CISSP - Question Bank 13
Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.
A key factor to keep in mind is that guessing is better than not answering a question.
Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.
StartQ1. Personnel management is a form of what type of control?
A. Administrative
B. Technical
C. Logical
D. Physical
Q2. What is the most common means of distribution for viruses?
A. Unapproved software
B. E-mail
C. Websites
D. Commercial software
Q3. Which of the following causes the vulnerability of being affected by viruses to increase?
A. Length of time the system is operating
B. The classification level of the primary user
C. Installation of software
D. Use of roaming profiles
Q4. In areas where technical controls cannot be used to prevent virus infections, what should be used to prevent them?
A. Security baselines
B. Awareness training
C. Traffic filtering
D. Network design
Q5. Which of the following is not true?
A. Complying with all applicable legal requirements is a key part of sustaining security.
B. It is often possible to disregard legal requirements if complying with regulations would cause a reduction in security.
C. The legal requirements of an industry and of a country should be considered the baseline or foundation upon which the remainder of the security infrastructure must be built.
D. Industry and governments impose legal requirements, restrictions, and regulations on the practices of an organization.
Q6. Which of the following is not an illegal activity that can be performed over a computer network?
A. Theft
B. Destruction of assets
C. Waste of resources
D. Espionage
Q7. Who does not need to be informed when records about their activities on a network are being recorded and retained?
A. Administrators
B. Normal users
C. Temporary guest visitors
D. No one
Q8. What is the best form of antivirus protection?
A. Multiple solutions on each system
B. A single solution throughout the organization
C. Concentric circles of different solutions
D. One-hundred-percent content filtering at all border gateways
Q9. Which of the following is an effective means of preventing and detecting the installation of unapproved software?
A. Workstation change
B. Separation of duties
C. Discretionary access control
D. Job responsibility restrictions
Q10. What is the requirement to have access to, knowledge about, or possession of data or a resource to perform specific work tasks commonly known as?
A. Principle of least privilege
B. Prudent man theory
C. Need-to-know
D. Role-based access control
Q11. Which are activities that require special access to be performed within a secured IT environment?
A. Privileged operations functions
B. Logging and auditing
C. Maintenance responsibilities
D. User account management
Q12. Which of the following requires that archives of audit logs be kept for long periods of time?
A. Data remanence
B. Record retention
C. Data diddling
D. Data mining
Q13. What is the most important aspect of marking media?
A. Date labeling
B. Content description
C. Electronic labeling
D. Classification
Q14. Which operation is performed on media so it can be reused in a less-secure environment?
A. Erasing
B. Clearing
C. Purging
D. Overwriting
Q15. Sanitization can be unreliable due to which of the following?
A. No media can be fully swept clean of all data remnants.
B. Even fully incinerated media can offer extractable data.
C. The process can be performed improperly.
D. Stored data is physically etched into the media.
Q16. Which security tool is used to guide the security implementation of an organization?
A. Directive control
B. Preventive control
C. Detective control
D. Corrective control
Q17. Which security mechanism is used to verify whether the directive and preventative controls have been successful?
A. Directive control
B. Preventive control
C. Detective control
D. Corrective control
Q18. When possible, operations controls should be ________________ .
A. Simple
B. Administrative
C. Preventative
D. Transparent
Q19. What is the primary goal of change management?
A. Personnel safety
B. Allowing rollback of changes
C. Ensuring that changes do not reduce security
D. Auditing privilege access
Q20. What type of trusted recovery process requires the intervention of an administrator?
A. Restricted
B. Manual
C. Automated
D. Controlled
- Question Bank 00
- Question Bank 01
- Question Bank 02
- Question Bank 03
- Question Bank 04
- Question Bank 05
- Question Bank 06
- Question Bank 07
- Question Bank 08
- Question Bank 09
- Question Bank 10
- Question Bank 11
- Question Bank 12
- Question Bank 13
- Question Bank 14
- Question Bank 15
- Question Bank 16
- Question Bank 17
- Question Bank 18
- Question Bank 19