Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Q&A > Flashcards

Q&A Flashcards

1
Q

Which of the following is not included within an information security policy?
A. Authority for the information security department.
B. Guidelines on how to implement policy.
C. Basis for data classification.
D. Recognition of information as an asset of the organization

A

Correct Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When it comes to Loss Prevention Program, which of the following is a realistic goal?
A. Be 100% effective in preventing losses.
B. Permit losses that aren’t very important.
C. Reduce losses to a pre-defined level that management can tolerate.
D. Reduce losses to within 10% of a pre-defined level.

A

Correct Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When it comes to not taking action on an identified risk, what would be the justification?
A. When responsibility for the conditions that cause the risk to arise is outside their department.
B. When the cost of taking action outweighs the potential cost of the risk being realized.
C. When risk reduction measures may affect the productivity of the business.
D. Never — action should always be taken to reduce or eliminate an identified risk.

A

Correct Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
When it comes to specific risk reduction controls being implemented, which technique would be indicated?
A. Threat and vulnerability analysis.
B. Risk evaluation.
C. ALE calculation.
D. Countermeasure cost/benefit analysis.
A

Correct Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
What is the practice of limiting access to the minimal level that will allow normal functioning called?
A. Job rotation
B. Least privilege
C. Special privilege
D. Separation of duties
A

Correct Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A benefit of a security awareness program is to change
A. Employee attitudes and behaviors.
B. Management’s approach.
C. Attitudes of management with sensitive data.
D. Corporate attitudes about safeguarding data.

A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
Which services help organizations protect and enhance value by managing risks and opportunities, addressing compliance and supporting management and board oversight, including internal audit.
A. Governance oversight
B. System security oversight
C. Human Resource oversight
D. Business service oversight
A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
Least privilege is a core security principle, but it's one that is often met with resistance by users. It involves which of the following?
A. individual accountability.
B. access authentication.
C. authorization levels.
D. identification of users
A

Correct Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When it comes to a penetration test, which is the first step to consider?
A. The approval of the change control management
B. The development of a detailed test plan
C. The formulation of specific management objectives
D. The communication process among team members

A

Correct Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When considering the principle of negligence, executives can be held liable for losses that result from computer system breaches if
A. the company is not a multi-national company.
B. they have not exercised due care protecting computing resources.
C. they have failed to properly insure computer resources against loss.
D. the company does not prosecute the hacker that caused the breach.

A

Correct Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In order to be in compliance with certain current privacy laws and principles, what must a company do if it has no written policy notifying its employees that they are monitoring network activity?
A. Monitor only during off hours.
B. Obtain a search warrant prior to monitoring.
C. Not capture any network traffic related to monitoring employee’s activity
D. Apply for a waiver from Interpol before monitoring.

A

Correct Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q 
What is the obligation of individuals regarding personal information disclosure related to?
A. Privacy
B. Secrecy
C. Availability
D. Reliability
A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Under which one of the following situations would a Class A fire classification be considered a disaster?
A. The fire caused critical business systems to be disabled for longer than the Recovery Time Objective.
B. The fire alarms went off and the building had to be evacuated
C. The trash can contained company sensitive documents
D. The fire spread beyond the trash can and the fire department had to be called.

A

Correct Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following will most likely not be used to quantify the impact associated with a potential disaster to a commercial enterprise?
A. Identifying the organization’s key business functions.
B. Identifying computer systems critical to the survival of the organization.
C. Estimating the financial impact a loss would have on the business based on how long an outage would last.
D. Acquiring information from government agencies about the likelihood of a natural disaster occurring.

A

Correct Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q 
Which of the following is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency?
A. Risk assessment
B. Emergency response plan
C. Disaster recovery plan
D. Business impact analysis
A

Correct Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When trying to explain Business Impact Analysis to your executive, which of the following would explain it the best?
A. It is the process of analyzing all business functions to determine the impact of an outage.
B. It is the process of analyzing corporate functions, such as accounting, personnel, and legal to determine which functions must be operational immediately following an outage.
C. It is the process of documenting the procedures and capabilities to sustain an organization’s essential functions at an alternate site.
D. It is the process of documenting viable recovery options for each business unit in the event of an outage.

