CISSP Security and Risk Management Certified Practice Exam Set 1

There are basic objectives of Cryptography. What is the greatest benefit from the following encryption process?


Options are :

  • confidence (Correct)
  • Authentication
  • None
  • integrity
  • Non-repudiation

Answer : confidence

Sam is a security manager of the financial institution. Senior management has requested he perform a risk analysis of all critical vulnerabilities reported by the IS auditor. After carrying out a risk analysis, Sam has noticed that a few risks, cost-benefit analysis shows that the costs of risk management measures (countermeasures, components, or secure) is more than possible lost, which could arise. What kind of strategy should be to recommend Sam senior management to manage these risks?


Options are :

  • None
  • risk transfer
  • Risk mitigation measures
  • acceptable risk level (Correct)
  • risk aversion

Answer : acceptable risk level

Which term best describes the practice is used to detect fraud to users or to users by forcing them out of a job for a while?


Options are :

  • Mandatory Vacations (Correct)
  • Cycle
  • The principle of least privilege
  • mandatory separation
  • None

Answer : Mandatory Vacations

Among the several methods to deal with the risks that we must be committed to undertake the business, one of which involves using a control reduces the risk?


Options are :

  • transference
  • Adoption
  • mitigation (Correct)
  • Avoidance
  • None

Answer : mitigation

CISSP-ISSAP Information Systems Security Architecture Exam Set 3

Which of the following rules are the least likely to support the idea of ??least privilege?


Options are :

  • Rights of use of tools that are likely to be used by hackers to be as restrictive as possible.
  • .Administrators should be used regularly accounts when performing reading of the normal use of the mail.
  • None
  • the number of administrative staff accounts should be kept as low as possible.
  • Only data and critical systems and applications should be allowed through the firewall. (Correct)

Answer : Only data and critical systems and applications should be allowed through the firewall.

What is the main goal of the separation of duties?


Options are :

  • In order to ensure that audit trails are touched.
  • In order to ensure that no one person can endanger the system. (Correct)
  • None
  • To ensure access to proper organization of supervision.
  • To prevent employees from disclosing sensitive information.

Answer : In order to ensure that no one person can endanger the system.

Controls such as job rotation, division of responsibilities and reviews of audit records associated with:


Options are :

  • Detective / technical.
  • preventive and / or physical.
  • Detective / physical.
  • None
  • Detective / administrative (Correct)

Answer : Detective / administrative

Which of the following risk handling engineering practice activity, so that this risk does not materialize?


Options are :

  • risk aversion (Correct)
  • Risk mitigation measures
  • acceptable risk level
  • None
  • risk transfer

Answer : risk aversion

Which of the following risk handling engineering practice runs the risk of another entity, such as an insurance company?


Options are :

  • None
  • risk aversion
  • Risk mitigation measures
  • risk transfer (Correct)
  • acceptable risk level

Answer : risk transfer

What or risk assessment and dealing with risks, which of the four most common ways below aim to eliminate with the participation of a risk assessed?


Options are :

  • mitigation
  • Avoidance (Correct)
  • transference
  • None
  • Adoption

Answer : Avoidance

CISSP - Security and Risk Management Pratice Questions

Drivers, which usually require a human to estimate the input sensors or cameras, whether a real threat exists of:


Options are :

  • Detective / technical
  • Detective / physical. (Correct)
  • None
  • Detective / administrative.
  • preventive and / or physical.

Answer : Detective / physical.

Which of the following is characteristic of a decision support system (DSS) in respect of the threat and risk analysis?


Options are :

  • DSS only supports structured decision-making tasks.
  • DSS seeks to solve well-structured problems.
  • DSS emphasizes flexibility in decision-making approach to users. (Correct)
  • DSS combines the use of non-traditional models of access to information and search functions.
  • None

Answer : DSS emphasizes flexibility in decision-making approach to users.

Which of the following is covered in the Criminal insurance coverage?


Options are :

  • manuscripts
  • The engraved, printed or written documents,
  • None
  • accounts receivable
  • Money and securities (Correct)

Answer : Money and securities

Which of the following couples use the technique to control the access control policy?


Options are :

  • Preventive / Technical (Correct)
  • Preventive / Administrative
  • Preventive / Physical
  • Detective / Administrative
  • None

Answer : Preventive / Technical

This basic set certain thresholds or certain mistakes and to accept the number of these events, which may occur before it is considered suspicious?


