CISSP (Information Systems Security) Practice Tests 2019 Set 4

What is the most common and inexpensive form of physical access control device?



Options are :

  • A. Lighting
  • D. Fences
  • B. Security guard
  • C. Key locks (Correct)

Answer : C. Key locks

What type of cryptographic attack rendered Double DES (2DES) no more effective than standard DES encryption?



Options are :

  • C. Meet-in-the-middle attack (Correct)
  • D. Man-in-the-middle attack
  • A. Birthday attack
  • B. Chosen ciphertext attack

Answer : C. Meet-in-the-middle attack

What cryptosystem provides the encryption/decryption technology for the commercial version of Phil Zimmerman’s Pretty Good Privacy secure email system?



Options are :

  • A. ROT13
  • D. El Gamal
  • C. ECC
  • B. IDEA (Correct)

Answer : B. IDEA

CISSP - Security and Risk Management Pratice Questions

What is system certification?



Options are :

  • B. A technical evaluation of each part of a computer system to assess its compliance with security standards (Correct)
  • D. A manufacturer’s certificate stating that all components were installed and configured correctly
  • C. A functional evaluation of the manufacturer’s goals for each hardware and software component to meet integration standards
  • A. Formal acceptance of a stated system configuration

Answer : B. A technical evaluation of each part of a computer system to assess its compliance with security standards

What is system accreditation?




Options are :

  • A. Formal acceptance of a stated system configuration (Correct)
  • C. Acceptance of test results that prove the computer system enforces the security policy
  • B. A functional evaluation of the manufacturer’s goals for each hardware and software component to meet integration standards
  • D. The process to specify secure communication between machines

Answer : A. Formal acceptance of a stated system configuration

Which of the following is not true regarding firewalls?



Options are :

  • A. They are able to log traffic information.
  • B. They are able to block viruses. (Correct)
  • D. They are unable to prevent internal attacks.
  • C. They are able to issue alarms based on suspected attacks.

Answer : B. They are able to block viruses.

CISSP Security Engineering Certification Practical Exam Set 10

In the RSA public key cryptosystem, which one of the following numbers will always be largest?



Options are :

  • C. p
  • B. n (Correct)
  • D. q
  • A. e

Answer : B. n

Which of the following is a double set of doors that is often protected by a guard and is used to contain a subject until their

identity and authentication are verified?



Options are :

  • A. Gate
  • D. Proximity detector
  • C. Mantrap (Correct)
  • B. Turnstile

Answer : C. Mantrap

If you are the victim of a bluejacking attack, what was compromised?



Options are :

  • B. Your switch
  • C. Your cell phone (Correct)
  • A. Your firewall
  • D. Your web cookies

Answer : C. Your cell phone

CISSP - Security Engineering Mock Questions

Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?



Options are :

  • B. Diffie-Hellman (Correct)
  • D. IDEA
  • C. 3DES
  • A. RSA

Answer : B. Diffie-Hellman

Which of the following describes a community cloud?



Options are :

  • B. A cloud service within a corporate network and isolated from the internet
  • C. A cloud service that is accessible to the general public typically over an internet connection
  • D. A cloud service that is partially hosted within an organization for private use and that uses external services to offer resources to outsiders
  • A. A cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange (Correct)

Answer : A. A cloud environment maintained, used, and paid for by a group of users or organizations for their shared benefit, such as collaboration and data exchange

What is a security risk of an embedded system that is not commonly found in a standard PC?



Options are :

  • D. Power loss
  • C. Control of a mechanism in the physical world (Correct)
  • B. Access to the internet
  • A. Software flaws

Answer : C. Control of a mechanism in the physical world

CISSP Security Engineering Certification Practice Exam Set 9

What is layer 4 of the OSI model?



Options are :

  • B. Network
  • A. Presentation
  • D. Transport (Correct)
  • C. Data Link

Answer : D. Transport

Which of the following is not a typical type of alarm that can be triggered for physical security?



Options are :

  • D. Notification
  • C. Repellant
  • B. Deterrent
  • A. Preventive (Correct)

Answer : A. Preventive

Which security models are built on a state machine model?



