CISSP Asset Security Certification Practical Exam Set 1

In Mandatory Access Control, sensitivity labels attached to objects contain what information?


Options are :

  • The items' need to know
  • The item's category
  • The item's classification and category set
  • The item's classification and category set (Correct)

Answer : The item's classification and category set

CISSP Communication and Network Security Practice Exam Set 6

Many approaches to Knowledge Discovery in Databases (KDD) are used to identify valid and useful patterns in data. This is an evolving field of study that includes a variety of automated analysis solutions such as Data Mining. Which of the following is not an approach used by KDD?


Options are :

  • Oriented (Correct)
  • Deviation
  • Classification
  • Probabilistic

Answer : Oriented

Who is ultimately responsible for the security of computer based information systems within an organization?


Options are :

  • The training team.
  • The Operation Team.
  • The management team. (Correct)
  • The tech support team

Answer : The management team.

What mechanism does a system use to compare the security labels of a subject and an object?


Options are :

  • Security Module
  • Clearance Check.
  • Validation Module.
  • Reference Monitor. (Correct)

Answer : Reference Monitor.

CISSP - Software Development Security Mock Questions

You have been tasked to develop an effective information classification program. Which one of the following steps should be performed FIRST?


Options are :

  • Specify the criteria that will determine how data is classified (Correct)
  • Identify the data custodian who will be responsible for maintaining the security level of data
  • Establish procedures for periodically reviewing the classification and ownership
  • Specify the security controls required for each classification level

Answer : Specify the criteria that will determine how data is classified

What does it mean to say that sensitivity labels are "incomparable"?


Options are :

  • Neither label contains all the categories of the other. (Correct)
  • The number of classifications in the two labels is different.
  • The number of categories in the two labels are different
  • Neither label contains all the classifications of the other

Answer : Neither label contains all the categories of the other.

Which of the following is given the responsibility of the maintenance and protection of the data?


Options are :

  • Data custodian (Correct)
  • Data owner
  • Security administrator
  • .User

Answer : Data custodian

CISSP - Mock Questions with all domains

In regards to information classification what is the main responsibility of information (data) owner?


Options are :

  • determining the data sensitivity or classification level (Correct)
  • running regular data backups
  • audit the data users
  • periodically check the validity and accuracy of the data

Answer : determining the data sensitivity or classification level

In discretionary access environments, which of the following entities is authorized to grant information access to other people?


Options are :

  • Security Manager
  • Group Leader
  • Data Owner (Correct)
  • Manager

Answer : Data Owner

Whose role is it to assign classification level to information?


Options are :

  • Owner (Correct)
  • Auditor
  • User
  • Security Administrator

Answer : Owner

CISSP - Software Development Security Mock Questions

What are the components of an object's sensitivity label?


Options are :

  • A Classification Set and user credentials.
  • A single classification and a Compartment Set (Correct)
  • A Classification Set and a single Compartment.
  • A single classification and a single compartment.

Answer : A single classification and a Compartment Set

Which of the following embodies all the detailed actions that personnel are required to follow?


Options are :

  • Baselines
  • Standards
  • Guidelines
  • Procedures (Correct)

Answer : Procedures

According to private sector data classification levels, how would salary levels and medical information be classified?


Options are :

  • Confidential. (Correct)
  • Public
  • Internal Use Only.
  • Restricted.

Answer : Confidential.

CISSP Security and Risk Management Certified Practice Exam Set 4

Which type of attack would a competitive intelligence attack best classify as?


Options are :

  • Business attack (Correct)
  • Grudge attack
  • Intelligence attack
  • Financial attack

Answer : Business attack

What is surreptitious transfer of information from a higher classification compartment to a lower classification compartment without going through the formal communication channels?


Options are :

  • Covert Channel (Correct)
  • Object Reuse
  • Data Transfer
  • Security domain

Answer : Covert Channel

Who can best decide what are the adequate technical security controls in a computerbased application system in regards to the protection of the data being used, the criticality of the data, and its sensitivity level?