Options are :

  • The threshold level
  • Checkpoint level
  • cut-off level (Correct)
  • None
  • the ceiling

Answer : cut-off level

In order for users to perform tasks and duties without having to go through an extra step, it is important that the security checks and mechanisms that are in use there is a certain?


Options are :

  • Complexity
  • of transparency
  • None
  • transparency (Correct)
  • Simplicity

Answer : transparency

CISSP (Information Systems Security) Practice Tests 2019 Set 7

no way to completely eliminate or avoid risk, you can only manage them. Risk-free environment does not exist. If you have risks that have been identified, understood and assessed to be acceptable in order to do business. What is this, this approach to risk management is called?


Options are :

  • risk aversion
  • Risk mitigation measures
  • None
  • acceptable risk level (Correct)
  • risk Transference

Answer : acceptable risk level

John is a product manager for the information system. His product has undergone unauthorized review by the IS auditor. John has chosen to apply the relevant security controls to reduce security risks proposed by the IS auditor. Which of the following technology is used in the treatment of risk identified John provided by an IS auditor?


Options are :

  • None
  • Risk mitigation measures (Correct)
  • risk aversion
  • acceptable risk level
  • risk transfer

Answer : Risk mitigation measures

You are the manager of a major international bank, and from time to time to transfer employees between positions in their department. What is this process called?


Options are :

  • None
  • Dual Control
  • separation of Duties
  • Cycle (Correct)
  • Mandatory Vacation

Answer : Cycle

the number of violations, which will be accepted or forgiven before the violation record is produced is called which of the following?


Options are :

  • forgiveness level
  • the acceptance level
  • None
  • cut-off level (Correct)
  • log level

Answer : cut-off level

It is against the "differentiation" principle, when which of the following individuals to use the software in systems implementing security?


Options are :

  • security analyst
  • security administrator
  • systems accountant
  • None
  • systems programmer (Correct)

Answer : systems programmer

Which of the following Confidentiality, integrity and availability (CIA) attribute supports the principle of least privilege by providing access to information to only authorized and intended users?


Options are :

  • accuracy
  • confidence (Correct)
  • integrity
  • Availability
  • None

Answer : confidence

CISSP - Mock Questions with all domains

Sentence. The message can be encrypted, which provides:


Options are :

  • Authentication
  • confidence (Correct)
  • None
  • Non-repudiation
  • integrity

Answer : confidence

The message can be encrypted and digitally signed, which provides:


Options are :

  • Confidentiality and Non-repudiation
  • Confidentiality and authentication
  • Confidentiality and integrity.
  • None
  • Confidentiality, authentication, non-repudiation and integrity. (Correct)

Answer : Confidentiality, authentication, non-repudiation and integrity.

Which risk assessment formula ALE = SLE x ARO is used?


Options are :

  • quantitative analysis (Correct)
  • the expected loss analysis
  • None
  • objective analysis
  • qualitative analysis

Answer : quantitative analysis

Which of the following will ensure that the TCB is designed, developed, and they must be maintained to be officially monitored standards that force protection at each stage of the life cycle of the system?


Options are :

  • Covert timing back
  • Operational Assurance
  • the life cycle of backup (Correct)
  • Covert storage backup
  • None

Answer : the life cycle of backup

Which of the following is a method for detecting fraud in which employees from one position to another?


Options are :

  • Mandatory assignments
  • Cycle (Correct)
  • None
  • mandatory rotation
  • Mandatory Vacations

Answer : Cycle

Which of the following will ensure that safety is not violated when the system crashes or other system failure?


Options are :

  • None
  • termination
  • hot swap
  • safe boot
  • Trusted recovery (Correct)

Answer : Trusted recovery

CISSP-ISSAP Information Systems Security Architecture Exam Set 5

Which of the following is not a technical control?


Options are :

  • Password and resource management
  • Intrusion Detection Systems
  • Monitoring physical intrusion (Correct)
  • None
  • Identification and authentication methods

Answer : Monitoring physical intrusion

Information security measures, a guarantee that the sent message has been received message is a guarantee that the message will not intentionally or unintentionally change is an example of which of the following?


Options are :

  • None
  • Availability
  • identity
  • integrity (Correct)
  • confidence

Answer : integrity

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions