CISSP Asset Security Certification Practical Exam Set 1
In Mandatory Access Control, sensitivity labels attached to objects contain what information?
Options are :
- The items' need to know
- The item's category
- The item's classification and category set
- The item's classification and category set
CISSP Security Engineering Certification Practical Exam Set 5
Many approaches to Knowledge Discovery in Databases (KDD) are used to identify valid and useful patterns in data. This is an evolving field of study that includes a variety of automated analysis solutions such as Data Mining. Which of the following is not an approach used by KDD?
Options are :
- Oriented
- Deviation
- Classification
- Probabilistic
Who is ultimately responsible for the security of computer based information systems within an organization?
Options are :
- The training team.
- The Operation Team.
- The management team.
- The tech support team
What mechanism does a system use to compare the security labels of a subject and an object?
Options are :
- Security Module
- Clearance Check.
- Validation Module.
- Reference Monitor.
CISSP Security Engineering Certification Practical Exam Set 1
You have been tasked to develop an effective information classification program. Which one of the following steps should be performed FIRST?
Options are :
- Specify the criteria that will determine how data is classified
- Identify the data custodian who will be responsible for maintaining the security level of data
- Establish procedures for periodically reviewing the classification and ownership
- Specify the security controls required for each classification level
What does it mean to say that sensitivity labels are "incomparable"?
Options are :
- Neither label contains all the categories of the other.
- The number of classifications in the two labels is different.
- The number of categories in the two labels are different
- Neither label contains all the classifications of the other
Which of the following is given the responsibility of the maintenance and protection of the data?
Options are :
- Data custodian
- Data owner
- Security administrator
- .User
CISSP Security Engineering Certification Practical Exam Set 8
In regards to information classification what is the main responsibility of information (data) owner?
Options are :
- determining the data sensitivity or classification level
- running regular data backups
- audit the data users
- periodically check the validity and accuracy of the data
In discretionary access environments, which of the following entities is authorized to grant information access to other people?
Options are :
- Security Manager
- Group Leader
- Data Owner
- Manager
Whose role is it to assign classification level to information?
Options are :
- Owner
- Auditor
- User
- Security Administrator
CISSP Security Engineering Certification Practice Exam Set 6
What are the components of an object's sensitivity label?
Options are :
- A Classification Set and user credentials.
- A single classification and a Compartment Set
- A Classification Set and a single Compartment.
- A single classification and a single compartment.
Which of the following embodies all the detailed actions that personnel are required to follow?
Options are :
- Baselines
- Standards
- Guidelines
- Procedures
According to private sector data classification levels, how would salary levels and medical information be classified?
Options are :
- Confidential.
- Public
- Internal Use Only.
- Restricted.
CISSP Security Engineering Certification Practice Exam Set 6
Which type of attack would a competitive intelligence attack best classify as?
Options are :
- Business attack
- Grudge attack
- Intelligence attack
- Financial attack
What is surreptitious transfer of information from a higher classification compartment to a lower classification compartment without going through the formal communication channels?
Options are :
- Covert Channel
- Object Reuse
- Data Transfer
- Security domain
Who can best decide what are the adequate technical security controls in a computerbased application system in regards to the protection of the data being used, the criticality of the data, and its sensitivity level?
Options are :
- System Manager
- Data or Information user
- Data or Information Owner
- System Auditor
CISSP - Mock Questions with all domains
The owner of a system should have the confidence that the system will behave according to its specifications. This is termed as:
Options are :
- Availability
- Assurance
- Integrity
- Accountability
Which of the following would be the BEST criterion to consider in determining the classification of an information asset?
Options are :
- Value
- Age
- Personal association
- Useful life
As per the Orange Book, what are two types of system assurance?
Options are :
- Operational Assurance and Life-Cycle Assurance.
- Design Assurance and Implementation Assurance
- Operational Assurance and Architectural Assurance.
- Architectural Assurance and Implementation Assurance.
CISSP Security and Risk Management Certified Practice Exam Set 3
Which of the following is NOT a responsibility of an information (data) owner?
Options are :
- Periodically review the classification assignments against business needs.
- Determine what level of classification the information requires.
- Delegate the responsibility of data protection to data custodians.
- Running regular backups and periodically testing the validity of the backup data
What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database?
Options are :
- Level 3/Class 3
- .Level 2/Class 2
- Level 1/Class 1
- Level 4/Class 4
CISSP Security and Risk Management Certified Practice Exam Set 1
n Mandatory Access Control, sensitivity labels attached to object contain what information?