Options are :

  • System Manager
  • Data or Information user
  • Data or Information Owner (Correct)
  • System Auditor

Answer : Data or Information Owner

CISSP - Software Development Security Mock Questions

The owner of a system should have the confidence that the system will behave according to its specifications. This is termed as:


Options are :

  • Availability
  • Assurance (Correct)
  • Integrity
  • Accountability

Answer : Assurance

Which of the following would be the BEST criterion to consider in determining the classification of an information asset?


Options are :

  • Value (Correct)
  • Age
  • Personal association
  • Useful life

Answer : Value

As per the Orange Book, what are two types of system assurance?


Options are :

  • Operational Assurance and Life-Cycle Assurance. (Correct)
  • Design Assurance and Implementation Assurance
  • Operational Assurance and Architectural Assurance.
  • Architectural Assurance and Implementation Assurance.

Answer : Operational Assurance and Life-Cycle Assurance.

CISSP Security Engineering Certification Practice Exam Set 5

Which of the following is NOT a responsibility of an information (data) owner?


Options are :

  • Periodically review the classification assignments against business needs.
  • Determine what level of classification the information requires.
  • Delegate the responsibility of data protection to data custodians.
  • Running regular backups and periodically testing the validity of the backup data (Correct)

Answer : Running regular backups and periodically testing the validity of the backup data

What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database?


Options are :

  • Level 3/Class 3
  • .Level 2/Class 2 (Correct)
  • Level 1/Class 1
  • Level 4/Class 4

Answer : .Level 2/Class 2

CISSP Security Engineering Certification Practical Exam Set 2

n Mandatory Access Control, sensitivity labels attached to object contain what information?


Options are :

  • The item's need to know
  • The item's category
  • The item's classification and category set (Correct)
  • The item's classification

Answer : The item's classification and category set

The US department of Health, Education and Welfare developed a list of fair information practices focused on privacy of individually, personal identifiable information. Which one of the following is incorrect?


Options are :

  • There must be a way for a person to prevent information about them, which was obtained for one purpose, from being used or made available for another purpose without their consent.
  • There must be a way for a person to find out what information about them exists and how it is used.
  • Any organization creating, maintaining, using, or disseminating records of personal identifiable information must ensure reliability of the data for their intended use and must make precautions to prevent misuses of that data.
  • There must be a personal data record-keeping system whose very existence shall be kept secret. (Correct)

Answer : There must be a personal data record-keeping system whose very existence shall be kept secret.

An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called:


Options are :

  • a degausser (Correct)
  • magnetic remanence.
  • magnetic saturation.
  • a magnetic field.

Answer : a degausser

CISSP - Mock Questions with all domains

Which of the following is NOT a media viability control used to protect the viability of data storage media?


Options are :

  • marking
  • clearing (Correct)
  • handling
  • storage

Answer : clearing

According to Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) there is a requirement to “protect stored cardholder data.” Which of the following items cannot be stored by the merchant?


Options are :

  • The Card Validation Code (CVV2) (Correct)
  • Cardholder Name
  • Expiration Date
  • Primary Account Number

Answer : The Card Validation Code (CVV2)

The US-EU Safe Harbor process has been created to address which of the following?


Options are :

  • Integrity of data transferred between U.S. and European companies
  • Confidentiality of data transferred between U.S and European companies
  • Confidentiality of data transferred between European and international companies
  • Protection of personal data transferred between U.S and European companies (Correct)

Answer : Protection of personal data transferred between U.S and European companies

CISSP Security Engineering Certification Practice Exam Set 6

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?


Options are :

  • Trojan horses
  • Data fiddling
  • Data diddling
  • Salami techniques (Correct)

Answer : Salami techniques

Which of the following refers to the data left on the media after the media has been erased?


Options are :

  • semi-hidden
  • sticky bits
  • recovery
  • remanence (Correct)

Answer : remanence

Which of the following European Union (EU) principles pertaining to the protection of information on private individuals is incorrect?


Options are :

  • Individuals have the right to correct errors contained in their personal data.
  • Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited.
  • Records kept on an individual should be accurate and up to date.
  • Data collected by an organization can be used for any purpose and for as long as necessary, as long as it is never communicated outside of the organization by which it was collected. (Correct)

Answer : Data collected by an organization can be used for any purpose and for as long as necessary, as long as it is never communicated outside of the organization by which it was collected.

CISSP - Security Engineering Mock Questions

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now