CISSP Security and Risk Management Certified Practice Exam Set 3

Which of the following would be the best way to monitor the development of the information security policy?


Options are :

  • None
  • Security Officer
  • responsible for security
  • administrators
  • end user

Answer : Security Officer

Which of the following 4 does not list the canons of (ISC) 2 Code of Ethics?


Options are :

  • None
  • All computer security professionals who are certified by (ISC) 2 adhere to all agreements, express or implied.
  • All computer security professionals who are certified by (ISC) 2 may be made only those services for which they are fully qualified and competent.
  • .All computer security professionals who are certified by (ISC) 2 to promote and preserve public confidence in information and systems.
  • All computer security professionals who are certified by (ISC) 2 is to think about the social consequences of the program they write.

Answer : All computer security professionals who are certified by (ISC) 2 is to think about the social consequences of the program they write.

What is called the probability of threat information system are realized?


Options are :

  • susceptibility
  • None
  • .Hole
  • Risk
  • threat

Answer : Risk

CISSP - Security and Risk Management Pratice Questions

What is called an event or activity that has the potential to cause harm to information systems or networks?


Options are :

  • threat agent
  • threat
  • susceptibility
  • .Weakness
  • None

Answer : threat

Which of the following is the most important ISC2 Code of Canons?


Options are :

  • To protect society, the commonwealth, and the infrastructure
  • Act honorably, honestly, justly, responsibly and legally
  • Advance and protect the profession
  • Provide diligent and competent service to the Heads of
  • None

Answer : To protect society, the commonwealth, and the infrastructure

Which of the following is the best reason to use the automated risk analysis?


Options are :

  • None
  • Automated methods require little training and information for risk analysis.
  • Most software tools are user interfaces that are easy to use and do not require any training.
  • The collection of data should be as small as possible and to speed up, because the amount of information is already built-in tool.
  • A large part of the review of the data collected can not be re-used for later analysis.

Answer : The collection of data should be as small as possible and to speed up, because the amount of information is already built-in tool.

Maintaining the confidentiality of inside information systems requires that information will be given:


Options are :

  • .Authorized persons
  • Unauthorized persons or processes.
  • people and processes of councilors
  • unauthorized persons
  • None

Answer : Unauthorized persons or processes.

Reduction of risk and risk reduction controls by providing a security-classified into three major categories, which the following are in use?


Options are :

  • Administrative, functional and logical.
  • Physical, technical and administrative
  • Detective, corrective and physical.
  • None
  • Preventive, corrective and administrative.

Answer : Physical, technical and administrative

The main objective of the system configuration management is which of the following?


Options are :

  • System monitoring.
  • Stability of the system.
  • .System activity.
  • None
  • System Maintenance.

Answer : Stability of the system.

CISSP-ISSAP Information Systems Security Architecture Exam Set 1

Make sure that only those who are intended to use the information can be used is which of the following?


Options are :

  • integrity
  • acquirements
  • None
  • confidence
  • availability

Answer : confidence

Which of the following is not one of the three objectives of the Integrity lacked Clark Wilson model?


Options are :

  • None
  • Prevention of amending the data from unauthorized users.
  • Contraception amending the information available to authorized users.
  • Prevention of unauthorized or accidental change of information available to authorized users.
  • Preservation of internal and external consistency.

Answer : Contraception amending the information available to authorized users.

The weakness or lack of protection of which may make use of the threat, which causes damage to information systems or networks known as:


Options are :

  • risk.
  • vulnerability.
  • threat.
  • overflow.
  • None

Answer : vulnerability.

What is needed Accountability System of the following?


Options are :