CISSP Security Assessment Testing Security Operations Exam Set 2

Which of the following focuses on sustaining an organization's business functions during and after a disruption?


Options are :

  • Continuity of operations plan
  • Business continuity pla
  • Disaster recovery plan
  • Business recovery plan

Answer :Business continuity pla

CISSP - Security Operations Mock Questions

A contingency plan should address:


Options are :

  • Residual risks.
  • Identified risks.
  • Potential risks.
  • All answers are correct.

Answer :All answers are correct.

Which of the following items is NOT a benefit of cold sites?


Options are :

  • Low Cost
  • No resource contention with other organization
  • A secondary location is available to reconstruct the environmen
  • . Quick Recovery

Answer :. Quick Recovery

What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team?


Options are :

  • Operation may be carried by a completely different team than disaster recovery team
  • You move items back in the same order as the categories document in your plan or exactly in the same order as you did on your way to the alternate site
  • The most critical operations are moved from alternate site to primary site before others
  • The least critical functions should be moved back first

Answer :The least critical functions should be moved back first

CISSP - Security Operations Mock Questions

Business Continuity and Disaster Recovery Planning (Primarily) addresses the:


Options are :

  • Availability, Confidentiality and Integrity of the CIA triad
  • . Integrity of the CIA triad
  • Confidentiality of the CIA triad
  • Availability of the CIA triad

Answer :Availability of the CIA triad

What is the primary goal of setting up a honey pot?


Options are :

  • To set up a sacrificial lamb on the network
  • To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified.
  • To lure hackers into attacking unused systems
  • To entrap and track down possible hackers

Answer :To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified.

CISSP Security Engineering Certification Practical Exam Set 6

According to the Orange Book, which security level is the first to require a system to support separate operator and system administrator roles?


Options are :

  • A1
  • B1
  • B2
  • . B3

Answer :B2

Which of the following is an issue with signature-based intrusion detection systems?


Options are :

  • Signature databases must be augmented with inferential elements.
  • Only previously identified attack signatures are detected.
  • It runs only on the windows operating system
  • Hackers can circumvent signature evaluations.

Answer :Only previously identified attack signatures are detected.

Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of:


Options are :

  • Incident Recognition
  • Incident Evaluation
  • Incident Response
  • Incident Protection

Answer :Incident Response

CISSP - Security Operations Mock Questions

When should a post-mortem review meeting be held after an intrusion has been properly taken care of?


Options are :

  • Within the first week of completing the investigation of the intrusion
  • Within the first month after the investigation of the intrusion is completed
  • Within the first week after prosecution of intruders have taken place, whether successful or not.
  • Within the first three months after the investigation of the intrusion is completed.

Answer :Within the first week of completing the investigation of the intrusion

Which of the following are the two commonly defined types of covert channels?


Options are :

  • qStorage and Kernel
  • Software and Timing
  • Kernel and Timing
  • Storage and Timing

Answer :Storage and Timing

Which of the following security control is intended to avoid an incident from occurring?


Options are :

  • Recovery
  • Deterrent
  • Corrective
  • Preventive

Answer :Preventive

CISSP - Security Operations Mock Questions

Which TCSEC (Orange Book) rating or level requires the system to clearly identify functions of the security administrator to perform security-related functions?


Options are :

  • C2
  • B2
  • B3
  • B1

Answer :B3

When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence:


Options are :

  • Log files containing information regarding an intrusion are retained for at least as long as normal business records, and longer in the case of an ongoing investigation.
  • Law enforcement officials should be contacted for advice on how and when to collect critical information.
  • Evidence has to be collected in accordance with all laws and all legal regulations
  • Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available.

Answer :Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available.

Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of:


Options are :

  • Information flow controls
  • Asset controls
  • Deterrent controls
  • Output controls

Answer :Output controls

CISSP Security Engineering Certification Practice Exam Set 2

This type of control is used to ensure that transactions are properly entered into the system once. Elements of this type of control may include counting data and time stamping it with the date it


Options are :

  • Output Controls
  • Processing Controls
  • Input/Output Controls
  • Input Controls

Answer :Input Controls

Which of the following is often implemented by a one-for-one disk to disk ratio?


