CISSP-ISSAP Information Systems Security Architecture Exam Set 6

Access control systems enable an authority to control access to areas and resources in a given

physical facility or computer-based information system. Which of the following services provided

by access control systems is used to determine what a subject can do?


Options are :

  • Authorization (Correct)
  • Identification
  • Accountability
  • Authentication

Answer : Authorization

CISSP Security Engineering Certification Practical Exam Set 3

In which of the following Person-to-Person social engineering attacks does an attacker pretend to

be an outside contractor, delivery person, etc., in order to gain physical access to the

organization?


Options are :

  • In person attack
  • Important user posing attack
  • Impersonation attack (Correct)
  • Third-party authorization attack

Answer : Impersonation attack

Which of the following is the process of finding weaknesses in cryptographic algorithms and

obtaining the plaintext or key from the ciphertext?


Options are :

  • Cryptanalysis (Correct)
  • Cryptography
  • Kerberos
  • Cryptographer

Answer : Cryptanalysis

In which of the following access control models, owner of an object decides who is allowed to

access the object and what privileges they have?


Options are :

  • Discretionary Access Control (DAC) (Correct)
  • Access Control List (ACL)
  • Role Based Access Control (RBAC)
  • Mandatory Access Control (MAC)

Answer : Discretionary Access Control (DAC)

CISSP Security Engineering Certification Practice Exam Set 1

You work as a Network Administrator for McNeil Inc. The company has a TCP/IP-based network.

Performance of the network is slow because of heavy traffic. A hub is used as a central connecting

device in the network. Which of the following devices can be used in place of a hub to control the

network traffic efficiently?


Options are :

  • Switch (Correct)
  • Router
  • Bridge
  • Repeater

Answer : Switch

Which of the following uses public key cryptography to encrypt the contents of files?


Options are :

  • RFS
  • EFS (Correct)
  • NTFS
  • DFS

Answer : EFS

You work as an administrator for Techraft Inc. Employees of your company create 'products',

which are supposed to be given different levels of access. You need to configure a security policy

in such a way that an employee (producer of the product) grants accessing privileges (such as

read, write, or alter) for his product. Which of the following access control models will you use to

accomplish this task?


Options are :

  • Mandatory access control (MAC)
  • Access control list (ACL)
  • Role-based access control (RBAC)
  • Discretionary access control (DAC) (Correct)

Answer : Discretionary access control (DAC)

CISSP Security Engineering Certification Practical Exam Set 9

Which of the following describes the acceptable amount of data loss measured in time?


Options are :

  • Recovery Consistency Objective (RCO)
  • Recovery Point Objective (RPO) (Correct)
  • Recovery Time Actual (RTA)
  • Recovery Time Objective (RTO)

Answer : Recovery Point Objective (RPO)

Which of the following is responsible for maintaining certificates in a public key infrastructure

(PKI)?


Options are :

  • Domain Controller
  • Certification Authority (Correct)
  • Internet Authentication Server
  • Certificate User

Answer : Certification Authority

Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of the

following formulas best describes the Single Loss Expectancy (SLE)?


Options are :

  • SLE = Asset Value (AV) * Annualized Rate of Occurrence (ARO)
  • SLE = Asset Value (AV) * Exposure Factor (EF) (Correct)
  • SLE = Annualized Loss Expectancy (ALE) * Annualized Rate of Occurrence (ARO)
  • SLE = Annualized Loss Expectancy (ALE) * Exposure Factor (EF)

Answer : SLE = Asset Value (AV) * Exposure Factor (EF)

CISSP Security Engineering Certification Practical Exam Set 6

Which of the following disaster recovery tests includes the operations that shut down at the

primary site, and are shifted to the recovery site according to the disaster recovery plan?


Options are :

  • Full-interruption test (Correct)
  • Simulation test
  • Structured walk-through test
  • Parallel test

Answer : Full-interruption test

CISSP - Software Development Security Mock Questions

Which of the following protocols uses the Internet key Exchange (IKE) protocol to set up security

associations (SA)?


Options are :

  • ISAKMP (Correct)
  • LEAP
  • IPSec
  • L2TP

Answer : ISAKMP

You are the Network Administrator for a college. You watch a large number of people (some not

even students) going in and out of areas with campus computers (libraries, computer labs, etc.).

You have had a problem with laptops being stolen. What is the most cost effective method to

prevent this?


Options are :

  • Use laptop locks. (Correct)
  • Video surveillance on all areas with computers.
  • Appoint a security guard.
  • Smart card access to all areas with computers.

Answer : Use laptop locks.

Which of the following intrusion detection systems (IDS) monitors network traffic and compares it

against an established baseline?


Options are :

  • File-based
  • Anomaly-based (Correct)
  • Signature-based
  • Network-based

Answer : Anomaly-based

CISSP - Security Operations Mock Questions

You have been assigned the task of selecting a hash algorithm. The algorithm will be specifically

used to ensure the integrity of certain sensitive files. It must use a 128 bit hash value. Which of the

following should you use?


Options are :

  • AES
  • DES
  • MD5 (Correct)
  • SHA

Answer : MD5

The ATM of a bank is robbed by breaking the ATM machine. Which of the following physical

security devices can now be used for verification and historical analysis of the ATM robbery?


Options are :

  • Biometric devices
  • CCTV Cameras (Correct)
  • Key card
  • Intrusion detection systems

Answer : CCTV Cameras

In your office, you are building a new wireless network that contains Windows 2003 servers. To

establish a network for secure communication, you have to implement IPSec security policy on the

servers. What authentication methods can you use for this implementation? Each correct answer

represents a complete solution. Choose all that apply.

