CISSP Security Assessment Testing Security Operations Exam Set 6

Which of the following is defined as the most recent point in time to which data must be synchronized without adversely affecting the organization (financial or operational impacts)?


Options are :

  • Recovery Point Objective
  • Critical Time Objective
  • Point of Time Objective
  • Recovery Time Objective

Answer :Recovery Point Objective

Which of the following is NOT a common backup method?


Options are :

  • Daily backup method
  • Differential backup method
  • Incremental backup method
  • Full backup method

Answer :Daily backup method

Which common backup method is the fastest on a daily basis?


Options are :

  • Fast backup method
  • Full backup method
  • Differential backup method
  • Incremental backup method

Answer :Incremental backup method

CISSP - Mock Questions with all domains

Which of the following focuses on sustaining an organization's business functions during and after a disruption?


Options are :

  • Business recovery plan
  • Disaster recovery plan
  • Continuity of operations plan
  • Business continuity pla

Answer :Business continuity pla

Which of the following is a large hardware/software backup system that uses the RAID technology?


Options are :

  • Crimson Array
  • Table Array
  • Tape Array.
  • Scale Array.

Answer :Tape Array.

During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable?


Options are :

  • Measurement of accuracy
  • Elapsed time for completion of critical tasks
  • Quantitatively measuring the results of the test
  • Evaluation of the observed test results

Answer :Quantitatively measuring the results of the test

CISSP - Security Operations Mock Questions

When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is known as?


Options are :

  • Archiving
  • Shadowing
  • Data mirroring
  • Backup

Answer :Shadowing

Which of the following item would best help an organization to gain a common understanding of functions that are critical to its survival?


Options are :

  • A risk assessment
  • A disaster recovery plan
  • A business assessment
  • A business impact analysis

Answer :A business impact analysis

Which of the following is most concerned with personnel security?


Options are :

  • Technical controls
  • Human resources controls
  • Operational controls
  • Management controls

Answer :Operational controls

CISSP Security Engineering Certification Practical Exam Set 5

Failure of a contingency plan is usually:


Options are :

  • A technical failure.
  • Because of a lack of awareness.
  • Because of a lack of training.
  • A management failure.

Answer :A management failure.

A site that is owned by the company and mirrors the original production site is referred to as a _______?


Options are :

  • Warm Site.
  • Reciprocal site.
  • Hot site.
  • Redundant Site.

Answer :Redundant Site.

If an organization were to monitor their employees' e-mail, it should not:


Options are :

  • Explain who can read the e-mail and how long it is backed up.
  • Inform all employees that e-mail is being monitored.
  • Monitor only a limited number of employees.
  • Explain what is considered an acceptable use of the e-mail system

Answer :Monitor only a limited number of employees.

CISSP Security Engineering Certification Practice Exam Set 10

Which of the following backup methods is most appropriate for off-site archiving?


Options are :

  • Incremental backup method
  • Full backup method
  • Off-site backup method
  • Differential backup method

Answer :Full backup method

What can be defined as the maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization?


Options are :

  • Critical Recovery Time (CRT)
  • Recovery Time Period (RTP)
  • Recovery Time Objectives (RTO)
  • Recovery Point Objectives (RPO)

Answer :Recovery Time Objectives (RTO)

Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix?


Options are :

  • Vendor contact information, including offsite storage and alternate site.
  • The Business Impact Analysis.
  • Contact information for all personnel.
  • Equipment and system requirements lists of the hardware, software, firmware and other resources required to support system operations.

Answer :Contact information for all personnel.

CISSP - Security Operations Mock Questions

Which of the following enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks?


Options are :

  • Risk assessment
  • Security controls
  • Business units
  • Residual risks

Answer :Risk assessment

A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes. Which of the following services is more likely to be of primary concern in the context of what your Disaster Recovery Plan would include?


Options are :

  • IS Operations
  • Facilities security
  • Marketing/Public relations
  • Data/Telecomm/IS facilities

Answer :Data/Telecomm/IS facilities

Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following?


Options are :

  • Accountability of biometrics systems
  • Adaptability of biometrics systems
  • Availability of biometrics systems
  • Acceptability of biometrics systems

Answer :Acceptability of biometrics systems

CISSP - Software Development Security Mock Questions

A contingency plan should address:


Options are :

  • Potential risks.
  • Residual risks.
  • Identified risks.
  • All answers are correct.

Answer :All answers are correct.

What assesses potential loss that could be caused by a disaster?


Options are :

  • The Risk Assessment (RA)
  • The Business Assessment (BA)
  • The Business Impact Analysis (BIA)
  • The Business Continuity Plan (BCP)

Answer :The Business Impact Analysis (BIA)

A Business Continuity Plan should be tested:


Options are :

  • At least twice a year.
  • At least once every two years.
  • At least once a year
  • Once a month.

Answer :At least once a year

CISSP - Security and Risk Management Pratice Questions

Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect?


Options are :

  • There should be requirements to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan.
  • In order to facilitate recovery, a single plan should cover all locations
  • In its procedures and tasks, the plan should refer to functions, not specific individuals.
  • Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner.

Answer :In order to facilitate recovery, a single plan should cover all locations

The MOST common threat that impacts a business's ability to function normally is:


Options are :

  • Severe Weather
  • Power Outage
  • Water Damag
  • Labor Strike

Answer :Power Outage

Which of the following best defines a Computer Security Incident Response Team (CSIRT)?


Options are :

  • An organization that disseminates incident-related information to its constituency and other involved parties.
  • An organization that ensures that security incidents are reported to the authorities.
  • An organization that provides a secure channel for receiving reports about suspected security incidents.
  • An organization that coordinates and supports the response to security incidents.

Answer :An organization that coordinates and supports the response to security incidents.

CISSP-ISSEP Information Systems Security Engineering Exam Set 2

Which of the following steps should be one of the FIRST steps performed in a Business Impact Analysis (BIA)?


Options are :

  • Evaluate the impact of disruptive events.
  • Estimate the Recovery Time Objectives (RTO).
  • dentify all CRITICAL business units within the organization.
  • Identify and Prioritize Critical Organization Functions

Answer :Identify and Prioritize Critical Organization Functions

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions