CISSP Security and Risk Management Certified Practice Exam Set 1

The Internet Architecture Board (IAB) characterizes which of the following as unethical behavior for Internet users?


Options are :

  • Monitoring data traffic.
  • Wasting computer resources. (Correct)
  • Concealing unauthorized accesses.
  • Writing computer viruses.

Answer : Wasting computer resources.

CISSP - Security Operations Mock Questions

Which one of the following represents an ALE calculation?


Options are :

  • Asset value x loss expectancy.
  • Gross loss expectancy x loss frequency.
  • Single loss expectancy x annualized rate of occurrence (Correct)
  • Actual replacement cost - proceeds of salvage

Answer : Single loss expectancy x annualized rate of occurrence

Which of the following is not one of the three goals of Integrity addressed by the ClarkWilson model?


Options are :

  • Preservation of the internal and external consistency.
  • Prevention of the modification of information by unauthorized users.
  • Prevention of the unauthorized or unintentional modification of information by authorized users.
  • Prevention of the modification of information by authorized users. (Correct)

Answer : Prevention of the modification of information by authorized users.

Regarding codes of ethics covered within the ISC2 CBK, within which of them is the phrase "Discourage unsafe practice" found?


Options are :

  • (ISC)2 Code of Ethics (Correct)
  • CIAC Guidelines
  • Computer Ethics Institute commandments
  • Internet Activities Board's Ethics and the Internet (RFC1087)

Answer : (ISC)2 Code of Ethics

CISSP Security Engineering Certification Practical Exam Set 4

Which of the following is NOT a factor related to Access Control?


Options are :

  • integrity
  • availability
  • authenticity (Correct)
  • confidentiality

Answer : authenticity

Which of the following is the correct set of assurance requirements for EAL 5?


Options are :

  • Semiformally verified tested and checked
  • Semiformally designed and tested (Correct)
  • Semiformally verified design and tested
  • Semiformally tested and checked

Answer : Semiformally designed and tested

A deviation from an organization-wide security policy requires which of the following?


Options are :

  • Risk Assignment
  • Risk Containment
  • Risk Acceptance (Correct)
  • Risk Reduction

Answer : Risk Acceptance

CISSP Security Engineering Certification Practice Exam Set 5

Which of the following is the best reason for the use of an automated risk analysis tool?


Options are :

  • Much of the data gathered during the review cannot be reused for subsequent analysis.
  • Most software tools have user interfaces that are easy to use and do not require any training.
  • Automated methodologies require minimal training and knowledge of risk analysis.
  • Information gathering would be minimized and expedited due to the amount of information already built into the tool. (Correct)

Answer : Information gathering would be minimized and expedited due to the amount of information already built into the tool.

What is called an event or activity that has the potential to cause harm to the information systems or networks?


Options are :

  • Threat (Correct)
  • .Weakness
  • Threat agent
  • Vulnerability

Answer : Threat

Which of the following issues is NOT addressed by Kerberos?


Options are :

  • Authentication
  • Availability (Correct)
  • Confidentiality
  • Integrity

Answer : Availability

CISSP Security Engineering Certification Practice Exam Set 9

What does "residual risk" mean?


Options are :

  • The security risk that remains after controls have been implemented (Correct)
  • A security risk intrinsic to an asset being audited, where no mitigation has taken place
  • Risk that remains after risk assessment has been performed
  • Weakness of an asset which can be exploited by a threat

Answer : The security risk that remains after controls have been implemented

Which of the following is considered the weakest link in a security system?


Options are :

  • Hardware
  • People (Correct)
  • Communications
  • Software

Answer : People

Which of the following statements is not listed within the 4 canons of the (ISC)2 Code of Ethics?


Options are :

  • .All information systems security professionals who are certified by (ISC)2 shall promote and preserve public trust and confidence in information and systems.
  • All information systems security professionals who are certified by (ISC)2 shall observe all contracts and agreements, express or implied.
  • All information systems security professionals who are certified by (ISC)2 shall think about the social consequences of the program they write. (Correct)
  • All information systems security professionals who are certified by (ISC)2 shall render only those services for which they are fully competent and qualified.

Answer : All information systems security professionals who are certified by (ISC)2 shall think about the social consequences of the program they write.