A

Correct Answer: A

17
Q

When it comes to business processes that are examined while conducting the business impact assessment, which of the following will not be used as criteria?
A. Customer interruption impacts
B. Embarrassment or loss of confidence impacts
C. Executive management disruption impacts
D. Revenue loss potential impacts

A

Correct Answer: C

18
Q

When it comes to system security policy, which of the following would best define the intent?
A. A description of the settings that will provide the highest level of security
B. A brief high-level statement defining what is and is not permitted in the operation of the system
C. A definition of those items that must be denied on the system
D. A listing of tools and applications that will be used to protect the system

A

Correct Answer: B

19
Q

A missing ingredient for organizational information security strategy is
A. recommendations for salary improvement of security professionals.
B. addressing privacy and health care requirements of employees.
C. alignment with organizational audit and marketing plans.
D. incorporating input from organizational privacy and safety professionals.

A

Correct Answer: D

20
Q

One purpose of an organizational information security plan is to
A. assure protection of organizational data and information.
B. select the technology solutions to enhance organizational security effectiveness.
C. identify potential risks to organizational employee behavior.
D. align organizational data protection schemes to business goals.

A

Correct Answer: D

21
Q

You are working for a medical supply company that has to worry about the river flooding. The warehouse is 27 feet above the normal water level. Research shows that twice in the last hundred years the water level rose above 27 feet. The all-time record high was 31 feet.
The warehouse handles shipping, receiving and storage. The value of all of the materials on the ground floor is $7M but much of it is on shelving stacked 9 feet high. The total value of inventory on the lower level of the shelf space is $5M. Research shows that the cost to replace the goods and cleanup costs on the ground floor is 20% of the inventory value.
The company is currently paying Flood insurance costs of $25K a year (with a $5K deductible). The Single Loss Expectancy (SLE) is
A. $1.4M
B. $1M
C. $100,000
D. $140,000

A

Correct Answer: B

22
Q

You are working for a medical supply company that has to worry about the river flooding. The warehouse is 27 feet above the normal water level. Research shows that twice in the last hundred years the water level rose above 27 feet. The all-time record high was 31 feet.
The warehouse handles shipping, receiving and storage. The value of all of the materials on the ground floor is $7M but much of it is on shelving stacked 9 feet high. The total value of inventory on the lower level of the shelf space is $5M. Research shows that the cost to replace the goods and cleanup costs on the ground floor is 20% of the inventory value.
The company is currently paying Flood insurance costs of $25K a year (with a $5K deductible). The Annual Loss Expectancy (ALE) is
A. $200,000
B. $28,000
C. $280,000
D. $20,000

A

Correct Answer: D

23
Q

You are working for a medical supply company that has to worry about the river flooding. The warehouse is 27 feet above the normal water level. Research shows that twice in the last hundred years the water level rose above 27 feet. The all-time record high was 31 feet.
The warehouse handles shipping, receiving and storage. The value of all of the materials on the ground floor is $7M but much of it is on shelving stacked 9 feet high. The total value of inventory on the lower level of the shelf space is $5M. Research shows that the cost to replace the goods and cleanup costs on the ground floor is 20% of the inventory value.
The company is currently paying Flood insurance costs of $25K a year (with a $5K deductible). Is the flood insurance cost a good deal?
A. Yes
B. No
C. There is no advantage or disadvantage
D. Need more information

A

Correct Answer: B

24
Q

Why is it important for employees to sign the corporate security policy?
A. Ensures that users have read the policy
B. Ensures that users understand the policy, as well as the consequences for not following the policy
C. Can be waived if the organization is satisfied that users have an adequate understanding of the policy
D. Helps to protect the organization if a user’s behavior violates the policy

A

Correct Answer: D

25
Q 
Which of the following is seen as a way to motivate key employees, broaden their skill sets and, most important, hold onto them.
A. Job Rotation
B. Data classification
C. Defining job sensitivity level
D. Least privilege
A

Correct Answer: A

CISSP (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions