CISSP Lesson 1 PreTest

Question 2

What is a threat?
A) Any weakness in a system that compromises security
B) Any potential danger
C) The likelihood that a security compromise is realized

Answer 2

Any potential danger

Question 3

According to RFC 1087, which action is considered unethical?
A) Appropriating other peoples intellectual output
B) Copying software for which one has not paid
C) Disrupting the intended use of the Internet

Answer 3

Disrupting the intended use of the Internet

Question 4

The annual loss expectancy equation is single loss expectancy multiplied by annual rate of occurrence.
A) TRUE
B) FALSE

Answer 4

TRUE

Question 5

Which data security properties primarily concern commercial organizations?
A) Confidentiality and integrity
B) Availability and confidentiality
C) Integrity and availability

Answer 5

Integrity and availability

Question 6

Which should occur following the termination of an employee? Choose all that apply.
A) Revoke privileges
B) Escort employee out of the building
C) Have the employee sign a nondisclosure agreement
D) Conduct exit interview

Answer 6

Revoke privileges
Escort employee out of the building
Conduct exit interview

Question 7

Security awareness training should be presented at different levels within a company.
A) TRUE
B) FALSE

Answer 7

TRUE

Question 8

Which approach leads to solid security administration?
A) Bottom-up (IT staff takes the lead)
B) Top-down (management takes the lead)

Answer 8

Top-down (management takes the lead)

Question 9

Which statements are true regarding qualitative assessment? Choose all that apply.
A) Process is automated
B) Ranks risks by impact and likelihood
C) Process-intensive
D) Shows which controls provide the most protection regardless of cost

Answer 9

Ranks risks by impact and likelihood

Shows which controls provide the most protection regardless of cost

Question 10

Which type of security policy contains strong statements that specify behavior and associated consequences?
A) Regulatory
B) Informative
C) Advisory

Answer 10

Advisory

Question 11

Firewalls and intrusion detection systems help to ensure confidentiality and integrity.
A) TRUE
B) FALSE

Answer 11

TRUE

Question 12

Which are the three components of the security triad?
A) Confidentiality
B) Reliability
C) Availability
D) Maintainability
E) Integrity

Answer 12

Confidentiality
Availability
Integrity

Question 13

What does confidentiality protect data against?
A) Protect society, the commonwealth, and the infrastructure
B) Advance and protect the profession
C) Act honorably, honestly, justly, responsibly, and legally
D) Provide diligent and competent service to principals

Answer 13

Protect society, the commonwealth, and the infrastructure

Question 14

Which type of risk assessment assigns real costs to damage and controls?
A) Qualitative
B) Quantitative

Answer 14

Quantitative

Question 15

Which is a characteristic of standards?
A) Explains how to do a job
B) Less specific than a policy
C) Tells what to do

Answer 15

Tells what to do

Question 16

Which type of security goals are considered short-term?
A) Operational
B) Tactical
C) Strategic

Answer 16

Operational

Question 17

What is the equation used to calculate single loss expectancy?
A) Asset value minus vulnerability
B) Asset value plus likelihood of attack
C) Asset value multiplied by exposure factor

Answer 17

Asset value multiplied by exposure factor

Question 18

Legal entities may require proof of due care and due diligence.
A) TRUE
B) FALSE

Answer 18

TRUE

Question 19

Which are canons of the (ISC)2 Code of Ethics? Choose all that apply.
A) Advance and protect the profession
B) Protect society, the commonwealth, and the infrastructure
C) Provide diligent and competent service to principals
D) Act honorably, honestly, justly, responsibly, and legally

Answer 19

Advance and protect the profession
Protect society, the commonwealth, and the infrastructure
Provide diligent and competent service to principals
Act honorably, honestly, justly, responsibly, and legally