CISSP Asset Security Certification Practical Exam Set 3

Which of the following access control models introduces user security clearance and data classification?


Options are :

  • Mandatory access control (Correct)
  • Role-based access control
  • Discretionary access control
  • Non-discretionary access control

Answer : Mandatory access control

Which of the following should be performed by an operator?


Options are :

  • Approving changes
  • Installing system software (Correct)
  • Adding and removal of users
  • Changing profiles

Answer : Installing system software

Which of the following attacks could capture network user passwords?


Options are :

  • Smurfing
  • IP Spoofing
  • Data diddling
  • Sniffing (Correct)

Answer : Sniffing

Which of the following categories of hackers poses the greatest threat?


Options are :

  • Disgruntled employees (Correct)
  • Student hackers
  • Corporate spies
  • Criminal hackers

Answer : Disgruntled employees

CISSP (Information Systems Security) Practice Tests 2019 Set 7

MOST access violations are:


Options are :

  • Related to Internet
  • Caused by external hackers
  • Accidental (Correct)
  • Caused by internal hackers

Answer : Accidental

Which of the following should NOT be performed by an operator?


Options are :

  • Data entry (Correct)
  • Monitoring execution of the system
  • Implementing the initial program load
  • Controlling job flow

Answer : Data entry

CISSP Security Engineering Certification Practical Exam Set 7

Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks?


Options are :

  • Making sure only necessary phone numbers are made public
  • Require user authentication (Correct)
  • Using completely different numbers for voice and data accesses
  • Monitoring and auditing for such activity

Answer : Require user authentication

CobiT was developed from the COSO framework. Which of the choices below best describe the COSO's main objectives and purpose?


Options are :

  • COSO main purpose is to help ensure fraudulent financial reporting cannot take place in an organization (Correct)
  • COSO main purpose is to define a sound risk management approach within financial companies.
  • COSO addresses corporate culture and policy development
  • COSO is risk management system used for the protection of federal systems.

Answer : COSO main purpose is to help ensure fraudulent financial reporting cannot take place in an organization

Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability?


Options are :

  • A residual risk.
  • A countermeasure.
  • An exposure.
  • A risk. (Correct)

Answer : A risk.

CISSP Security Engineering Certification Practice Exam Set 7

Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity?


Options are :

  • Role-based Access Control
  • Discretionary Access Control (Correct)
  • Mandatory Access Control
  • Sensitive Access Control

Answer : Discretionary Access Control

What can be defined as an event that could cause harm to the information systems?


Options are :

  • A risk
  • A threat (Correct)
  • A weakness
  • A vulnerability

Answer : A threat

Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?


Options are :

  • Chief information officer
  • System and information owners (Correct)
  • Business and functional managers
  • IT Security practitioners

Answer : System and information owners

CISSP-ISSEP Information Systems Security Engineering Exam Set 7

Passwords can be required to change monthly, quarterly, or at other intervals:


Options are :

  • depending on the criticality of the information needing protection.
  • depending on the password's frequency of use.
  • depending on the criticality of the information needing protection and the password's frequency of use. (Correct)
  • not depending on the criticality of the information needing protection but depending on the password's frequency of use.

Answer : depending on the criticality of the information needing protection and the password's frequency of use.

Which of the following results in the most devastating business interruptions?


Options are :

  • Loss of Data (Correct)
  • Loss of Hardware/Software
  • Loss of Applications
  • Loss of Communication Links

Answer : Loss of Data

What are the three MOST important functions that Digital Signatures perform?


Options are :

  • Authorization, Detection and Accountability
  • Integrity, Authentication and Nonrepudiation (Correct)
  • Integrity, Confidentiality and Authorization
  • Authorization, Authentication and Nonrepudiation

Answer : Integrity, Authentication and Nonrepudiation

CISSP Security Engineering Certification Practical Exam Set 9

Which one of the following is used to provide authentication and confidentiality for e-mail messages?


Options are :

  • PGP (Correct)
  • MD4
  • IPSEC AH
  • Digital signature

Answer : PGP

Which of the following is responsible for MOST of the security issues?


Options are :

  • Hackers
  • Outside espionage
  • Personnel (Correct)
  • Equipment failure

Answer : Personnel

The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)?


Options are :

  • Exposure
  • Vulnerability (Correct)
  • Threat
  • Risk

Answer : Vulnerability

CISSP - Security Engineering Mock Questions

IT security measures should:


Options are :

  • make sure that every asset of the organization is well protected.
  • be complex.
  • be tailored to meet organizational security goals. (Correct)
  • not be developed in a layered fashion.

Answer : be tailored to meet organizational security goals.

Which of the following access control models is based on sensitivity labels?


Options are :

  • Role-based access control
  • Rule-based access control
  • Discretionary access control
  • Mandatory access control (Correct)

Answer : Mandatory access control

Which of the following is BEST practice to employ in order to reduce the risk of collusion?


Options are :

  • Least Privilege
  • Mandatory Vacations
  • Separation of Duties
  • Job Rotation (Correct)

Answer : Job Rotation

CISSP Security Engineering Certification Practical Exam Set 9

What are the four domains that make up CobiT?


Options are :

  • Plan and Organize, Acquire and Implement, Support and Purchase, and Monitor and Evaluate
  • .Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate (Correct)
  • Plan and Organize, Maintain and Implement, Deliver and Support, and Monitor and Evaluate
  • Acquire and Implement, Deliver and Support, Monitor, and Evaluate

Answer : .Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate

Which of the following BEST defines add-on security?


Options are :

  • Physical security complementing logical security measures.
  • Layer security.
  • Protection mechanisms implemented after an information system has become operational. (Correct)
  • Protection mechanisms implemented as an integral part of an information system

Answer : Protection mechanisms implemented after an information system has become operational.

Kerberos can prevent which one of the following attacks?


Options are :

  • Tunneling attack.
  • Process attack.
  • .Playback (replay) attack. (Correct)
  • Destructive attack.

Answer : .Playback (replay) attack.

Computer security should be first and foremost which of the following?


Options are :

  • Be cost-effective. (Correct)
  • Cover all identified risks
  • Be proportionate to the value of IT systems.
  • Be examined in both monetary and non-monetary terms.

Answer : Be cost-effective.

Which of the following is NOT appropriate in addressing object reuse?


Options are :

  • Degaussing magnetic tapes when they're no longer needed.
  • Clearing memory blocks before they are allocated to a program or data.
  • Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.
  • Deleting files on disk before reusing the space. (Correct)

Answer : Deleting files on disk before reusing the space.

CISSP - Software Development Security Mock Questions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now