CISSP Security and Risk Management Certified Practice Exam Set 3

Which of the following would be the best way to monitor the development of the information security policy?


Options are :

  • None
  • Security Officer (Correct)
  • responsible for security
  • administrators
  • end user

Answer : Security Officer

Which of the following 4 does not list the canons of (ISC) 2 Code of Ethics?


Options are :

  • None
  • All computer security professionals who are certified by (ISC) 2 adhere to all agreements, express or implied.
  • All computer security professionals who are certified by (ISC) 2 may be made only those services for which they are fully qualified and competent.
  • .All computer security professionals who are certified by (ISC) 2 to promote and preserve public confidence in information and systems.
  • All computer security professionals who are certified by (ISC) 2 is to think about the social consequences of the program they write. (Correct)

Answer : All computer security professionals who are certified by (ISC) 2 is to think about the social consequences of the program they write.

What is called the probability of threat information system are realized?


Options are :

  • susceptibility
  • None
  • .Hole
  • Risk (Correct)
  • threat

Answer : Risk

CISSP Security and Risk Management Certified Practice Exam Set 4

What is called an event or activity that has the potential to cause harm to information systems or networks?


Options are :

  • threat agent
  • threat (Correct)
  • susceptibility
  • .Weakness
  • None

Answer : threat

Which of the following is the most important ISC2 Code of Canons?


Options are :

  • To protect society, the commonwealth, and the infrastructure (Correct)
  • Act honorably, honestly, justly, responsibly and legally
  • Advance and protect the profession
  • Provide diligent and competent service to the Heads of
  • None

Answer : To protect society, the commonwealth, and the infrastructure

Which of the following is the best reason to use the automated risk analysis?


Options are :

  • None
  • Automated methods require little training and information for risk analysis.
  • Most software tools are user interfaces that are easy to use and do not require any training.
  • The collection of data should be as small as possible and to speed up, because the amount of information is already built-in tool. (Correct)
  • A large part of the review of the data collected can not be re-used for later analysis.

Answer : The collection of data should be as small as possible and to speed up, because the amount of information is already built-in tool.

Maintaining the confidentiality of inside information systems requires that information will be given:


Options are :

  • .Authorized persons
  • Unauthorized persons or processes. (Correct)
  • people and processes of councilors
  • unauthorized persons
  • None

Answer : Unauthorized persons or processes.

Reduction of risk and risk reduction controls by providing a security-classified into three major categories, which the following are in use?


Options are :

  • Administrative, functional and logical.
  • Physical, technical and administrative (Correct)
  • Detective, corrective and physical.
  • None
  • Preventive, corrective and administrative.

Answer : Physical, technical and administrative

The main objective of the system configuration management is which of the following?


Options are :

  • System monitoring.
  • Stability of the system. (Correct)
  • .System activity.
  • None
  • System Maintenance.

Answer : Stability of the system.

CISSP Security Engineering Certification Practice Exam Set 1

Make sure that only those who are intended to use the information can be used is which of the following?


Options are :

  • integrity
  • acquirements
  • None
  • confidence (Correct)
  • availability

Answer : confidence

Which of the following is not one of the three objectives of the Integrity lacked Clark Wilson model?


Options are :

  • None
  • Prevention of amending the data from unauthorized users.
  • Contraception amending the information available to authorized users. (Correct)
  • Prevention of unauthorized or accidental change of information available to authorized users.
  • Preservation of internal and external consistency.

Answer : Contraception amending the information available to authorized users.

The weakness or lack of protection of which may make use of the threat, which causes damage to information systems or networks known as:


Options are :

  • risk.
  • vulnerability. (Correct)
  • threat.
  • overflow.
  • None

Answer : vulnerability.

What is needed Accountability System of the following?


Options are :

  • The inspection system. (Correct)
  • authorization
  • The documented design laid out in the Common Criteria.
  • None
  • .Formal verification system design.

Answer : The inspection system.

Which of the following is considered the weakest link in the security system?


Options are :

  • People (Correct)
  • Hardware
  • Software
  • None
  • Communications

Answer : People

Which of the following things does not deal with Kerberos?


Options are :

  • confidence
  • integrity
  • Authentication
  • None
  • Availability (Correct)

Answer : Availability

CISSP (Information Systems Security) Practice Tests 2019 Set 7

Deviation from the entire organization's security policy requires which of the following?