Options are :

  • RAID Level 2
  • RAID Level 1
  • RAID Level 5
  • RAID Level 0

Answer :RAID Level 1

Which of the following effectively doubles the amount of hard drives needed but also provides redundancy?


Options are :

  • RAID Level 0
  • RAID Level 1
  • RAID Level 5
  • RAID Level 2

Answer :RAID Level 1

CISSP Security Assessment Testing Security Operations Exam Set 5

RAID Level 1 is commonly called which of the following?


Options are :

  • hamming
  • mirroring
  • clustering
  • striping

Answer :mirroring

Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes?


Options are :

  • Key escrow
  • Principle of least privilege
  • Rotation of duties
  • Principle of need-to-know

Answer :Rotation of duties

Which of the following BEST describes Configuration Management controls?


Options are :

  • Auditing of changes to the Trusted Computing Base
  • Control of changes to the Trusted Computing Base.
  • Changes in the configuration access to the Trusted Computing Base.
  • Auditing and controlling any changes to the Trusted Computing Base.

Answer :Auditing and controlling any changes to the Trusted Computing Base.

CISSP Security Engineering Certification Practical Exam Set 7

What would you call a network security control deployed in line to detects, alerts, and takes action when a possible intrusion is detected.


Options are :

  • Application Based Intrusion Detection Systems (AIDS)
  • Host Based Intrusion Detection System (HIDS)
  • Intrusion Prevention System (IPS)
  • Network Based Intrusion Detection System (NIDS)

Answer :Intrusion Prevention System (IPS)

When two or more separate entities (usually persons) operating in concert to protect sensitive functions or information must combine their knowledge to gain access to an asset, this is known as:


Options are :

  • Segregation of duties
  • Dual Control
  • Separation of duties
  • Need to know

Answer :Dual Control

Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data?


Options are :

  • Management monitoring of audit logs
  • Limiting the local access of operations personnel
  • Enforcing regular password changes
  • Job rotation of operations personnel

Answer :Limiting the local access of operations personnel

CISSP - Security and Risk Management Pratice Questions

Which of the following questions is LESS likely to help in assessing controls over hardware and software maintenance?


Options are :

  • Is access to all program libraries restricted and controlled?
  • Are integrity verification programs used by applications to look for evidences of data tampering, errors, and omissions?
  • Are system components tested, documented, and approved prior to promotion to production?
  • Is there version control?

Answer :Are integrity verification programs used by applications to look for evidences of data tampering, errors, and omissions?

Configuration Management is a requirement for the following level(s) of the Orange Book?


Options are :

  • . B2, B3, and A1
  • B3 and A1
  • A1
  • B1, B2 and B3

Answer :. B2, B3, and A1

The exact requirements for the admissibility of evidence vary across legal systems and between different cases (e.g., criminal versus tort). At a more generic level, evidence should have some probative value, be relevant to the case at hand, and meet the following criteria which are often called the five rules of evidence:


Options are :

  • It has to be authentic, accurate, complete, convincing, and auditable.
  • It has to be authentic, accurate, complete, convincing, and Admissible.
  • It has to be encrypted, accurate, complete, convincing, and Admissible.
  • It has to be authentic, hashed, complete, convincing, and Admissible.

Answer :It has to be authentic, accurate, complete, convincing, and Admissible.

CISSP Security Engineering Certification Practice Exam Set 2

Detective/Technical measures:


Options are :

  • include intrusion detection systems and customized-generated violation reports from audit trail information.
  • do not include intrusion detection systems and automatically-generated violation reports from audit trail information.
  • include intrusion detection systems but do not include automatically-generated violation reports from audit trail information.
  • include intrusion detection systems and automatically-generated violation reports from audit trail information.

Answer :include intrusion detection systems and automatically-generated violation reports from audit trail information.

Which of the following is NOT a preventive operational control?


Options are :

  • Controlling software viruses.
  • Protecting laptops, personal computers and workstations
  • Conducting security awareness and technical training
  • Controlling data media access and disposal.

Answer :Conducting security awareness and technical training

Who is responsible for initiating corrective measures and capabilities used when there are security violations?


Options are :

  • Management
  • Data owners
  • Information systems auditor
  • Security administrator

Answer :Management

CISSP - Mock Questions with all domains

Which of the following is a problem regarding computer investigation issues?