Options are :
- The item's need to know
- The item's category
- The item's classification and category set
- The item's classification
The US department of Health, Education and Welfare developed a list of fair information practices focused on privacy of individually, personal identifiable information. Which one of the following is incorrect?
Options are :
- There must be a way for a person to prevent information about them, which was obtained for one purpose, from being used or made available for another purpose without their consent.
- There must be a way for a person to find out what information about them exists and how it is used.
- Any organization creating, maintaining, using, or disseminating records of personal identifiable information must ensure reliability of the data for their intended use and must make precautions to prevent misuses of that data.
- There must be a personal data record-keeping system whose very existence shall be kept secret.
An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called:
Options are :
- a degausser
- magnetic remanence.
- magnetic saturation.
- a magnetic field.
CISSP-ISSAP Information Systems Security Architecture Exam Set 3
Which of the following is NOT a media viability control used to protect the viability of data storage media?
Options are :
- marking
- clearing
- handling
- storage
According to Requirement 3 of the Payment Card Industry's Data Security Standard (PCI DSS) there is a requirement to "protect stored cardholder data." Which of the following items cannot be stored by the merchant?
Options are :
- The Card Validation Code (CVV2)
- Cardholder Name
- Expiration Date
- Primary Account Number
The US-EU Safe Harbor process has been created to address which of the following?
Options are :
- Integrity of data transferred between U.S. and European companies
- Confidentiality of data transferred between U.S and European companies
- Confidentiality of data transferred between European and international companies
- Protection of personal data transferred between U.S and European companies
CISSP - Security Assessment and Testing Mock
What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?
Options are :
- Trojan horses
- Data fiddling
- Data diddling
- Salami techniques
Which of the following refers to the data left on the media after the media has been erased?
Options are :
- semi-hidden
- sticky bits
- recovery
- remanence
Which of the following European Union (EU) principles pertaining to the protection of information on private individuals is incorrect?
Options are :
- Individuals have the right to correct errors contained in their personal data.
- Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited.
- Records kept on an individual should be accurate and up to date.
- Data collected by an organization can be used for any purpose and for as long as necessary, as long as it is never communicated outside of the organization by which it was collected.
The typical computer fraudsters are usually persons with which of the following characteristics?
Options are :
- They hold a position of trust
- They deviate from the accepted norms of society
- They conspire with others
- They have had previous contact with law enforcement
Which of the following method is recommended by security professional to PERMANENTLY erase sensitive data on magnetic media?
Options are :
- Delete File allocation table
- Overwrite every sector of magnetic media with pattern of 1's and 0's
- Format magnetic media
- Degaussing
What is the main issue with media reuse?
Options are :
- Data remanence
- Degaussing
- Purging
- Media destruction
CISSP - Security and Risk Management Pratice Questions
What is the most secure way to dispose of information on a CD-ROM?
Options are :
- Physical destruction
- Sanitizing
- Degaussing
- Physical damage
Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?
Options are :
- SSH (Secure Shell)
- SSL (Secure Sockets Layer)
- SET (Secure Electronic Transaction)
- S/MIME (Secure MIME)
Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette?
Options are :
- Zeroization
- Buffer overflow
- Degaussing
- Parity Bit Manipulation
CISSP Security Engineering Certification Practical Exam Set 10
When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?
Options are :
- Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack.
- Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.
- They both involve rewriting the media.
- Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files.
Which of the following logical access exposures involvers changing data before, or as it is entered into the computer?
Options are :
- Viruses
- Salami techniques
- Data diddling
- Trojan horses
Which of the following is NOT a proper component of Media Viability Controls?
Options are :
- Marking
- Writing
- Handling
- Storage
Degaussing is used to clear data from all of the following media except:
Options are :
- Video Tapes
- Read-Only Media
- Floppy Disks
- Magnetic Hard Disks
Which of the following establishes the minimal national standards for certifying and accrediting national security systems?
Options are :
- DIACA
- HIPAA
- TCSEC
- NIACAP
CISSP - Software Development Security Mock Questions
Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity?
Options are :
- Steganography
- NTFS ADS
- Encryption
- ADS - Alternate Data Streams
Which of the following groups represents the leading source of computer crime losses?
Options are :
- Hackers
- Employees
- Industrial saboteurs
- Foreign intelligence officers
The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?
Options are :
- Test equipment is easily damaged.
- Test equipment can be used to browse information passing on a network.
- Test equipment must always be available for the maintenance personnel.
- Test equipment is difficult to replace if lost or stolen.
CISSP Security Engineering Certification Practice Exam Set 4
What would BEST define a covert channel?
