CISSP Official ISC2 practice tests - Domain 1
1. What is the final step of a quantitative risk analysis? A. Determine asset value. B. Assess the annualized rate of occurrence. C. Derive the annualized loss expectancy. D. Conduct a it analysis. - Answer- D. The final step of a quantitative risk analysis is conducting a cost/benefit analysis to determine whether the organisation should implement proposed countermeasure(s). 2. An evil twin attack that broadcasts a legitimate SSID for an unauthorised network is an example of what category of threat? A. Spoofing B. Information disclosure C. Repudiation D. Tampering - Answer- A. Spoofing attacks use falsified identities. Spoofing attacks may use false IP addresses, email addresses, names, or, in the case of an evil twin attack, SSIDs. 3. Under the Digital Millennium Copyright Act (DMCA), what type of offenses do not require prompt action by an Internet service provider after it receives a notification of infringement claim from a copyright holder? A. Storage of information by a customer on a provider's server B. Caching of information by the provider C. Transmission of information over the provider's network by a customer D. Caching of information in a provider search engine - Answer- C. The DMCA states that providers are not responsible for the transitory activities of their users. Transmission of information over a network would qualify for this exemption. The other activities listed are all nontransitory actions that require remediation by the provider. 4. FlyAway Travel has offices in both the European Union and the United States and transfers personal information between those offices regularly. Which of the seven requirements for processing personal information states that organizations must inform individuals about how the information they collect is used? A. Notice B. Choice C. Onward Transfer D. Enforcement - Answer- A. The Notice principle says that organizations must inform individuals of the information the organization collects about individuals and how the organization will use it. These princi
Written for
- Institution
- CISSP -ISC2
- Course
- CISSP -ISC2
Document information
- Uploaded on
- September 16, 2023
- Number of pages
- 29
- Written in
- 2023/2024
- Type
- Exam (elaborations)
- Contains
- Questions & answers
Subjects
-
cissp official isc2 practice tests domain 1
-
1 what is the final step of a quantitative risk a
-
2 an evil twin attack that broadcasts a legitimat
-
3 under the digital millennium copyright act dmc
Also available in package deal
