CISSP (Information Systems Security) Practice Tests 2019 Set 2

What type of evidence refers to written documents that are brought into court to prove a fact?



Options are :

  • B. Payroll evidence
  • C. Documentary evidence (Correct)
  • D. Testimonial evidence
  • A. Best evidence

Answer : C. Documentary evidence

CISSP Communication and Network Security Practice Exam Set 2

Which of the following statements is true?



Options are :

  • B. The more complex a system, the less assurance it provides. (Correct)
  • C. The less complex a system, the less trust it provides.
  • D. The more complex a system, the less attack surface it generates.
  • A. The less complex a system, the more vulnerabilities it has.

Answer : B. The more complex a system, the less assurance it provides.

Auditing is a required factor to sustain and enforce what?



Options are :

  • D. Redundancy
  • C. Accessibility
  • A. Accountability (Correct)
  • B. Confidentiality

Answer : A. Accountability

Which of the following is not a composition theory related to security models?



Options are :

  • C. Iterative (Correct)
  • D. Hookup
  • A. Cascading
  • B. Feedback

Answer : C. Iterative

CISSP - Security Operations Mock Questions

What is the last phase of the TCP/IP three-way handshake sequence?



Options are :

  • D. SYN/ACK packet
  • A. SYN packet
  • B. ACK packet (Correct)
  • C. NAK packet

Answer : B. ACK packet

At which layer of the OSI model does a router operate?



Options are :

  • C. Transport layer
  • D. Layer 5
  • A. Network layer (Correct)
  • B. Layer 1

Answer : A. Network layer

Which of the following types of access control seeks to discover evidence of unwanted, unauthorized, or illicit behavior or activity?



Options are :

  • B. Deterrent
  • A. Preventive
  • C. Detective (Correct)
  • D. Corrective

Answer : C. Detective

CISSP - Mock Questions with all domains

What form of intellectual property is used to protect words, slogans, and logos?



Options are :

  • C. Trademark (Correct)
  • D. Trade secret
  • B. Copyright
  • A. Patent

Answer : C. Trademark

Why are military and intelligence attacks among the most serious computer crimes?



Options are :

  • A. The use of information obtained can have far-reaching detrimental strategic effects on national interests in an enemy’s hands. (Correct)
  • C. The long-term political use of classified information can impact a country’s leadership.
  • B. Military information is stored on secure machines, so a successful attack can be embarrassing.

Answer : A. The use of information obtained can have far-reaching detrimental strategic effects on national interests in an enemy’s hands.

What is the point of a secondary verification system?



Options are :

  • A. To verify the identity of a user
  • D. To verify the correctness of a system (Correct)
  • C. To verify the completeness of a system
  • B. To verify the activities of a user

Answer : D. To verify the correctness of a system

CISSP - Security Operations Mock Questions

What type of cipher relies on changing the location of characters within a message to achieve confidentiality?



Options are :

  • B. Transposition cipher (Correct)
  • C. Block cipher
  • D. Substitution cipher
  • A. Stream cipher

Answer : B. Transposition cipher

CISSP - Software Development Security Mock Questions

When determining the classification of data, which one of the following is the most important consideration?



Options are :

  • B. Value (Correct)
  • D. Accessibility
  • A. Processing system
  • C. Storage media

Answer : B. Value

Which of the following is not considered a violation of confidentiality?



Options are :

  • B. Eavesdropping
  • A. Stealing passwords
  • D. Social engineering
  • C. Hardware destruction (Correct)

Answer : C. Hardware destruction

Referring to the scenario in question 8, what is the annualized loss expectancy?



Options are :

  • D. $135,000 (Correct)
  • B. $2,700,000
  • C. $270,000
  • A. $3,000,000

Answer : D. $135,000

CISSP-ISSEP Information Systems Security Engineering Exam Set 3

Which one of the following BIA terms identifies the amount of money a business expects to lose to a given risk each year?



Options are :

  • C. ALE (Correct)
  • D. EF
  • B. SLE
  • A. ARO

Answer : C. ALE

What type of law does not require an act of Congress to implement

at the federal level but rather is enacted by the executive branch in

the form of regulations, policies, and procedures?



