CISSP Asset Security Certification Practical Exam Set 2

The typical computer fraudsters are usually persons with which of the following characteristics?


Options are :

  • They hold a position of trust
  • They deviate from the accepted norms of society
  • They conspire with others
  • They have had previous contact with law enforcement

Answer : They hold a position of trust

Which of the following method is recommended by security professional to PERMANENTLY erase sensitive data on magnetic media?


Options are :

  • Delete File allocation table
  • Overwrite every sector of magnetic media with pattern of 1's and 0's
  • Format magnetic media
  • Degaussing

Answer : Degaussing

What is the main issue with media reuse?


Options are :

  • Data remanence
  • Degaussing
  • Purging
  • Media destruction

Answer : Data remanence

CISSP - Security and Risk Management Pratice Questions

What is the most secure way to dispose of information on a CD-ROM?


Options are :

  • Physical destruction
  • Sanitizing
  • Degaussing
  • Physical damage

Answer : Physical destruction

Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?


Options are :

  • SSH (Secure Shell)
  • SSL (Secure Sockets Layer)
  • SET (Secure Electronic Transaction)
  • S/MIME (Secure MIME)

Answer : SET (Secure Electronic Transaction)

Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette?


Options are :

  • Zeroization
  • Buffer overflow
  • Degaussing
  • Parity Bit Manipulation

Answer : Degaussing

CISSP Security Engineering Certification Practical Exam Set 10

When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?


Options are :

  • Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack.
  • Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.
  • They both involve rewriting the media.
  • Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files.

Answer : Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack.

Which of the following logical access exposures involvers changing data before, or as it is entered into the computer?


Options are :

  • Viruses
  • Salami techniques
  • Data diddling
  • Trojan horses

Answer : Data diddling

Which of the following is NOT a proper component of Media Viability Controls?


Options are :

  • Marking
  • Writing
  • Handling
  • Storage

Answer : Writing

CISSP - Asset Security Mock

Degaussing is used to clear data from all of the following media except:


Options are :

  • Video Tapes
  • Read-Only Media
  • Floppy Disks
  • Magnetic Hard Disks

Answer : Read-Only Media

Which of the following establishes the minimal national standards for certifying and accrediting national security systems?


Options are :

  • DIACA
  • HIPAA
  • TCSEC
  • NIACAP

Answer : NIACAP

CISSP - Software Development Security Mock Questions

Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity?


Options are :

  • Steganography
  • NTFS ADS
  • Encryption
  • ADS - Alternate Data Streams

Answer : Steganography

Which of the following groups represents the leading source of computer crime losses?


Options are :

  • Hackers
  • Employees
  • Industrial saboteurs
  • Foreign intelligence officers

Answer : Employees

The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?


Options are :

  • Test equipment is easily damaged.
  • Test equipment can be used to browse information passing on a network.
  • Test equipment must always be available for the maintenance personnel.
  • Test equipment is difficult to replace if lost or stolen.

Answer : Test equipment can be used to browse information passing on a network.

CISSP Security Engineering Certification Practice Exam Set 4

What would BEST define a covert channel?


Options are :

  • A communication channel that allows transfer of information in a manner that violates the system's security policy.
  • An undocumented backdoor that has been left by a programmer in an operating system
  • A Trojan horse
  • An open system port that should be closed.

Answer : A communication channel that allows transfer of information in a manner that violates the system's security policy.

The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of:


Options are :

  • Confidentiality, Integrity, and Liability (C.I.L.)
  • Confidentiality, Integrity, and Authenticity (C.I.A.).
  • Confidentiality, Integrity, and Entity (C.I.E.).
  • Confidentiality, Integrity, and Availability (C.I.A.).

Answer : Confidentiality, Integrity, and Availability (C.I.A.).

Who should DECIDE how a company should approach security and what security measures should be implemented?


Options are :

  • Auditor
  • Data owner
  • The information security specialist
  • Senior management

Answer : Senior management

CISSP-ISSEP Information Systems Security Engineering Exam Set 3

Which of the following access control models requires defining classification for objects?


Options are :

  • Role-based access control
  • Discretionary access control
  • Mandatory access control
  • Identity-based access control

Answer : Mandatory access control

Controlling access to information systems and associated networks is necessary for the preservation of their:


Options are :

  • Confidentiality, integrity, and availability
  • Authenticity, confidentiality, integrity and availability.
  • Authenticity, confidentiality and availability
  • Integrity and availability.

Answer : Confidentiality, integrity, and availability

At which temperature does damage start occurring to magnetic media?


Options are :

  • 150 degrees Fahrenheit or 65.5 degrees Celsius
  • 175 degrees Fahrenheit or 79.4 degrees Celsius
  • 125 degrees Fahrenheit or 51.66 degrees Celsius
  • 100 degrees Fahrenheit or 37.7 degrees Celsius

Answer : 100 degrees Fahrenheit or 37.7 degrees Celsius

CISSP Security and Risk Management Certified Practice Exam Set 4

Which of the following term BEST describes a weakness that could potentially be exploited?


Options are :

  • Target of evaluation (TOE)
  • Vulnerability
  • Threat
  • Risk

Answer : Vulnerability

Which of the following computer crime is MORE often associated with INSIDERS?


Options are :

  • Data diddling
  • Denial of service (DoS)
  • Password sniffing
  • IP spoofing

Answer : Data diddling

Virus scanning and content inspection of S/MIME encrypted e-mail without doing any further processing is:


Options are :

  • Only possible with key recovery scheme of all user keys
  • It is possible only if X509 Version 3 certificates are used
  • Not possible
  • It is possible only by "brute force" decryption

Answer : Not possible

CISSP - Identity and Access Management (IAM)

Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?


Options are :

  • Steganography
  • Digital enveloping
  • Digital watermarking
  • Digital signature

Answer : Digital enveloping

What is Dumpster Diving?


Options are :

  • performing forensics on the deleted items
  • Running through another person's garbage for discarded document, information and other various items that could be used against that person or company
  • Performing media analysis
  • Going through dust bin

Answer : Running through another person's garbage for discarded document, information and other various items that could be used against that person or company

What security model is dependent on security labels?


Options are :

  • Label-based access control
  • Discretionary access control
  • Non-discretionary access control
  • Mandatory access control

Answer : Mandatory access control

CISSP Security Engineering Certification Practical Exam Set 8

In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?


Options are :

  • Access Matrix model
  • Bell-LaPadula model
  • Take-Grant model
  • Biba model

Answer : Bell-LaPadula model

Which of the following would BEST be defined as an absence or weakness of safeguard that could be exploited?


Options are :

  • A vulnerability.
  • A vulnerability.
  • A threat
  • An exposure.

Answer : A vulnerability.

Which of the following BEST describes an exploit?


Options are :

  • A condition where a program (either an application or part of the operating system) stops performing its expected function and also stops responding to other parts ofthe system.
  • A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software.
  • An intentional hidden message or feature in an object such as a piece of software or a movie.
  • An anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer.

Answer : A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software.

CISSP - Mock Questions with all domains

What can be defined as secret communications where the very existence of the message is hidden?


Options are :

  • Cryptology
  • Clustering
  • Vernam cipher
  • Steganography

Answer : Steganography

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now