Options are :

  • D. Bell-LaPadula and Biba (Correct)
  • A. Bell-LaPadula and Take-Grant
  • C. Clark-Wilson and Bell-LaPadula
  • B. Biba and Clark-Wilson

Answer : D. Bell-LaPadula and Biba

CISSP - Software Development Security Mock Questions

Which networking technology is based on the IEEE 802.3 standard?



Options are :

  • C. FDDI
  • D. HDLC
  • A. Ethernet (Correct)
  • B. Token Ring

Answer : A. Ethernet

Which one of the following storage devices is most likely to require encryption technology in order to maintain data security in a networked environment?



Options are :

  • D. RAM
  • B. Backup tape
  • A. Hard disk
  • C. Removable drives (Correct)

Answer : C. Removable drives

Which of the following is not a typical security measure implemented in relation to a media storage facility containing

reusable removable media?



Options are :

  • C. Hashing (Correct)
  • A. Employing a librarian or custodian
  • D. Using sanitization tools on returned media
  • B. Using a check-in/check-out process

Answer : C. Hashing

CISSP - Software Development Security Mock Questions

What security method, mechanism, or model reveals a capabilities list of a subject across multiple objects?



Options are :

  • B. Access control matrix (Correct)
  • D. Clark-Wilson
  • C. Biba
  • A. Separation of duties

Answer : B. Access control matrix

You have three applications running on a single-core singleprocessor system that supports multitasking. One of those applications is a word processing program that is managing two threads simultaneously. The other two applications are using only one thread of execution. How many application threads are running on the processor at any given time?



Options are :

  • D. Four
  • A. One (Correct)
  • C. Three
  • B. Two

Answer : A. One

What type of memory is directly available to the CPU and is often part of the CPU?



Options are :

  • B. ROM
  • A. RAM
  • D. Virtual memory
  • C. Register memory (Correct)

Answer : C. Register memory

CISSP - Security Engineering Mock Questions

Many PC operating systems provide functionality that enables them to support the simultaneous execution of multiple

applications on single-processor systems. What term is used to describe this capability?



Options are :

  • C. Multitasking (Correct)
  • D. Multiprocessing
  • B. Multithreading
  • A. Multiprogramming

Answer : C. Multitasking

Which OSI model layer manages communications in simplex, halfduplex, and full-duplex modes?



Options are :

  • A. Application
  • D. Physical
  • B. Session (Correct)
  • C. Transport

Answer : B. Session

Which one of the following types of memory might retain information after being removed from a computer and, therefore,

represent a security risk?



Options are :

  • A. Static RAM
  • B. Dynamic RAM
  • D. Real memory
  • C. Secondary memory (Correct)

Answer : C. Secondary memory

CISSP - Software Development Security Mock Questions

Which of the following is the least resistant to EMI?



Options are :

  • D. Fiber
  • B. UTP (Correct)
  • A. Thinnet
  • C. STP

Answer : B. UTP

Which International Telecommunications Union (ITU) standard governs the creation and endorsement of digital certificates for

secure electronic communication?



Options are :

  • A. X.500
  • D. X.905
  • C. X.900
  • B. X.509 (Correct)

Answer : B. X.509

What is an access object?



Options are :

  • B. A user or process that wants to access a resource
  • C. A list of valid access rules
  • A. A resource a user or process wants to access (Correct)
  • D. The sequence of valid access types

Answer : A. A resource a user or process wants to access

CISSP Security Engineering Certification Practical Exam Set 9

If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the

message?



Options are :

  • C. Sue’s public key (Correct)
  • A. Richard’s public key
  • D. Sue’s private key
  • B. Richard’s private key

Answer : C. Sue’s public key

What is the best definition of a security model?



Options are :

  • D. A security model is the process of formal acceptance of a certified configuration.
  • A. A security model states policies an organization must follow.
  • C. A security model is a technical evaluation of each part of a computer system to assess its concordance with security standards.
  • B. A security model provides a framework to implement a security policy. (Correct)

Answer : B. A security model provides a framework to implement a security policy.

Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to convert from RSA to an

elliptic curve cryptosystem. If it wants to maintain the same cryptographic strength, what ECC key length should it use?



Options are :

  • A. 160 bits (Correct)
  • B. 512 bits
  • D. 2,048 bits
  • C. 1,024 bits

Answer : A. 160 bits

CISSP - Software Development Security Mock Questions

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now