There are basic objectives of Cryptography. What is the greatest benefit from the following encryption process?
Options are :
- confidence
(Correct)
- Authentication
- None
- integrity
- Non-repudiation
Answer : confidence
Sam
is a security manager of the financial institution. Senior management
has requested he perform a risk analysis of all critical vulnerabilities
reported by the IS auditor. After carrying out a risk analysis, Sam has
noticed that a few risks, cost-benefit analysis shows that the costs of
risk management measures (countermeasures, components, or secure) is
more than possible lost, which could arise. What kind of strategy should
be to recommend Sam senior management to manage these risks?
Options are :
- None
- risk transfer
- Risk mitigation measures
- acceptable risk level
(Correct)
- risk aversion
Answer : acceptable risk level
Which term best describes the practice is used to detect fraud to users or to users by forcing them out of a job for a while?
Options are :
- Mandatory Vacations
(Correct)
- Cycle
- The principle of least privilege
- mandatory separation
- None
Answer : Mandatory Vacations
Among
the several methods to deal with the risks that we must be committed to
undertake the business, one of which involves using a control reduces
the risk?
Options are :
- transference
- Adoption
- mitigation
(Correct)
- Avoidance
- None
Answer : mitigation
CISSP-ISSEP Information Systems Security Engineering Exam Set 4
Which of the following rules are the least likely to support the idea of ??least privilege?
Options are :
- Rights of use of tools that are likely to be used by hackers to be as restrictive as possible.
- .Administrators should be used regularly accounts when performing reading of the normal use of the mail.
- None
- the number of administrative staff accounts should be kept as low as possible.
- Only data and critical systems and applications should be allowed through the firewall.
(Correct)
Answer : Only data and critical systems and applications should be allowed through the firewall.
What is the main goal of the separation of duties?
Options are :
- In order to ensure that audit trails are touched.
- In order to ensure that no one person can endanger the system.
(Correct)
- None
- To ensure access to proper organization of supervision.
- To prevent employees from disclosing sensitive information.
Answer : In order to ensure that no one person can endanger the system.
Controls such as job rotation, division of responsibilities and reviews of audit records associated with:
Options are :
- Detective / technical.
- preventive and / or physical.
- Detective / physical.
- None
- Detective / administrative
(Correct)
Answer : Detective / administrative
Which of the following risk handling engineering practice activity, so that this risk does not materialize?
Options are :
- risk aversion
(Correct)
- Risk mitigation measures
- acceptable risk level
- None
- risk transfer
Answer : risk aversion
Which of the following risk handling engineering practice runs the risk of another entity, such as an insurance company?
Options are :
- None
- risk aversion
- Risk mitigation measures
- risk transfer
(Correct)
- acceptable risk level
Answer : risk transfer
What
or risk assessment and dealing with risks, which of the four most
common ways below aim to eliminate with the participation of a risk
assessed?
Options are :
- mitigation
- Avoidance
(Correct)
- transference
- None
- Adoption
Answer : Avoidance
CISSP - Security Operations Mock Questions
Drivers, which usually require a human to estimate the input sensors or cameras, whether a real threat exists of:
Options are :
- Detective / technical
- Detective / physical.
(Correct)
- None
- Detective / administrative.
- preventive and / or physical.
Answer : Detective / physical.
Which of the following is characteristic of a decision support system (DSS) in respect of the threat and risk analysis?
Options are :
- DSS only supports structured decision-making tasks.
- DSS seeks to solve well-structured problems.
- DSS emphasizes flexibility in decision-making approach to users.
(Correct)
- DSS combines the use of non-traditional models of access to information and search functions.
- None
Answer : DSS emphasizes flexibility in decision-making approach to users.
Which of the following is covered in the Criminal insurance coverage?
Options are :
- manuscripts
- The engraved, printed or written documents,
- None
- accounts receivable
- Money and securities
(Correct)
Answer : Money and securities
Which of the following couples use the technique to control the access control policy?
Options are :
- Preventive / Technical
(Correct)
- Preventive / Administrative
- Preventive / Physical
- Detective / Administrative
- None
Answer : Preventive / Technical
This
basic set certain thresholds or certain mistakes and to accept the
number of these events, which may occur before it is considered
suspicious?