Options are :
- A communication channel that allows transfer of information in a manner that violates the system's security policy.
- An undocumented backdoor that has been left by a programmer in an operating system
- A Trojan horse
- An open system port that should be closed.
The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of:
Options are :
- Confidentiality, Integrity, and Liability (C.I.L.)
- Confidentiality, Integrity, and Authenticity (C.I.A.).
- Confidentiality, Integrity, and Entity (C.I.E.).
- Confidentiality, Integrity, and Availability (C.I.A.).
Who should DECIDE how a company should approach security and what security measures should be implemented?
Options are :
- Auditor
- Data owner
- The information security specialist
- Senior management
CISSP-ISSEP Information Systems Security Engineering Exam Set 3
Which of the following access control models requires defining classification for objects?
Options are :
- Role-based access control
- Discretionary access control
- Mandatory access control
- Identity-based access control
Controlling access to information systems and associated networks is necessary for the preservation of their:
Options are :
- Confidentiality, integrity, and availability
- Authenticity, confidentiality, integrity and availability.
- Authenticity, confidentiality and availability
- Integrity and availability.
At which temperature does damage start occurring to magnetic media?
Options are :
- 150 degrees Fahrenheit or 65.5 degrees Celsius
- 175 degrees Fahrenheit or 79.4 degrees Celsius
- 125 degrees Fahrenheit or 51.66 degrees Celsius
- 100 degrees Fahrenheit or 37.7 degrees Celsius
CISSP Security and Risk Management Certified Practice Exam Set 4
Which of the following term BEST describes a weakness that could potentially be exploited?
Options are :
- Target of evaluation (TOE)
- Vulnerability
- Threat
- Risk
Which of the following computer crime is MORE often associated with INSIDERS?
Options are :
- Data diddling
- Denial of service (DoS)
- Password sniffing
- IP spoofing
Virus scanning and content inspection of S/MIME encrypted e-mail without doing any further processing is:
Options are :
- Only possible with key recovery scheme of all user keys
- It is possible only if X509 Version 3 certificates are used
- Not possible
- It is possible only by "brute force" decryption
CISSP - Identity and Access Management (IAM)
Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?
Options are :
- Steganography
- Digital enveloping
- Digital watermarking
- Digital signature
What is Dumpster Diving?
Options are :
- performing forensics on the deleted items
- Running through another person's garbage for discarded document, information and other various items that could be used against that person or company
- Performing media analysis
- Going through dust bin
What security model is dependent on security labels?
Options are :
- Label-based access control
- Discretionary access control
- Non-discretionary access control
- Mandatory access control
CISSP Security Engineering Certification Practical Exam Set 8
In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?
Options are :
- Access Matrix model
- Bell-LaPadula model
- Take-Grant model
- Biba model
Which of the following would BEST be defined as an absence or weakness of safeguard that could be exploited?
Options are :
- A vulnerability.
- A vulnerability.
- A threat
- An exposure.
Which of the following BEST describes an exploit?
Options are :
- A condition where a program (either an application or part of the operating system) stops performing its expected function and also stops responding to other parts ofthe system.
- A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software.
- An intentional hidden message or feature in an object such as a piece of software or a movie.
- An anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer.
CISSP - Mock Questions with all domains
What can be defined as secret communications where the very existence of the message is hidden?
Options are :
- Cryptology
- Clustering
- Vernam cipher
- Steganography
Which of the following access control models introduces user security clearance and data classification?
Options are :
- Mandatory access control
- Role-based access control
- Discretionary access control
- Non-discretionary access control
Which of the following should be performed by an operator?
Options are :
- Approving changes
- Installing system software
- Adding and removal of users
- Changing profiles
Which of the following attacks could capture network user passwords?
Options are :
- Smurfing
- IP Spoofing
- Data diddling
- Sniffing
Which of the following categories of hackers poses the greatest threat?
Options are :
- Disgruntled employees
- Student hackers
- Corporate spies
- Criminal hackers
CISSP (Information Systems Security) Practice Tests 2019 Set 7
MOST access violations are:
Options are :
- Related to Internet
- Caused by external hackers
- Accidental
- Caused by internal hackers
Which of the following should NOT be performed by an operator?
Options are :
- Data entry
- Monitoring execution of the system
- Implementing the initial program load
- Controlling job flow
CISSP Security Engineering Certification Practical Exam Set 7
Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks?
Options are :
- Making sure only necessary phone numbers are made public
- Require user authentication
- Using completely different numbers for voice and data accesses
- Monitoring and auditing for such activity
CobiT was developed from the COSO framework. Which of the choices below best describe the COSO's main objectives and purpose?
