CISSP - Question Bank 06
Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.
A key factor to keep in mind is that guessing is better than not answering a question.
Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.
StartQ1. Which of the following is the weakest element in any security solution?
A. Software products
B. Internet connections
C. Security policies
D. Humans
Q2. When seeking to hire new employees, what is the first step?
A. Create a job description.
B. Set position classification.
C. Screen candidates.
D. Request resumes.
Q3. What is the primary purpose of an exit interview?
A. To return the exiting employee's personal belongings
B. To review the nondisclosure agreement
C. To evaluate the exiting employee's performance
D. To cancel the exiting employee's network access accounts
Q4. When an employee is to be terminated, which of the following should be done?
A. Inform the employee a few hours before they are officially terminated.
B. Disable the employee's network access just before they are informed of the termination.
C. Send out a broadcast e-mail informing everyone that a specific employee is to be terminated.
D. Wait until you and the employee are the only people remaining in the building before announcing the termination.
Q5. Who is liable for failing to perform prudent due care?
A. Security professionals
B. Data custodian
C. Auditor
D. Senior management
Q6. Which of the following is a document that defines the scope of security needed by an organization, lists the assets that need protection, and discusses the extent to which security solutions should go to provide the necessary protection?
A. Security policy
B. Standard
C. Guideline
D. Procedure
Q7. Which of the following policies is required when industry or legal standards are applicable to your organization?
A. Advisory
B. Regulatory
C. Baseline
D. Informative
Q8. Which of the following is not an element of the risk analysis process?
A. Analyzing an environment for risks
B. Creating a cost/benefit report for safeguards to present to upper management
C. Selecting appropriate safeguards and implementing them
D. Evaluating each risk as to its likelihood of occurring and cost of the resulting damage
Q9. Which of the following would not be considered an asset in a risk analysis?
A. A development process
B. An IT infrastructure
C. A proprietary system resource
D. Users’ personal files
Q10. Which of the following represents accidental exploitations of vulnerabilities?
A. Threat events
B. Risks
C. Threat agents
D. Breaches
Q11. When a safeguard or a countermeasure is not present or is not sufficient, what is created?
A. Vulnerability
B. Exposure
C. Risk
D. Penetration
Q12. Which of the following is not a valid definition for risk?
A. An assessment of probability, possibility, or chance
B. Anything that removes a vulnerability or protects against one or more specific threats
C. Risk = threat + vulnerability
D. Every instance of exposure
Q13. When evaluating safeguards, what is the rule that should be followed in most cases?
A. Expected annual cost of asset loss should not exceed the annual costs of safeguards.
B. Annual costs of safeguards should equal the value of the asset.
C. Annual costs of safeguards should not exceed the expected annual cost of asset loss.
D. Annual costs of safeguards should not exceed 10 percent of the security budget.
Q14. How is single loss expectancy (SLE) calculated?
A. Threat + vulnerability
B. Asset value ($) * exposure factor
C. Annualized rate of occurrence * vulnerability
D. Annualized rate of occurrence * asset value * exposure factor
Q15. How is the value of a safeguard to a company calculated?
A. ALE before safeguard – ALE after implementing the safeguard – annual cost of safeguard
B. ALE before safeguard * ARO of safeguard
C. ALE after implementing safeguard + annual cost of safeguard – controls gap
D. Total risk – controls gap
Q16. What security control is directly focused on preventing collusion?
A. Principle of least privilege
B. Job descriptions
C. Separation of duties
D. Qualitative risk analysis
Q17. Which security role is responsible for assigning the sensitivity label to objects?
A. Users
B. Data owner
C. Senior management
D. Data custodian
Q18. When you are attempting to install a new security mechanism for which there is not a detailed step-by-step guide on how to implement that specific product, which element of the security policy should you turn to?
A. Policies
B. Procedures
C. Standards
D. Guidelines
Q19. While performing a risk analysis, you identify a threat of fire and a vulnerability because there are no fire extinguishers. Based on this information, which of the following is a possible risk?
A. Virus infection
B. Damage to equipment
C. System malfunction
D. Unauthorized access to confidential information
Q20. You've performed a basic quantitative risk analysis on a specific threat/vulnerability/risk relation. You select a possible countermeasure. When re-performing the calculations, which of the following factors will change?
A. Exposure factor
B. Single loss expectancy
C. Asset value
D. Annualized rate of occurrence
- Question Bank 00
- Question Bank 01
- Question Bank 02
- Question Bank 03
- Question Bank 04
- Question Bank 05
- Question Bank 06
- Question Bank 07
- Question Bank 08
- Question Bank 09
- Question Bank 10
- Question Bank 11
- Question Bank 12
- Question Bank 13
- Question Bank 14
- Question Bank 15
- Question Bank 16
- Question Bank 17
- Question Bank 18
- Question Bank 19