Options are :
- The threshold level
- Checkpoint level
- cut-off level
(Correct)
- None
- the ceiling
Answer : cut-off level
In
order for users to perform tasks and duties without having to go
through an extra step, it is important that the security checks and
mechanisms that are in use there is a certain?
Options are :
- Complexity
- of transparency
- None
- transparency
(Correct)
- Simplicity
Answer : transparency
CISSP - Software Development Security Mock Questions
no
way to completely eliminate or avoid risk, you can only manage them.
Risk-free environment does not exist. If you have risks that have been
identified, understood and assessed to be acceptable in order to do
business. What is this, this approach to risk management is called?
Options are :
- risk aversion
- Risk mitigation measures
- None
- acceptable risk level
(Correct)
- risk Transference
Answer : acceptable risk level
John
is a product manager for the information system. His product has
undergone unauthorized review by the IS auditor. John has chosen to
apply the relevant security controls to reduce security risks proposed
by the IS auditor. Which of the following technology is used in the
treatment of risk identified John provided by an IS auditor?
Options are :
- None
- Risk mitigation measures
(Correct)
- risk aversion
- acceptable risk level
- risk transfer
Answer : Risk mitigation measures
You
are the manager of a major international bank, and from time to time to
transfer employees between positions in their department. What is this
process called?
Options are :
- None
- Dual Control
- separation of Duties
- Cycle
(Correct)
- Mandatory Vacation
Answer : Cycle
the
number of violations, which will be accepted or forgiven before the
violation record is produced is called which of the following?
Options are :
- forgiveness level
- the acceptance level
- None
- cut-off level
(Correct)
- log level
Answer : cut-off level
It
is against the "differentiation" principle, when which of the following
individuals to use the software in systems implementing security?
Options are :
- security analyst
- security administrator
- systems accountant
- None
- systems programmer
(Correct)
Answer : systems programmer
Which
of the following Confidentiality, integrity and availability (CIA)
attribute supports the principle of least privilege by providing access
to information to only authorized and intended users?
Options are :
- accuracy
- confidence
(Correct)
- integrity
- Availability
- None
Answer : confidence
CISSP - Security Engineering Mock Questions
Sentence. The message can be encrypted, which provides:
Options are :
- Authentication
- confidence
(Correct)
- None
- Non-repudiation
- integrity
Answer : confidence
The message can be encrypted and digitally signed, which provides:
Options are :
- Confidentiality and Non-repudiation
- Confidentiality and authentication
- Confidentiality and integrity.
- None
- Confidentiality, authentication, non-repudiation and integrity.
(Correct)
Answer : Confidentiality, authentication, non-repudiation and integrity.
Which risk assessment formula ALE = SLE x ARO is used?
Options are :
- quantitative analysis
(Correct)
- the expected loss analysis
- None
- objective analysis
- qualitative analysis
Answer : quantitative analysis
Which
of the following will ensure that the TCB is designed, developed, and
they must be maintained to be officially monitored standards that force
protection at each stage of the life cycle of the system?
Options are :
- Covert timing back
- Operational Assurance
- the life cycle of backup
(Correct)
- Covert storage backup
- None
Answer : the life cycle of backup
Which of the following is a method for detecting fraud in which employees from one position to another?
Options are :
- Mandatory assignments
- Cycle
(Correct)
- None
- mandatory rotation
- Mandatory Vacations
Answer : Cycle
Which of the following will ensure that safety is not violated when the system crashes or other system failure?
Options are :
- None
- termination
- hot swap
- safe boot
- Trusted recovery
(Correct)
Answer : Trusted recovery
CISSP - Security Operations Mock Questions
Which of the following is not a technical control?
Options are :
- Password and resource management
- Intrusion Detection Systems
- Monitoring physical intrusion
(Correct)
- None
- Identification and authentication methods
Answer : Monitoring physical intrusion
Information
security measures, a guarantee that the sent message has been received
message is a guarantee that the message will not intentionally or
unintentionally change is an example of which of the following?
Options are :
- None
- Availability
- identity
- integrity
(Correct)
- confidence
Answer : integrity