Options are :
- COSO main purpose is to help ensure fraudulent financial reporting cannot take place in an organization
- COSO main purpose is to define a sound risk management approach within financial companies.
- COSO addresses corporate culture and policy development
- COSO is risk management system used for the protection of federal systems.
Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability?
Options are :
- A residual risk.
- A countermeasure.
- An exposure.
- A risk.
CISSP Security Engineering Certification Practice Exam Set 7
Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity?
Options are :
- Role-based Access Control
- Discretionary Access Control
- Mandatory Access Control
- Sensitive Access Control
What can be defined as an event that could cause harm to the information systems?
Options are :
- A risk
- A threat
- A weakness
- A vulnerability
Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?
Options are :
- Chief information officer
- System and information owners
- Business and functional managers
- IT Security practitioners
CISSP-ISSEP Information Systems Security Engineering Exam Set 7
Passwords can be required to change monthly, quarterly, or at other intervals:
Options are :
- depending on the criticality of the information needing protection.
- depending on the password's frequency of use.
- depending on the criticality of the information needing protection and the password's frequency of use.
- not depending on the criticality of the information needing protection but depending on the password's frequency of use.
Which of the following results in the most devastating business interruptions?
Options are :
- Loss of Data
- Loss of Hardware/Software
- Loss of Applications
- Loss of Communication Links
What are the three MOST important functions that Digital Signatures perform?
Options are :
- Authorization, Detection and Accountability
- Integrity, Authentication and Nonrepudiation
- Integrity, Confidentiality and Authorization
- Authorization, Authentication and Nonrepudiation
CISSP Security Engineering Certification Practical Exam Set 9
Which one of the following is used to provide authentication and confidentiality for e-mail messages?
Options are :
- PGP
- MD4
- IPSEC AH
- Digital signature
Which of the following is responsible for MOST of the security issues?
Options are :
- Hackers
- Outside espionage
- Personnel
- Equipment failure
The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)?
Options are :
- Exposure
- Vulnerability
- Threat
- Risk
CISSP - Security Engineering Mock Questions
IT security measures should:
Options are :
- make sure that every asset of the organization is well protected.
- be complex.
- be tailored to meet organizational security goals.
- not be developed in a layered fashion.
Which of the following access control models is based on sensitivity labels?
Options are :
- Role-based access control
- Rule-based access control
- Discretionary access control
- Mandatory access control
Which of the following is BEST practice to employ in order to reduce the risk of collusion?
Options are :
- Least Privilege
- Mandatory Vacations
- Separation of Duties
- Job Rotation
CISSP Security Engineering Certification Practical Exam Set 9
What are the four domains that make up CobiT?
Options are :
- Plan and Organize, Acquire and Implement, Support and Purchase, and Monitor and Evaluate
- .Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate
- Plan and Organize, Maintain and Implement, Deliver and Support, and Monitor and Evaluate
- Acquire and Implement, Deliver and Support, Monitor, and Evaluate
Which of the following BEST defines add-on security?
Options are :
- Physical security complementing logical security measures.
- Layer security.
- Protection mechanisms implemented after an information system has become operational.
- Protection mechanisms implemented as an integral part of an information system
Kerberos can prevent which one of the following attacks?
Options are :
- Tunneling attack.
- Process attack.
- .Playback (replay) attack.
- Destructive attack.
Computer security should be first and foremost which of the following?
Options are :
- Be cost-effective.
- Cover all identified risks
- Be proportionate to the value of IT systems.
- Be examined in both monetary and non-monetary terms.
Which of the following is NOT appropriate in addressing object reuse?
Options are :
- Degaussing magnetic tapes when they're no longer needed.
- Clearing memory blocks before they are allocated to a program or data.
- Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.
- Deleting files on disk before reusing the space.
CISSP Security Engineering Certification Practice Exam Set 5
Recommended Reading
- CISSP Security Engineering Certification Practical Exam Set 6
- CISSP Communication and Network Security Practice Exam Set 7
- CISSP - Mock Questions with all domains
- CISSP-ISSEP Information Systems Security Engineering Exam Set 3
- CISSP - Mock Questions with all domains
- CISSP - Mock Questions with all domains
- CISSP - Mock Questions with all domains
- CISSP - Asset Security Mock
- CISSP Communication and Network Security Practice Exam Set 5
- CISSP-ISSEP Information Systems Security Engineering Exam Set 2
- CISSP - Security Engineering Mock Questions
- CISSP - Identity and Access Management (IAM)