Options are :

  • Evidence is easy to gather
  • n many instances, an expert or specialist is not required
  • Computer-generated records are only considered secondary evidence, thus are not as reliable as best evidence.
  • Information is tangible.

Answer :Computer-generated records are only considered secondary evidence, thus are not as reliable as best evidence.

What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)?


Options are :

  • Monitors all processes and activities on the host system only
  • It can be very invasive to the host operating system
  • They have an increased level of visibility and control compared to NIDS
  • Virtually eliminates limits associated with encryption

Answer :It can be very invasive to the host operating system

Which of the following are the three classifications of RAID identified by the RAID Advisory Board?


Options are :

  • Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems.
  • Failure Resistant Disk Systems (FRDSs), File Transfer Disk Systems, and Disaster Tolerant Disk Systems.
  • Federal Resistant Disk Systems (FRDSs), Fault Tolerant Disk Systems, and Disaster Tolerant Disk Systems.
  • Foreign Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems.

Answer :Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems.

CISSP - Security Engineering Mock Questions

The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called:


Options are :

  • alteration
  • enticement
  • investigation
  • entrapment

Answer :enticement

Which of the following is a reasonable response from the Intrusion Detection System (IDS) when it detects Internet Protocol (IP) packets where the IP source address and port is the same as the destination IP address and port?


Options are :

  • Record selected information about the packets and drop the packets
  • Translate the source address and resend the packet
  • Allow the packet to be processed by the network and record the event
  • Resolve the destination address and process the packet

Answer :Record selected information about the packets and drop the packets

How would nonrepudiation be BEST classified as?


Options are :

  • A logical control
  • A corrective control
  • A preventive control
  • A compensating control

Answer :A preventive control

CISSP-ISSEP Information Systems Security Engineering Exam Set 3

Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system?


Options are :

  • Directive Controls
  • Detective Controls
  • Corrective Controls
  • Preventative Controls

Answer :Preventative Controls

Which type of control is concerned with avoiding occurrences of risks?


Options are :

  • Detective controls
  • Preventive controls
  • Compensating controls
  • Deterrent controls

Answer :Preventive controls

Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)?


Options are :

  • event-based IDS
  • inference-based IDS
  • signature-based IDS
  • statistical anomaly-based IDS

Answer :signature-based IDS

CISSP Security and Risk Management Certified Practice Exam Set 4

Another example of Computer Incident Response Team (CIRT) activities is:


Options are :

  • Management of the netware logs, including collection, retention, review, and analysis of data
  • Management of the network logs, including review and analysis of data
  • Management of the network logs, including collection, retention, review, and analysis of data
  • Management of the network logs, including collection and analysis of data

Answer :Management of the network logs, including collection, retention, review, and analysis of data

You are a criminal hacker and have infiltrated a corporate network via a compromised host and a misconfigured firewall. You find many targets inside the network but all appear to be hardened except for one. It has several notable vulnerable services and it therefore seems out of place with an otherwise secured network. (Except for the misconfigured firewall, of course) What is it that you are likely seeing here?


Options are :

  • A Cisco Switch
  • An IDS (Intrusion Detection System)
  • A Honeypot
  • A File Server

Answer :A Honeypot

Which of the following is NOT a preventive login control?


Options are :

  • Account expiration
  • Minimum password length
  • Password aging
  • Last login message

Answer :Last login message

CISSP Security Engineering Certification Practice Exam Set 9

Which of the following is NOT a component of an Operations Security "triples"?


Options are :

  • Threat
  • Vulnerability
  • Asset
  • Risk

Answer :Risk

In Operations Security trusted paths provide:


Options are :

  • rustworthy integration into integrity functions.
  • trustworthy interfaces into privileged MTBF functions.
  • trusted access to unsecure paths.
  • trustworthy interfaces into privileged user functions.

Answer :trustworthy interfaces into privileged user functions.

Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if:


Options are :

  • They have failed to properly insure computer resources against loss.
  • The company does not prosecute the hacker that caused the breach.
  • They have not exercised due care protecting computing resources.
  • The company is not a multi-national company.

Answer :They have not exercised due care protecting computing resources.

CISSP-ISSEP Information Systems Security Engineering Exam Set 4

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions