CISSP Practice Questions

A.  

Payload encryption and transport encryption

B.  

Authentication Headers (AH)

C.  

Keyed-Hashing for Message Authentication

D.  

Point-to-Point Encryption (P2PE)

A.  

Mandating security policy acceptance

B.  

Changing individual behavior

C.  

Evaluating security awareness training

D.  

Filtering malicious e-mail content

A.  

Delayed revocation or destruction of credentials

B.  

Modification of Certificate Revocation List

C.  

Unauthorized renewal or re-issuance

D.  

Token use after decommissioning

A.  

Addresses and protocols of network-based logs are analyzed.

B.  

Host-based system logging has files stored in multiple locations.

C.  

Properly handled network-based logs may be more reliable and valid.

D.  

Network-based systems cannot capture users logging into the console.

A.  

Patches on the network are difficult to keep current.

B.  

It is the responsibility of the systems administrator.

C.  

User ID and passwords are never set to expire.

D.  

Network diagrams are not up to date.

A.  

Systems administration and operating systems

B.  

System incompatibility and patch management

C.  

Third-party applications and change controls

D.  

Improper stress testing and application interfaces

A.  

address-based authentication.

B.  

Address Resolution Protocol (ARP).

C.  

Reverse Address Resolution Protocol (RARP).

D.  

Transmission Control Protocol (TCP) hijacking.

A.  

Only the functional specifications are known to the test planner.

B.  

Only the source code and the design documents are known to the test planner.

C.  

Only the source code and functional specifications are known to the test planner.

D.  

Only the design documents and the functional specifications are known to the test planner.

A.  

exploit security weaknesses in the IS.

B.  

measure system performance on systems with weak security controls.

C.  

evaluate the effectiveness of security controls.

D.  

prepare for Disaster Recovery (DR) planning.

A.  

It contains the keys of all clients.

B.  

It always operates at root privilege.

C.  

It contains all the tickets for services.

D.  

It contains the Internet Protocol (IP) address of all network entities.

A.  

Mandatory Access Control (MAC).

B.  

owner-administered control.

C.  

owner-dependent access control.

D.  

Discretionary Access Control (DAC).

A.  

Degaussing

B.  

Encryption

C.  

Data Loss Prevention (DLP)

D.  

Authentication

A.  

Time of data validation after disaster

B.  

Time of data restoration from backup after disaster

C.  

Time of application resumption after disaster

D.  

Time of application verification after disaster

A.  

Formal acceptance of the security strategy

B.  

Disciplinary actions taken against unethical behavior

C.  

Development of an awareness program for new employees

D.  

Audit of all organization system configurations for faults

A.  

Removing employee's full access to the computer

B.  

Supervising their child's use of the computer

C.  

Limiting computer's access to only the employee

D.  

Ensuring employee understands their business conduct guidelines