide diligent and competent service to principals
Act honorably, honestly, justly, responsibly, and legally

19
Q

Security awareness training should be presented at different levels within a company.
A) TRUE
B) FALSE

A

TRUE