Options are :

  • risk Containment
  • None
  • Reducing risks
  • risk Task
  • acceptable risk level (Correct)

Answer : acceptable risk level

Which of the following is not a factor associated with the Access Control?


Options are :

  • None
  • confidence
  • integrity
  • authenticity (Correct)
  • availability

Answer : authenticity

As for the "residual risk" mean?


Options are :

  • Danger remaining after a risk assessment has been carried out
  • The security risk of the audited natural asset, with no mitigation has occurred
  • remaining after a safety checks must be carried out (Correct)
  • None
  • Weakness trump card, which can be exploited threat

Answer : remaining after a safety checks must be carried out

Which of the following responses is the best example of Risk Transference?


Options are :

  • Adoption
  • insurance (Correct)
  • The results of Cost Benefit Analysis
  • None
  • Not at all hosting services

Answer : insurance

Which of the following is an advantage is more qualitative, quantitative risk analysis?


Options are :

  • .It provides a specific quantitative measurements of the magnitude of the impact.
  • It makes the cost-benefit analysis is recommended in order to facilitate supervision.
  • None
  • It can easily be automated.
  • It prioritizing risks and defining immediate improvement in dealing with vulnerabilities. (Correct)

Answer : It prioritizing risks and defining immediate improvement in dealing with vulnerabilities.

Efficient security policies should not be, which of the following feature?


Options are :

  • Be designed in such a way that the short- and medium-term goals (Correct)
  • Define responsibilities and powers
  • Understandable and support of all stakeholders
  • Incorporating differentiation
  • None

Answer : Be designed in such a way that the short- and medium-term goals

Fighting measures, which are intended to reveal violations by means of security software and hardware related to:


Options are :

  • Detective / physical.
  • preventive and / or physical
  • None
  • Detective / technical. (Correct)
  • Detective / administrative.

Answer : Detective / technical.

CISSP Security Engineering Certification Practice Exam Set 5

Which of the following expresses the proper differentiation?


Options are :

  • None
  • Programmers may use the system console.
  • Operators are not allowed to change the system time (Correct)
  • The tape carriers will be permitted to use the system console
  • Console operators are allowed to install tapes and discs.

Answer : Operators are not allowed to change the system time

One purpose is security awareness program is to change:


Options are :

  • management approach to enterprise security posture.
  • attitudes and behavior towards the employee's company security posture. (Correct)
  • None
  • Business attitudes safeguard the data
  • attitudes of sensitive information about employees.

Answer : attitudes and behavior towards the employee's company security posture.

Preliminary steps in the security planning includes all of the following EXCEPT which of the following?


Options are :

  • List assumptions.
  • None
  • To identify alternative approaches
  • Establish a security audit function. (Correct)
  • Objectives basis.

Answer : Establish a security audit function.

Which of the following BEST answer relates to the type of risk analysis, which committees, interviews, opinions and subjective workload of staff?


Options are :

  • qualitative Risk Analysis (Correct)
  • Interview approach to risk analysis
  • quantitative risk analysis
  • None
  • .Managerial Risk Assessment

Answer : qualitative Risk Analysis

What type of security control is also known as "Logical" control?


Options are :

  • None
  • physical
  • administrative
  • Risk
  • technical (Correct)

Answer : technical

What is security?


Options are :

  • Notice that focuses on the licensing procedure for the system
  • The high-level statements management's expectations to be met in regards to safety (Correct)
  • Policy, which determines the authentication to the network.
  • None
  • Policy, which focuses on ensuring a secure position and indicates the approval of management. It explains in detail how to implement the requirements.

Answer : The high-level statements management's expectations to be met in regards to safety

CISSP Security Engineering Certification Practical Exam Set 5

Which of the following would be the best to classify it under control?


Options are :

  • Documentation
  • None
  • Physical and environmental protection
  • the reliability of staff
  • The review of security checks (Correct)

Answer : The review of security checks

Which of the following statements from the imported security is not true?


Options are :

  • None
  • It must be flexible to the changing environment.
  • Its main purpose is to inform users, administrators and managers to protect their mandatory requirements of technology and information assets.
  • It determines how the hardware and software should be used throughout the organization. (Correct)
  • It has to be approval and support at all levels of an organization of workers, so that it would be appropriate and effective.

Answer : It determines how the hardware and software should be used throughout the organization.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions