CISSP Security and Risk Management Certified Practice Exam Set 2

As part of the CBK, which of the following provides a minimum level of safety ACCEPTED environment?


Options are :

  • procedure
  • A guideline length
  • Starting point (Correct)
  • standard
  • None

Answer : Starting point

What would be an annual occurrence (ARO) threat, "the user input error", in case the company employs 100 data entry clerks and each of them makes an input error of one month?


Options are :

  • 1
  • None
  • 120
  • 1200 (Correct)
  • 100

Answer : 1200

CISSP - Security and Risk Management Pratice Questions

Information security measures, to prevent intentional or unintentional unauthorized disclosure content is which of the following?


Options are :

  • None
  • integrity
  • confidence (Correct)
  • acquirements
  • Availability

Answer : confidence

Make sure that the information is available when and where it is needed, which of the following?


Options are :

  • None
  • acceptability
  • confidence
  • availability (Correct)
  • integrity

Answer : availability

If property insurance is replacement cost valuation (RCV) clause damaged property is replaced by:


Options are :

  • Based on the value listed on the eBay auction website
  • Based on a new, comparable or same old embryo, regardless of the condition of the lost (Correct)
  • None
  • Based on the value of the near months prior to the loss of
  • Based on the value of the item of loss

Answer : Based on a new, comparable or same old embryo, regardless of the condition of the lost

Which of the following outlined how senior management are responsible for the security of your computer and the decisions that they make and what actually happened within their organizations?


Options are :

  • None
  • Federal sentencing guidelines in 1991 (Correct)
  • Computer Fraud and Abuse Act 1986.
  • The Economic Espionage Act of 1996
  • Computer Security Act of 1987

Answer : Federal sentencing guidelines in 1991

Engineering approach


Options are :

  • None
  • Quantitatively, the effects of possible threats
  • To join the economic balance of risk and cost associated with the effects of retaliation
  • Choose the best countermeasure (Correct)
  • identify risks

Answer : Choose the best countermeasure

Information security measures, confidentiality is the opposite, which of the following?


Options are :

  • .päättäminen
  • publication (Correct)
  • disaster
  • None
  • disposal

Answer : publication

CISSP Security Engineering Certification Practical Exam Set 3

Which of the following is not defined by the Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087) is unacceptable and unethical behavior?


Options are :

  • use a computer to steal (Correct)
  • waste of resources such as people, and the capacity of computers through such actions
  • destroys the integrity of computer-based information system
  • None
  • associated with negligence in the conduct of Internet-wide experiments

Answer : use a computer to steal

Good security is built in, which of the following concept?


Options are :

  • None
  • The concept of ex-ante controls.
  • The concept of pass-through device that permits only specific traffic in and out.
  • The concept of defensive control.
  • The concept of defense in depth. (Correct)

Answer : The concept of defense in depth.

What approach to ensure human security program is to protect the company's assets will drive the program?


Options are :

  • The bottom-up approach.
  • From the top-down approach (Correct)
  • Delphi approach.
  • None
  • Engineering approach

Answer : From the top-down approach

Which of the following is NOT an administrative control?


Options are :

  • Logical access control mechanisms (Correct)
  • The development of policies, standards, procedures and guidelines
  • screening of persons
  • Change Management Practices
  • None

Answer : Logical access control mechanisms

Which of the following is not part of the user accounts?


Options are :

  • Maintenance and Deactivation of the user objects and attributes
  • To delegate user management
  • Creating and deactivation of user accounts
  • None
  • Implementing Business Processes (Correct)

Answer : Implementing Business Processes

Which of the following is the most appropriate to inform an internal user monitoring session conducted?


Options are :

  • written agreement (Correct)
  • None
  • The logo banners
  • wall poster
  • .Tynteki manual

Answer : written agreement

CISSP Security Engineering Certification Practice Exam Set 10

Bearing in mind that these are objectives which are given for information purposes only CBK because they concern only the committee and not individuals. Which of the following statements (ISC) 2 Code of Ethics is not true?


Options are :

  • All computer security professionals who are certified by (ISC) 2 recognized that such a certification is a privilege, which is both earn and maintain.
  • All computer security professionals who are certified by (ISC) 2 is to prohibit behavior, such as by attaching or appearing to combine criminals or criminal behavior. (Correct)
  • None
  • All computer security professionals who are certified by (ISC) 2 to supply a diligent and professional service suppliers.
  • All computer security professionals who are certified by (ISC) 2 will promote understanding and acceptance of prudent security measures.

