Test Prep Questions

Question 1

Which one of the following is not one of the canons of the (ISC)2 code of ethics?

1. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
2. Avoid any activity that may be perceived as malicious.
3. Act honorably, honestly, justly, responsibly, and legally.
4. Advance and protect the profession.

Answer 1

Avoid any activity that may be perceived as malicious.

Question 2

What security control provides non-repudiation for messages?

1. digital certificates
2. hash values
3. symmetric encryption
4. digital signatures

Answer 2

digital signatures

Question 3

Which one of the following is an example of multifactor authentication?

1. password and security questions
2. retinal scan and fingerprint
3. ID card and PIN
4. ID card and key

Answer 3

ID card and PIN

Question 4

What law regulates the protection of health information?

1. FERPA
2. PCI DSS
3. GLBA
4. HIPAA

Answer 4

HIPAA

Question 5

What security tool can be configured to prevent DDoS attacks?

1. switch
2. firewall
3. endpoint detection and response platform
4. intrusion detection system

Answer 5

firewall

Question 6

Your organization requires that passwords contain a mixture of uppercase characters, lowercase characters, digits, and symbols. What type of password policy is this?

1. complexity
2. length
3. history
4. reuse

Answer 6

complexity

Question 7

During what phase of the access control process does a user prove his or her identity?

1. authentication
2. authorization
3. identification
4. remediation

Answer 7

authentication

Question 8

In what type of attack does the attacker capture and then reuse login information?

1. man-in-the-middle attack
2. Smurf attack
3. DDoS attack
4. replay attack

Answer 8

replay attack

Question 9

What is the best defense against dumpster diving attacks?

1. anti-malware software
2. clean desk policy
3. data loss prevention tools
4. shredding

Answer 9

shredding

Question 10

Purchasing an insurance policy is an example of which risk management strategy?

1. risk acceptance
2. risk deterrence
3. risk transference
4. risk mitigation

Answer 10

risk transference

Question 11

What two factors are used to evaluate a risk?
1. likelihood and impact
2. criticality and likelihood
3. impact and criticality
4. frequency and likelihood

Answer 11

likelihood and impact

Question 12

What term best describes making a snapshot of a system or application at a point in time for later comparison?

1. baselining
2. documenting
3. diagramming
4. versioning

Answer 12

baselining

Question 13

What type of security control is designed to stop a security issue from occurring in the first place?

1. recovery
2. administrative
3. preventive
4. detective

Answer 13

preventive

Question 14

What term describes risks that originate inside the organization?

1. external
2. intranet
3. internal
4. extranet

Answer 14

internal