Options are :

  • D. Administrative law (Correct)
  • C. Civil law
  • B. Common law
  • A. Criminal law

Answer : D. Administrative law

STRIDE is often used in relation to assessing threats against applications or operating systems. Which of the following is not an

element of STRIDE?



Options are :

  • D. Disclosure (Correct)
  • B. Elevation of privilege
  • A. Spoofing
  • C. Repudiation

Answer : D. Disclosure

CISSP Security Engineering Certification Practice Exam Set 5

Richard recently developed a great name for a new product that he plans to begin using immediately. He spoke with his attorney and filed the appropriate application to protect his product name but has not yet received a response from the government regarding his application. He wants to begin using the name immediately. What symbol should he use next to the name to indicate its protected status?



Options are :

  • D. †
  • C. ™ (Correct)
  • B. ®
  • A. ©

Answer : C. ™

What element of data categorization management can override all other forms of access control?



Options are :

  • C. Custodian responsibilities
  • B. Physical access
  • D. Taking ownership (Correct)
  • A. Classification

Answer : D. Taking ownership

John recently received an email message from Bill. What cryptographic goal would need to be met to convince John that Bill

was actually the sender of the message?



Options are :

  • D. Integrity
  • A. Nonrepudiation (Correct)
  • C. Availability
  • B. Confidentiality

Answer : A. Nonrepudiation

CISSP Security and Risk Management Certified Practice Exam Set 3

Which one of the following would administrators use to connect to a remote server securely for administration?



Options are :

  • B. Secure File Transfer Protocol (SFTP)
  • D. Secure Shell (SSH) (Correct)
  • A. Telnet
  • C. Secure Copy (SCP)

Answer : D. Secure Shell (SSH)

Which of the following is not true?



Options are :

  • A. Violations of confidentiality include human error.
  • B. Violations of confidentiality include management oversight.
  • D. Violations of confidentiality can occur when a transmission is not properly encrypted.
  • C. Violations of confidentiality are limited to direct intentional attacks. (Correct)

Answer : C. Violations of confidentiality are limited to direct intentional attacks.

Which one of the following concerns is not suitable for quantitative measurement during the business impact assessment?



Options are :

  • D. Power outage
  • A. Loss of a plant
  • B. Damage to a vehicle
  • C. Negative publicity (Correct)

Answer : C. Negative publicity

CISSP - Security Operations Mock Questions

Which of the following answers would not be included as sensitive data?



Options are :

  • D. Data posted on a website (Correct)
  • B. Protected health information (PHI)
  • C. Proprietary data
  • A. Personally identifiable information (PII)

Answer : D. Data posted on a website

What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to

search private residences and facilities?



Options are :

  • A. Privacy Act
  • C. Second Amendment
  • B. Fourth Amendment (Correct)
  • D. Gramm-Leach-Bliley Act

Answer : B. Fourth Amendment

All but which of the following items requires awareness for all individuals affected?



Options are :

  • A. Restricting personal email
  • D. The backup mechanism used to retain email messages (Correct)
  • C. Gathering information about surfing habits
  • B. Recording phone conversations

Answer : D. The backup mechanism used to retain email messages

CISSP - Security Operations Mock Questions

When an employee is to be terminated, which of the following should be done?



Options are :

  • B. Disable the employee’s network access just as they are informed of the termination. (Correct)
  • D. Wait until you and the employee are the only people remaining in the building before announcing the termination.
  • A. Inform the employee a few hours before they are officially terminated.
  • C. Send out a broadcast email informing everyone that a specific employee is to be terminated.

Answer : B. Disable the employee’s network access just as they are informed of the termination.

What is the first step that individuals responsible for the development of a business continuity plan should perform?



Options are :

  • D. Legal and regulatory assessment
  • C. Resource requirements analysis
  • B. Business organization analysis (Correct)
  • A. BCP team selection

Answer : B. Business organization analysis

If a security mechanism offers availability, then it offers a high level of assurance that authorized subjects can

_____________________ the data, objects, and resources.



Options are :

  • D. Repudiate
  • C. Access (Correct)
  • B. Audit
  • A. Control

Answer : C. Access

CISSP - Mock Questions with all domains

What unit of measurement should be used to assign quantitative values to assets in the priority identification phase of the business impact assessment?



Options are :

  • B. Utility
  • C. Importance
  • D. Time
  • A. Monetary (Correct)

Answer : A. Monetary

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now