Answer : All computer security professionals who are certified by (ISC) 2 is to prohibit behavior, such as by attaching or appearing to combine criminals or criminal behavior.

ISC2 Code of Ethics does not contain, for which of the following behaviors CISSP:


Options are :

  • None
  • ethical behavior (Correct)
  • Integrity
  • Legality
  • control

Answer : ethical behavior

Information security measures, availability is the opposite, which of the following?


Options are :

  • destruction (Correct)
  • None
  • distribution
  • documentation
  • delegation

Answer : destruction

What are the three basic principles of safety?


Options are :

  • Availability, accountability and confidentiality
  • Confidentiality, integrity and availability (Correct)
  • Accountability, confidentiality and integrity
  • Integrity, availability and accountability
  • None

Answer : Confidentiality, integrity and availability

Information security measures, integrity is the opposite, which of the following?


Options are :

  • change (Correct)
  • None
  • abstraction
  • application
  • accreditation

Answer : change

What is best defined as the risk management?


Options are :

  • The process of eliminating the risk of
  • The process of transferring risk
  • The process reduces the risk to an acceptable level (Correct)
  • None
  • The process of risk assessment

Answer : The process reduces the risk to an acceptable level

CISSP - Mock Questions with all domains

Which one of these statements the key elements of a good configuration process is not true?


Options are :

  • None
  • Make sure that all requirements remain clear, concise and valid
  • In order to ensure the changes, standards, and requirements are communicated quickly and accurately
  • The control changes to prevent changes to the system hardware resources, (Correct)
  • Accommodate the reuse of proven standards and best practices

Answer : The control changes to prevent changes to the system hardware resources,

What would violate the Due Diligence concept of the following?


Options are :

  • Security policy is out of date
  • Data owners not setting out the basis for data protection
  • The network administrator for the compulsory two-week vacation planned
  • None
  • The latest security updates for servers installed in a Patch Management Process (Correct)

Answer : The latest security updates for servers installed in a Patch Management Process

How risk is transferred when the cost of countermeasure higher than the cost of the risk?


Options are :

  • None
  • .Reduce risk
  • Reject risk.
  • Perform a second risk analysis
  • You accept the risk. (Correct)

Answer : You accept the risk.

Which of the following is the correct set of security requirements for EAL 5?


Options are :

  • Semiformally verified tested and checked
  • Semiformally designed and tested (Correct)
  • Semiformally verified and tested
  • None
  • Semiformally tested and checked

Answer : Semiformally designed and tested

Internet Architecture Board (IAB), which is characterized by the following unethical behavior of Internet users?


Options are :

  • None
  • Follow-up data traffic.
  • Wasting computer resources. (Correct)
  • Writing computer viruses.
  • Concealing unauthorized accesses.

Answer : Wasting computer resources.

More real security, which of the following combination of the best of the risk?


Options are :

  • None
  • Along with the threat of vulnerability. (Correct)
  • Along with the threat of violation.
  • Coupled with the threat of a breach of security.
  • The vulnerability, combined with the attack.

Answer : Along with the threat of vulnerability.

Which of the following is the most important thing Employee termination?


Options are :

  • Details between the employee has been removed from active payroll files.
  • None
  • The company's property will be given to the employee has been restored. (Correct)
  • Username and passwords worker has been removed.
  • The appropriate company staff is informed of the termination.

Answer : The company's property will be given to the employee has been restored.

CISSP Security Engineering Certification Practice Exam Set 7

Regarding ethical rules covered by ISC2 CBK, within which they have the phrase "to discourage unsafe practice" found?


Options are :

  • The Internet activities of the Government Ethics and the Internet (RFC1087)
  • Computer Ethics Institute commandments
  • None
  • CIAC Help
  • (ISC) 2 Ethical (Correct)

Answer : (ISC) 2 Ethical

Which of the following represents the ALE calculation?


Options are :

  • Net asset value x loss expectancy.
  • Gross loss of the expected loss rate x.
  • The actual replacement - the yield rescue
  • None
  • Single Loss Expectancy x annualized rate of occurrence (Correct)

Answer : Single Loss Expectancy x annualized rate of occurrence

How to Annual Loss Expectancy (ALE) derived from a threat?


Options are :

  • SLE x ARO (Correct)
  • ARO x (SLE - EF)
  • SLE / EF
  • AV X EF
  • None

Answer : SLE x ARO

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions