CISSP Sample

Question 1

What enforces the authorized access relationships between subjects and objects? A. The reference monitor B. Discretionary Access Control C. Trusted Kernel D. Mandatory Access Control

Answer 1

A. The reference monitor

Question 2

Which of the following IP address ranges is reserved for private IP addressing by IANA (Internet Assigned Number Authority) per RFC 1918? A. 172.0.0.0 - 172.255.255.255 B. 172.0.0.0 - 172.15.255.255 C. 172.16.0.0 - 172.31.255.255 D. 172.16.0.0 - 172.16.255.255

Answer 2

C. 172.16.0.0 - 172.31.255.255

Question 3

In quantitative terms, how would you calculate the benefit of a Disaster Recovery capability? A. (rate of threat occurrence) x (average single incident cost) - (expected insurance claims) B. (rate of threat occurrence) x (average annual incident cost) - (expected insurance claims) C. (Expected loss due to interruption with disaster plan) - (expected loss due to interruption without disaster plan) D. (Expected loss due to interruption without disaster plan) - (expected loss due to interruption with disaster plan)

Answer 3

D. (Expected loss due to interruption without disaster plan) - (expected loss due to interruption with disaster plan)

Question 4

The software Engineering Institute’s Capability Maturity Model Integration (SEI-CMMI) focuses on A. software development methods B. Systems integration C. Process Management D. Software testing and evaluation

Answer 4

C. Process Management

Question 5

What type of cyrptoanalysis attack can be carried out when the attacker can access the encryption process and send messages at will? A. Known plaintext attack B. Chosen plaintext attack C. Varying cipher attack D. Smooth number attack

Answer 5

B. Chosen plaintext attack

Question 6

Who is ultimately responsible for the security of an organization’s data hosted at a cloud computing service? A. The cloud computing provider B. The data storage provider C. The application service provider D. The customer of the cloud computing service

Answer 6

D. The customer of the cloud computing service

Question 7

The information systems security officer (ISSO) is developing a new policy dealing with the disposal of confidential and proprietary organizational data contained on a CD-ROM. What is the BEST method for disposal? A. FORMAT function B. Shredding C. ERASE function D.Degaussing

Answer 7

B. Shredding

Question 8

During Business Continuity Planning, what should be implemented in anticipation of restoring operations in the absence of key employees? A. Alternate communication devices B. Regular cross-training C. Disaster Recovery site D. Documents describing key operations

Answer 8

B. Regular cross-training

Question 9

Which of the following is MOST important to consider when developing retention procedures for electronic records from a federal regulatory compliance perspective? A. length of retention period B. media used for backup C. location of the backup library D. criticality of the information being backed up

Answer 9

D. criticality of the information being backed up

Question 10

Data center with an efficient design are safer and cost less (based on energy requirements for equipment and cooling). The MOST widespread way to measure energy efficiency is A. Power Usage Effectiveness B. Technology Carbon Efficiency C. Corporate Average Data Center Efficiency D. Data Center Productivity

Answer 10

A. Power Usage Effectiveness