CISSP - Question Bank
Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.
A key factor to keep in mind is that guessing is better than not answering a question.
Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.Start
Q1. In what phase of the Capability Maturity Model for Software (SW-CMM) are quantitative measures utilized to gain a detailed understanding of the software development process?
Q2. You are the security administrator of a large law firm. You have been asked to select a security model that supports your organization’s desire to ensure data confidentiality and integrity. You must select one or more models that will protect data from internal and external attacks. What security model(s) will you choose? (Choose all that apply.)
B. Take Grant Model
Q3. Why are military and intelligence attacks among the most serious computer crimes?
A. The use of information obtained can have far-reaching detrimental strategic effect on national interests in an enemy's hands.
B. Military information is stored on secure machines, so a successful attack can be embarrassing.
C. The long-term political use of classified information can impact a country’s leadership.
D. The military and intelligence agencies have ensured that the laws protecting their information are the most severe.
Q4. What is the length of a message digest produced by the MD5 algorithm?
A. 64 bits
B. 128 bits
C. 256 bits
D. 384 bits
Q5. Which of the following is most likely to detect DoS attacks?
A. Host-based IDS
B. Network-based IDS
C. Vulnerability scanner
D. Penetration testing
Q6. How is annualized loss expectancy (ALE) calculated?
A. SLE*AS (single loss expectancy * asset value)
B. AS*EF (asset value * exposure factor)
C. ARO*V (annualized rate of occurrence * vulnerability)
D. SLE*ARO (single loss expectancy * annualized rate of occurrence
Q7. At what height and form will a fence deter determined intruders?
A. 3- to 4-feet high chain link
B. 6- to 7-feet high wood
C. 8-feet high with 3 strands of barbed wire
D. 4- to 5-feet high concrete
Q8. A VPN can be established over which of the following?
A. Wireless LAN connection
B. Remote access dial-up connection
C. WAN link
D. All of the above
Q9. What is the Biba access control model primarily based upon?
Q10. Which one of the following database backup techniques requires the greatest expenditure of funds?
A. Transaction logging
B. Remote journaling
C. Electronic vaulting
D. Remote mirroring
Q11. What is the value of the logical operation shown here?
X: 0 1 1 0 1 0
Y: 0 0 1 1 0 1
X ∨ Y: ?
A. 0 1 1 1 1 1
B. 0 1 1 0 1 0
C. 0 0 1 0 0 0
D. 0 0 1 1 0 1
Q12. Which one of the following security modes does not require that a user have a valid security clearance for all information processed by the system?
A. Dedicated mode
B. System high mode
C. Compartmented mode
D. Multilevel mode
Q13. You are the security administrator for an international shipping company. You have been asked to evaluate the security of a new shipment tracking system for your London office. It is important to evaluate the security features and assurance of the system separately to compare it to other systems that management is considering. What evaluation criteria should you use (assume the year is 1998)?
C. The Blue Book
Q14. What is the last phase of the TCP/IP three-way handshake sequence?
A. SYN packet
B. ACK packet
C. NAK packet
D. SYN/ACK packet
Q15. Which of the following is a requirement of change management?
A. Changes must comply with Internet standards.
B. All changes must be capable of being rolled back.
C. Upgrade strategies must be revealed over the Internet.
D. The audit reports of change management should be accessible to all users.
Q16. Which of the following is a procedure designed to test and perhaps bypass a system's security controls?
A. Logging usage data
B. War dialing
C. Penetration testing
D. Deploying secured desktop workstations
Q17. At which layer of the OSI model does a router operate?
A. Network layer
B. Layer 1
C. Transport layer
D. Layer 5
Q18. Which of the following is considered a denial of service attack?
A. Pretending to be a technical manager over the phone and asking a receptionist to change their password
B. While surfing the Web, sending to a web server a malformed URL that causes the system to use 100 percent of the CPU to process an endless loop
C. Intercepting network traffic by copying the packets as they pass through a specific subnet
D. Sending message packets to a recipient who did not request them simply to be annoying
Q19. Audit trails, logs, CCTV, intrusion detection systems, antivirus software, penetration testing, password crackers, performance monitoring, and cyclic redundancy checks (CRCs) are examples of what?
A. Directive controls
B. Preventive controls
C. Detective controls
D. Corrective controls
Q20. Which one of the following vulnerabilities would best be countered by adequate parameter checking?
B. Buffer overflow
C. SYN flood
D. Distributed denial of service
Q21. What technology allows a computer to harness the power of more than one CPU?
Q22. What type of backup stores all files modified since the time of the most recent full or incremental backup?
A. Full backup
B. Incremental backup
C. Partial backup
D. Differential backup
Q23. What law allows ISPs to voluntarily provide government investigators with a large range of user information without a warrant?
A. Electronic Communications Privacy Act
B. Gramm-Leach-Bliley Act
C. USA Patriot Act
D. Privacy Act of 1974
Q24. What type of detected incident allows the most time for an investigation?
B. Denial of service
C. Malicious code
Q25. Auditing is a required factor to sustain and enforce what?
Q26. Which type of firewall automatically adjusts its filtering rules based on the content of the traffic of existing sessions?
A. Static packet-filtering
B. Application-level gateway
C. Stateful inspection
D. Dynamic packet-filtering
Q27. Which one of the following is a layer of the ring protection scheme that is not normally implemented in practice?
A. Layer 0
B. Layer 1
C. Layer 3
D. Layer 4
Q28. In what type of cipher are the letters of the plaintext message rearranged to form the ciphertext?
A. Substitution cipher
B. Block cipher
C. Transposition cipher
D. One-time pad
Q29. What is the formula used to compute the ALE?
A. ALE = AV*EF
B. ALE = ARO*EF
C. ALE = AV*ARO
D. ALE = EF*ARO
Q30. Which of the following is the principle that objects retain their veracity and are only intentionally modified by authorized subjects?
D. Data hiding
Q31. E-mail is the most common delivery vehicle for which of the following?
C. Malicious code
D. All of the above
Q32. What type of physical security controls are access controls, intrusion detection, alarms, CCTV, monitoring, HVAC, power supplies, and fire detection and suppression?
Q33. In the United States, how are the administrative determinations of federal agencies promulgated?
A. Code of Federal Regulations
B. United States Code
C. Supreme Court decisions
D. Administrative declarations
Q34. What is the first step of the Business Impact Assessment process?
A. Identification of priorities
B. Likelihood assessment
C. Risk identification
D. Resource prioritization
Q35. If Renee receives a digitally signed message from Mike, what key does she use to verify that the message truly came from Mike?
A. Renee's public key
B. Renee's private key
C. Mike's public key
D. Mike's private key
Q36. The "something you are" authentication factor is also known as what?
A. Type 1
B. Type 2
C. Type 3
D. Type 4
Q37. What is the primary goal of risk management?
A. To produce a 100-percent risk-free environment
B. To guide budgetary decisions
C. To reduce risk to an acceptable level
D. To provide an asset valuation for insurance
- Question Bank 00
- Question Bank 01
- Question Bank 02
- Question Bank 03
- Question Bank 04
- Question Bank 05
- Question Bank 06
- Question Bank 07
- Question Bank 08
- Question Bank 09
- Question Bank 10
- Question Bank 11
- Question Bank 12
- Question Bank 13
- Question Bank 14
- Question Bank 15
- Question Bank 16
- Question Bank 17
- Question Bank 18
- Question Bank 19