CISSP - Security Assessment and Testing Mock

Within the realm of IT security, which of the following combinations best defines risk?


Options are :

  • Threat coupled with a breach.
  • Threat coupled with a breach of security.
  • Vulnerability coupled with an attack.
  • Threat coupled with a vulnerability. (Correct)

Answer : Threat coupled with a vulnerability.

The major objective of system configuration management is which of the following?


Options are :

  • .System operations.
  • System tracking.
  • System maintenance.
  • System stability. (Correct)

Answer : System stability.

Which of the following is needed for System Accountability?


Options are :

  • Audit mechanisms. (Correct)
  • Documented design as laid out in the Common Criteria.
  • Authorization
  • .Formal verification of system design.

Answer : Audit mechanisms.

CISSP Security Engineering Certification Practice Exam Set 4

Preservation of confidentiality within information systems requires that the information is not disclosed to:


Options are :

  • Unauthorized persons
  • Authorized persons and processes
  • .Authorized persons
  • Unauthorized persons or processes. (Correct)

Answer : Unauthorized persons or processes.

Which of the following is the most important ISC2 Code of Ethics Canons?


Options are :

  • Provide diligent and competent service to principals
  • Protect society, the commonwealth, and the infrastructure (Correct)
  • Act honorably, honestly, justly, responsibly, and legally
  • Advance and protect the profession

Answer : Protect society, the commonwealth, and the infrastructure

A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks is called:


Options are :

  • a risk.
  • an overflow.
  • a threat.
  • a vulnerability. (Correct)

Answer : a vulnerability.

CISSP - Mock Questions with all domains

How is Annualized Loss Expectancy (ALE) derived from a threat?


Options are :

  • AV x EF
  • ARO x (SLE - EF)
  • SLE/EF
  • SLE x ARO (Correct)

Answer : SLE x ARO

Which of the following is the MOST important aspect relating to employee termination?


Options are :

  • The details of employee have been removed from active payroll files.
  • User ID and passwords of the employee have been deleted.
  • Company property provided to the employee has been returned. (Correct)
  • The appropriate company staff is notified about the termination.

Answer : Company property provided to the employee has been returned.

CISSP - Software Development Security Mock Questions

If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be compensated:


Options are :

  • Based on new, comparable, or identical item for old regardless of condition of lost item (Correct)
  • Based on the value of item on the date of loss
  • Based on the value listed on the Ebay auction web site
  • Based on value of item one month before the loss

Answer : Based on new, comparable, or identical item for old regardless of condition of lost item

Good security is built on which of the following concept?


Options are :

  • The concept of defensive controls.
  • The concept of preventative controls.
  • The concept of a pass-through device that only allows certain traffic in and out.
  • The concept of defense in depth. (Correct)

Answer : The concept of defense in depth.

The technology approach


Options are :

  • Choose the best countermeasure (Correct)
  • Identify risks
  • Provide an economic balance between the impact of the risk and the cost of the associated countermeasure
  • Quantify the impact of potential threats

Answer : Choose the best countermeasure

CISSP - Mock Questions with all domains

What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the case where a company employs 100 data entry clerks and every one of them makes one input error each month?


Options are :

  • 120
  • 1
  • 100
  • 1200 (Correct)

Answer : 1200

Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used?


Options are :

  • Detective, corrective, and physical.
  • Administrative, operational, and logical.
  • Physical, technical, and administrative (Correct)
  • Preventive, corrective, and administrative.

Answer : Physical, technical, and administrative

Related to information security, availability is the opposite of which of the following?


Options are :

  • distribution
  • destruction (Correct)
  • documentation
  • delegation

Answer : destruction

CISSP Security and Risk Management Certified Practice Exam Set 3

Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following?


Options are :

  • Availability
  • Integrity
  • Confidentiality (Correct)
  • capability

Answer : Confidentiality

The ISC2 Code of Ethics does not include which of the following behaviors for a CISSP:


Options are :

  • Ethical behavior (Correct)
  • Legality
  • Control
  • Honesty

Answer : Ethical behavior

Related to information security, confidentiality is the opposite of which of the following?


Options are :

  • disclosure (Correct)
  • disaster
  • .closure
  • disposal

Answer : disclosure

CISSP - Mock Questions with all domains

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions