CISSP - Question Bank 05

Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.

A key factor to keep in mind is that guessing is better than not answering a question.

Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.

Start

Q1. Which of the following contains the primary goals and objectives of security?

A. A network's border perimeter
B. The CIA Triad
C. A stand-alone system
D. The Internet

View Answer
The Correct Answer is B.
Explanation: The primary goals and objectives of security are confidentiality, integrity, and availability, commonly referred to as the CIA Triad.
Q2. Vulnerabilities and risks are evaluated based on their threats against which of the following?

A. One or more of the CIA Triad principles
B. Data usefulness
C. Due care
D. Extent of liability

View Answer
The Correct Answer is A.
Explanation: Vulnerabilities and risks are evaluated based on their threats against one or more of the CIA Triad principles.
Q3. Which of the following is a principle of the CIA Triad that means authorized subjects are granted timely and uninterrupted access to objects?

A. Identification
B. Availability
C. Encryption
D. Layering

View Answer
The Correct Answer is B.
Explanation: Availability means that authorized subjects are granted timely and uninterrupted access to objects.
Q4. Which of the following is not considered a violation of confidentiality?

A. Stealing passwords
B. Eavesdropping
C. Hardware destruction
D. Social engineering

View Answer
The Correct Answer is C.
Explanation: Hardware destruction is a violation of availability and possibly integrity. Violations of confidentiality include capturing network traffic, stealing password files, social engineering, port scanning, shoulder surfing, eavesdropping, and sniffing.
Q5. Which of the following is not true?

A. Violations of confidentiality include human error.
B. Violations of confidentiality include management oversight.
C. Violations of confidentiality are limited to direct intentional attacks.
D. Violations of confidentiality can occur when a transmission is not properly encrypted.

View Answer
The Correct Answer is C.
Explanation: Violations of confidentiality are not limited to direct intentional attacks. Many instances of unauthorized disclosure of sensitive or confidential information are due to human error, oversight, or ineptitude.
Q6. Confidentiality is dependent upon which of the following?

A. Accountability
B. Availability
C. Nonrepudiation
D. Integrity

View Answer
The Correct Answer is D.
Explanation: Without integrity, confidentiality cannot be maintained.
Q7. If a security mechanism offers availability, then it offers a high level of assurance that the data, objects, and resources are _______________ by authorized subjects.

A. Controlled
B. Audited
C. Accessible
D. Repudiated

View Answer
The Correct Answer is C.
Explanation: Accessibility of data, objects, and resources is the goal of availability. If a security mechanism offers availability, then it is highly likely that the data, objects, and resources are accessible by authorized subjects.
Q8. Which of the following describes the freedom from being observed, monitored, or examined without consent or knowledge?

A. Integrity
B. Privacy
C. Authentication
D. Accountability

View Answer
The Correct Answer is B.
Explanation: Privacy is freedom from being observed, monitored, or examined without consent or knowledge.
Q9. All but which of the following items require awareness for all individuals affected?

A. The restriction of personal e-mail
B. Recording phone conversations
C. Gathering information about surfing habits
D. The backup mechanism used to retain e-mail messages

View Answer
The Correct Answer is D.
Explanation: Users should be aware that e-mail messages are retained, but the backup mechanism used to perform this operation does not need to be disclosed to them.
Q10. Which of the following is typically not used as an identification factor?

A. Username
B. Smart card swipe
C. Fingerprint scan
D. A challenge/response token device

View Answer
The Correct Answer is D.
Explanation: A challenge/response token device is almost exclusively used as an authentication factor, not an identification factor.
Q11. What ensures that the subject of an activity or event cannot deny that the event occurred?

A. CIA Triad
B. Abstraction
C. Nonrepudiation
D. Hash totals

View Answer
The Correct Answer is C.
Explanation: Nonrepudiation ensures that the subject of an activity or event cannot deny that the event occurred.
Q12. Which of the following is the most important and distinctive concept in relation to layered security?

A. Multiple
B. Series
C. Parallel
D. Filter

View Answer
The Correct Answer is B.
Explanation: Layering is the deployment of multiple security mechanisms in a series. When security restrictions are performed in a series, they are performed one after the other in a linear fashion. Therefore, a single failure of a security control does not render the entire solution ineffective.
Q13. Which of the following is not considered an example of data hiding?

A. Preventing an authorized reader of an object from deleting that object
B. Keeping a database from being accessed by unauthorized visitors
C. Restricting a subject at a lower classification level from accessing data at a higher classification level
D. Preventing an application from accessing hardware directly

View Answer
The Correct Answer is A.
Explanation: Preventing an authorized reader of an object from deleting that object is just an access control, not data hiding. If you can read an object, it is not hidden from you.
Q14. What is the primary goal of change management?

A. Maintaining documentation
B. Keeping users informed of changes
C. Allowing rollback of failed changes
D. Preventing security compromises

View Answer
The Correct Answer is D.
Explanation: The prevention of security compromises is the primary goal of change management.
Q15. What is the primary objective of data classification schemes?

A. To control access to objects for authorized subjects
B. To formalize and stratify the process of securing data based on assigned labels of importance and sensitivity
C. To establish a transaction trail for auditing accountability
D. To manipulate access controls to provide for the most efficient means to grant or restrict functionality

View Answer
The Correct Answer is B.
Explanation: The primary objective of data classification schemes is to formalize and stratify the process of securing data based on assigned labels of importance and sensitivity.
Q16. Which of the following is typically not a characteristic considered when classifying data?

A. Value
B. Size of object
C. Useful lifetime
D. National security implications

View Answer
The Correct Answer is B.
Explanation: Size is not a criteria for establishing data classification. When classifying an object, you should take value, lifetime, and security implications into consideration.
Q17. What are the two common data classification schemes?

A. Military and private sector
B. Personal and government
C. Private sector and unrestricted sector
D. Classified and unclassified

View Answer
The Correct Answer is A.
Explanation: Military (or government) and private sector (or commercial business) are the two common data classification schemes.
Q18. Which of the following is the lowest military data classification for classified data?

A. Sensitive
B. Secret
C. Sensitive but unclassified
D. Private

View Answer
The Correct Answer is B.
Explanation: Of the options listed, secret is the lowest classified military data classification.
Q19. Which commercial business/private sector data classification is used to control information about individuals within an organization?

A. Confidential
B. Private
C. Sensitive
D. Proprietary

View Answer
The Correct Answer is B.
Explanation: The commercial business/private sector data classification of private is used to protect information about individuals.
Q20. Data classifications are used to focus security controls over all but which of the following?

A. Storage
B. Processing
C. Layering
D. Transfer

View Answer
The Correct Answer is C.
Explanation: Layering is a core aspect of security mechanisms, but it is not a focus of data classifications.

Copyright © 2018 | All Rights Reserved | Designed & Developed by Yeahhub.com