A. Public-key cryptography

B. Kerberos

C. Preshared keys

D. Digital certificates


Options are :

  • D,C,B
  • B,C,D (Correct)
  • C,B,A
  • A,B,C

Answer : B,C,D

CISSP - Security Operations Mock Questions

An organization wants to allow a certificate authority to gain access to the encrypted data and

create digital signatures on behalf of the user. The data is encrypted using the public key from a

user's certificate. Which of the following processes fulfills the above requirements?


Options are :

  • Key escrow (Correct)
  • Key revocation
  • Key recovery
  • Key storage

Answer : Key escrow

The service-oriented modeling framework (SOMF) provides a common modeling notation to

address alignment between business and IT organizations. Which of the following principles does

the SOMF concentrate on? Each correct answer represents a part of the solution. Choose all that

apply.

A. Disaster recovery planning

B. SOA value proposition

C. Software assets reuse

D. Architectural components abstraction

E. Business traceability


Options are :

  • E,B,D,C
  • D,C,B,E
  • A,B,C,D
  • B,C,D,E (Correct)

Answer : B,C,D,E

John used to work as a Network Administrator for We-are-secure Inc. Now he has resigned from

the company for personal reasons. He wants to send out some secret information of the company.

To do so, he takes an image file and simply uses a tool image hide and embeds the secret file

within an image file of the famous actress, Jennifer Lopez, and sends it to his Yahoo mail id. Since

he is using the image file to send the data, the mail server of his company is unable to filter this

mail. Which of the following techniques is he performing to accomplish his task?


Options are :

  • Web ripping
  • Steganography (Correct)
  • Email spoofing
  • Social engineering

Answer : Steganography

CISSP Security Engineering Certification Practice Exam Set 2

You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform the following

tasks: Develop a risk-driven enterprise information security architecture. Deliver security

infrastructure solutions that support critical business initiatives. Which of the following methods will

you use to accomplish these tasks?


Options are :

  • Sherwood Applied Business Security Architecture (Correct)
  • Service-oriented architecture
  • Service-oriented modeling and architecture
  • Service-oriented modeling framework

Answer : Sherwood Applied Business Security Architecture

The IPSec protocol is configured in an organization's network in order to maintain a complete

infrastructure for secured network communications. IPSec uses four components for this. Which of

the following components reduces the size of data transmitted over congested network

connections and increases the speed of such networks without losing data?


Options are :

  • AH
  • ESP
  • IKE
  • IPcomp (Correct)

Answer : IPcomp

Which of the following layers of the OSI model corresponds to the Host-to-Host layer of the

TCP/IP model?


Options are :

  • The session layer
  • The transport layer (Correct)
  • The presentation layer
  • The application layer

Answer : The transport layer

CISSP - Mock Questions with all domains

Which of the following is an electrical event shows that there is enough power on the grid to

prevent from a total power loss but there is no enough power to meet the current electrical

demand?


Options are :

  • Brownout (Correct)
  • Blackout
  • Power Spike
  • Power Surge

Answer : Brownout

Which of the following can be configured so that when an alarm is activated, all doors lock and the

suspect or intruder is caught between the doors in the dead-space?


Options are :

  • Network Intrusion Detection System (NIDS)
  • Host Intrusion Detection System (HIDS)
  • Biometric device
  • Man trap (Correct)

Answer : Man trap

Which of the following should the administrator ensure during the test of a disaster recovery plan?

A. Ensure that the plan works properly

B. Ensure that all the servers in the organization are shut down.

C. Ensure that each member of the disaster recovery team is aware of their responsibility.

D. Ensure that all client computers in the organization are shut down.


Options are :

  • B,D
  • D,C
  • A,C (Correct)
  • A,B

Answer : A,C

CISSP Security Engineering Certification Practice Exam Set 8

Which of the following types of attacks is often performed by looking surreptitiously at the

keyboard or monitor of an employee's computer?


Options are :

  • Buffer-overflow attack
  • Denial-of-Service (DoS) attack
  • Shoulder surfing attack (Correct)
  • Man-in-the-middle attack

Answer : Shoulder surfing attack

Which of the following encryption modes can make protocols without integrity protection even

more susceptible to replay attacks, since each block gets decrypted in exactly the same way?


Options are :

  • Cipher block chaining mode
  • Cipher feedback mode
  • Output feedback mode
  • Electronic codebook mode (Correct)

Answer : Electronic codebook mode

A helpdesk technician received a phone call from an administrator at a remote branch office. The

administrator claimed to have forgotten the password for the root account on UNIX servers and

asked for it. Although the technician didn't know any administrator at the branch office, the guy

sounded really friendly and since he knew the root password himself, he supplied the caller with

the password. What type of attack has just occurred?


Options are :

  • Brute Force attack
  • Replay attack
  • War dialing attack
  • Social Engineering attack (Correct)

Answer : Social Engineering attack

CISSP - Security and Risk Management Pratice Questions

Mark has been hired by a company to work as a Network Assistant. He is assigned the task to

configure a dial-up connection. He is configuring a laptop. Which of the following protocols should

he disable to ensure that the password is encrypted during remote access?


Options are :

  • MSCHAP
  • PAP (Correct)
  • MSCHAP V2
  • SPAP

Answer : PAP

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now