CISSP - Question Bank 07

Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.

A key factor to keep in mind is that guessing is better than not answering a question.

Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.

Start
Q1. Which one of the following malicious code objects might be inserted in an application by a disgruntled software developer with the purpose of destroying system data upon the deletion of the developer's account (presumably following their termination)?

A. Virus
B. Worm
C. Trojan horse
D. Logic bomb

View Answer
The Correct Answer is D.
Explanation: Logic bombs are malicious code objects programmed to lie dormant until certain logical conditions, such as a certain date, time, system event, or other criteria, are met. At that time, they spring into action, triggering their malicious payload.
Q2. What term is used to describe code objects that act on behalf of a user while operating in an unattended manner?

A. Agent
B. Worm
C. Applet
D. Browser

View Answer
The Correct Answer is A.
Explanation: Intelligent agents are code objects programmed to perform certain operations on behalf of a user in their absence. They are also often referred to as bots.
Q3. Which form of DBMS primarily supports the establishment of one-to-many relationships?

A. Relational
B. Hierarchical
C. Mandatory
D. Distributed

View Answer
The Correct Answer is B.
Explanation: Hierarchical DBMS supports one-to-many relationships. Relational DBMS supports one-toone. Distributed DBMS supports many-to-many. Mandatory is not a DBMS but an access control model.
Q4. Which of the following characteristics can be used to differentiate worms from viruses?

A. Worms infect a system by overwriting data in the Master Boot Record of a storage device.
B. Worms always spread from system to system without user intervention.
C. Worms always carry a malicious payload that impacts infected systems.
D. All of the above.

View Answer
The Correct Answer is B.
Explanation: The major difference between viruses and worms is that worms are self-replicating whereas viruses require user intervention to spread from system to system. Infection of the Master Boot Record is a characteristic of a subclass of viruses known as MBR viruses. Both viruses and worms are capable of carrying malicious payloads.
Q5. What programming language(s) can be used to develop ActiveX controls for use on an Internet site?

A. Visual Basic
B. C
C. Java
D. All of the above

View Answer
The Correct Answer is D.
Explanation: Microsoft's ActiveX technology supports a number of programming languages, including Visual Basic, C, C++, and Java. On the other hand, only the Java language may be used to write Java applets.
Q6. What form of access control is concerned with the data stored by a field rather than any other issue?

A. Content-dependent
B. Context-dependent
C. Semantic integrity mechanisms
D. Perturbation

View Answer
The Correct Answer is A.
Explanation: Content-dependent access control is focused on the internal data of each field.
Q7. Which one of the following key types is used to enforce referential integrity between database tables?

A. Candidate key
B. Primary key
C. Foreign key
D. Super key

View Answer
The Correct Answer is C.
Explanation: Foreign keys are used to enforce referential integrity constraints between tables that participate in a relationship.
Q8. Richard believes that a database user is misusing his privileges to gain information about the company's overall business trends by issuing queries that combine data from a large number of records. What process is the database user taking advantage of?

A. Inference
B. Contamination
C. Polyinstantiation
D. Aggregation

View Answer
The Correct Answer is D.
Explanation: In this case, the process the database user is taking advantage of is aggregation. Aggregation attacks involve the use of specialized database functions to combine information from a large number of database records to reveal information that may be more sensitive than the information in individual records would reveal.
Q9. What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them?

A. Inference
B. Manipulation
C. Polyinstantiation
D. Aggregation

View Answer
The Correct Answer is C.
Explanation: Polyinstantiation allows the insertion of multiple records that appear to have the same primary key values into a database at different classification levels.
Q10. Which one of the following terms cannot be used to describe the main RAM of a typical computer system?

A. Nonvolatile
B. Sequential access
C. Real memory
D. Primary memory

View Answer
The Correct Answer is B.
Explanation: Random access memory (RAM) allows for the direct addressing of any point within the resource. A sequential access storage medium, such as a magnetic tape, requires scanning through the entire media from the beginning to reach a specific address.
Q11. What type of information is used to form the basis of an expert system’s decision-making process?

A. A series of weighted layered computations
B. Combined input from a number of human experts, weighted according to past performance
C. A series of "if/then" rules codified in a knowledge base
D. A biological decision-making process that simulates the reasoning process used by the human mind

View Answer
The Correct Answer is C.
Explanation: Expert systems utilize a knowledge base consisting of a series of "if/then" statements to form decisions based upon the previous experience of human experts.
Q12. Which one of the following intrusion detection systems makes use of an expert to detect anomalous user activity?

A. PIX
B. IDIOT
C. AAFID
D. NIDES

View Answer
The Correct Answer is D.
Explanation: The Next-Generation Intrusion Detection Expert System (NIDES) system is an expert system-based intrusion detection system. PIX is a firewall, and IDIOT and AAFID are intrusion detection systems that do not utilize expert systems.
Q13. Which of the following acts as a proxy between two different systems to support interaction and simplify the work of programmers?

A. SDLC
B. ODBC
C. DSS
D. Abstraction

View Answer
The Correct Answer is B.
Explanation: ODBC acts as a proxy between applications and the back-end DBMS.
Q14. Which software development life cycle model allows for multiple iterations of the development process, resulting in multiple prototypes, each produced according to a complete design and testing process?

A. Software Capability Maturity Model
B. Waterfall model
C. Development cycle
D. Spiral model

View Answer
The Correct Answer is D.
Explanation: The spiral model allows developers to repeat iterations of another life cycle model (such as the waterfall model) to produce a number of fully tested prototypes.
Q15. In systems utilizing a ring protection scheme, at what level does the security kernel reside?

A. Level 0
B. Level 1
C. Level 2
D. Level 3

View Answer
The Correct Answer is A.
Explanation: The security kernel and reference monitor reside at Level 0 in the ring protection scheme, where they have unrestricted access to all system resources.
Q16. Which database security risk occurs when data from a higher classification level is mixed with data from a lower classification level?

A. Aggregation
B. Inference
C. Contamination
D. Polyinstantiation

View Answer
The Correct Answer is C.
Explanation: Contamination is the mixing of data from a higher classification level and/or need-to-know requirement with data from a lower classification level and/or need-to-know requirement.
Q17. Which of the following programming languages is least prone to the insertion of malicious code by a third party?

A. C++
B. Java
C. VBScript
D. FORTRAN

View Answer
The Correct Answer is C.
Explanation: Of the languages listed, VBScript is the least prone to modification by third parties because it is an interpreted language whereas the other three languages (C++, Java, and FORTRAN) are compiled languages.
Q18. Which one of the following is not part of the change control process?

A. Request control
B. Release control
C. Configuration audit
D. Change control

View Answer
The Correct Answer is C.
Explanation: Configuration audit is part of the configuration management process rather than the change control process.
Q19. What transaction management principle ensures that two transactions do not interfere with each other as they operate on the same data?

A. Atomicity
B. Consistency
C. Isolation
D. Durability

View Answer
The Correct Answer is C.
Explanation: The isolation principle states that two transactions operating on the same data must be temporally separated from each other such that one does not interfere with the other.
Q20. Which subset of the Structured Query Language is used to create and modify the database schema?

A. Data Definition Language
B. Data Structure Language
C. Database Schema Language
D. Database Manipulation Language

View Answer
The Correct Answer is A.
Explanation: The Data Manipulation Language (DML) is used to make modifications to a relational database's schema.
Copyright © 2018 | All Rights Reserved | Designed & Developed by Yeahhub.com