CISSP Security Engineering Certification Practical Exam Set 2

Which of the following is the preferred way to suppress an electrical fire in an information center?


Options are :

  • ABC Rated Dry Chemical
  • water or soda acid
  • CO2, soda acid, or Halon
  • CO2 (Correct)

Answer : CO2

CISSP Security Engineering Certification Practice Exam Set 10

When considering an IT System Development Life-cycle, security should be:


Options are :

  • Treated as an integral part of the overall system design. (Correct)
  • Added once the design is completed.
  • Mostly considered during the initiation phase.
  • Mostly considered during the development phase.

Answer : Treated as an integral part of the overall system design.

Which security model introduces access to objects only through programs?


Options are :

  • The information flow model
  • The Biba model
  • The Bell-LaPadula model
  • The Clark-Wilson model (Correct)

Answer : The Clark-Wilson model

Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the fire?


Options are :

  • water
  • soda acid
  • CO2
  • Halon (Correct)

Answer : Halon

CISSP Security Engineering Certification Practice Exam Set 4

What does the * (star) property mean in the Bell-LaPadula model?


Options are :

  • No read up
  • No write down (Correct)
  • No read down
  • No write up

Answer : No write down

Which of the following is NOT a type of motion detector?


Options are :

  • Photoelectric sensor (Correct)
  • Microwave Sensor.
  • Ultrasonic Sensor.
  • Passive infrared sensors

Answer : Photoelectric sensor

Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense?


Options are :

  • TCSEC (Correct)
  • ITSEC
  • DIACAP
  • NIACAP

Answer : TCSEC

CISSP - Software Development Security Mock Questions

Which of the following security models does NOT concern itself with the flow of data?


Options are :

  • The Bell-LaPadula model
  • The noninterference model (Correct)
  • The Biba model
  • The information flow model

Answer : The noninterference model

The Orange Book is founded upon which security policy model?


Options are :

  • The Bell LaPadula Model (Correct)
  • TEMPEST
  • Clark-Wilson Model
  • The Biba Model

Answer : The Bell LaPadula Model

What does the simple security (ss) property mean in the Bell-LaPadula model?


Options are :

  • No write up
  • No write down
  • No read down
  • No read up (Correct)

Answer : No read up

CISSP - Security Operations Mock Questions

In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained?


Options are :

  • Testing and evaluation control (Correct)
  • Acceptance Phase
  • Postinstallation Phase
  • Functional Requirements Phase

Answer : Testing and evaluation control

Which of the following would be used to implement Mandatory Access Control (MAC)?


Options are :

  • Clark-Wilson Access Control
  • User dictated access control
  • Role-based access control
  • Lattice-based access control (Correct)

Answer : Lattice-based access control

Which Orange book security rating introduces security labels?


Options are :

  • B2
  • B1 (Correct)
  • C2
  • B3

Answer : B1

CISSP - Mock Questions with all domains

During which phase of an IT system life cycle are security requirements developed?


Options are :

  • Initiation
  • Operation
  • Functional design analysis and Planning (Correct)
  • Implementation

Answer : Functional design analysis and Planning

The Computer Security Policy Model the Orange Book is based on is which of the following?


Options are :

  • Tempest
  • Kerberos
  • Bell-LaPadula (Correct)
  • Data Encryption Standard

Answer : Bell-LaPadula

For maximum security design, what type of fence is most effective and cost-effective method (Foot is being used as measurement unit below)?


Options are :

  • 3' to 4' high.
  • 8' high and above with strands of barbed wire (Correct)
  • Double fencing
  • 6' to 7' high.

Answer : 8' high and above with strands of barbed wire

CISSP Security Engineering Certification Practice Exam Set 5

Which of the following is an example of discretionary access control?


Options are :

  • Rule-based access control
  • Role-based access control
  • Task-based access control
  • Identity-based access control (Correct)

Answer : Identity-based access control

What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters?


Options are :

  • Central station alarm
  • Proprietary alarm
  • An auxiliary station alarm (Correct)
  • A remote station alarm

Answer : An auxiliary station alarm

Which of the following questions is less likely to help in assessing physical and environmental protection?


Options are :

  • Are appropriate fire suppression and prevention devices installed and working?
  • Is physical access to data transmission lines controlled?
  • Are entry codes changed periodically?
  • Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? (Correct)

Answer : Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information?

CISSP Security Engineering Certification Practice Exam Set 9

Which of the following is a class C fire?


Options are :

  • common combustibles
  • electrical (Correct)
  • soda acid
  • liquid

Answer : electrical

Which access control model would a lattice-based access control model be an example of?


Options are :

  • Mandatory access control. (Correct)
  • Non-discretionary access control.
  • Rule-based access control.
  • Discretionary access control.

Answer : Mandatory access control.

Which of the following statements pertaining to the Bell-LaPadula model is TRUE if you are NOT making use of the strong star property?


Options are :

  • It addresses covert channels. C.It addresses management of access
  • It addresses management of access controls.
  • It allows "write up." (Correct)
  • It allows "read up."

Answer : It allows "write up."

CISSP - Security Assessment and Testing Mock

Risk reduction in a system development life-cycle should be applied:


Options are :

  • Mostly to the development phase.
  • Mostly to the initiation phase.
  • Mostly to the disposal phase.
  • Equally to all phases. (Correct)

Answer : Equally to all phases.

Which of the following is the lowest TCSEC class wherein the systems must support separate operator and system administrator roles?


Options are :

  • A1
  • B2 (Correct)
  • B1
  • A2

Answer : B2

Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate?


Options are :

  • The project will be completed late.
  • The project will exceed the cost estimates
  • The project will be incompatible with existing systems.
  • The project will fail to meet business and user needs (Correct)

Answer : The project will fail to meet business and user needs

CISSP - Mock Questions with all domains

Which Orange book security rating is the FIRST to be concerned with covert channels?


Options are :

  • B2 (Correct)
  • B3
  • A1
  • B1

Answer : B2

Which of the following organizations PRODUCES and PUBLISHES the Federal Information Processing Standards (FIPS)?


Options are :

  • The National Security Agency (NSA)
  • The American National Standards Institute (ANSI)
  • The National Institute of Standards and Technology (NIST) (Correct)
  • The National Computer Security Center (NCSC)

Answer : The National Institute of Standards and Technology (NIST)

Which of the following is a class A fire?


Options are :

  • liquid
  • common combustibles (Correct)
  • Halon
  • electrical

Answer : common combustibles

CISSP - Security and Risk Management Pratice Questions

What does the * (star) integrity axiom mean in the Biba model?


Options are :

  • No read down
  • No read up
  • No write up (Correct)
  • No write down

Answer : No write up

Which of the following statements relating to the Biba security model is FALSE?


Options are :

  • A subject is not allowed to write up.
  • Programs serve as an intermediate layer between subjects and objects. (Correct)
  • Integrity levels are assigned to subjects and objects.
  • It is a state machine model.

Answer : Programs serve as an intermediate layer between subjects and objects.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions