CISSP Lesson 1 PreTest Flashcards
What is a threat?
A) Any weakness in a system that compromises security
B) Any potential danger
C) The likelihood that a security compromise is realized
Any potential danger
According to RFC 1087, which action is considered unethical?
A) Appropriating other peoples intellectual output
B) Copying software for which one has not paid
C) Disrupting the intended use of the Internet
Disrupting the intended use of the Internet
The annual loss expectancy equation is single loss expectancy multiplied by annual rate of occurrence.
A) TRUE
B) FALSE
TRUE
Which data security properties primarily concern commercial organizations?
A) Confidentiality and integrity
B) Availability and confidentiality
C) Integrity and availability
Integrity and availability
Which should occur following the termination of an employee? Choose all that apply.
A) Revoke privileges
B) Escort employee out of the building
C) Have the employee sign a nondisclosure agreement
D) Conduct exit interview
Revoke privileges
Escort employee out of the building
Conduct exit interview
Which approach leads to solid security administration?
A) Bottom-up (IT staff takes the lead)
B) Top-down (management takes the lead)
Top-down (management takes the lead)
Which statements are true regarding qualitative assessment? Choose all that apply.
A) Process is automated
B) Ranks risks by impact and likelihood
C) Process-intensive
D) Shows which controls provide the most protection regardless of cost
Ranks risks by impact and likelihood
Shows which controls provide the most protection regardless of cost
Which type of security policy contains strong statements that specify behavior and associated consequences?
A) Regulatory
B) Informative
C) Advisory
Advisory
Firewalls and intrusion detection systems help to ensure confidentiality and integrity.
A) TRUE
B) FALSE
TRUE
Which are the three components of the security triad?
A) Confidentiality B) Reliability C) Availability D) Maintainability E) Integrity
Confidentiality
Availability
Integrity
What does confidentiality protect data against?
A) Protect society, the commonwealth, and the infrastructure
B) Advance and protect the profession
C) Act honorably, honestly, justly, responsibly, and legally
D) Provide diligent and competent service to principals
Protect society, the commonwealth, and the infrastructure
Which type of risk assessment assigns real costs to damage and controls?
A) Qualitative
B) Quantitative
Quantitative
Which is a characteristic of standards?
A) Explains how to do a job
B) Less specific than a policy
C) Tells what to do
Tells what to do
Which type of security goals are considered short-term?
A) Operational
B) Tactical
C) Strategic
Operational
What is the equation used to calculate single loss expectancy?
A) Asset value minus vulnerability
B) Asset value plus likelihood of attack
C) Asset value multiplied by exposure factor
Asset value multiplied by exposure factor