CISSP – PRACTICE QUESTIONS AND
ANSWERS WITH SOLUTIONS 2024
Data Remanence - ANSWER The remains of partial or even the entire data set of digital information
Disaster Recovery Planning (DRP) - ANSWER Deals with restoring normal business operations after the
disaster takes place...works to get the business back to normal
Maximum tolerable downtime - ANSWER The maximum period of time that a critical business function
can be inoperative before the company incurs significant and long-lasting damage.
802.5 - ANSWER IEEE standard defines the Token Ring media access method
Recovery Time Objective - ANSWER The balance against the cost of recover and the cost of disruption
Resource Requirements - ANSWER portion of the BIA that lists the resources that an organization needs in
order to continue operating each critical business function.
Checklist - ANSWER Test is one in which copies of the plan are handed out to each functional area to
ensure the plan deal with their needs
Information Owner - ANSWER The one person responsible for data, its classification and control setting
Job Rotation - ANSWER To move from location to location, keeping the same function
Differential power analysis - ANSWER A side-channel attack carry-out on smart cards that examining the
power emission release during processing
Mitigate - ANSWER Defined as real-time monitoring and analysis of network activity and data for potential
vulnerabilities and attacks in
progress.
,Electromagnetic analysis - ANSWER A side-channel attack on smart cards that examine the frequencies
emitted and timing
Analysis - ANSWER Systematic assessment of threats and vulnerabilities that provides a basis for effective
management of risk.
Change Control - ANSWER Maintaining full control over requests, implementation, traceability, and proper
documentation of changes.
Containment - ANSWER Mitigate damage by isolating compromised systems from the network.
30 to 90 Days - ANSWER Most organizations enforce policies to change password ranging from
Isochronous - ANSWER Process must within set time constrains, applications are video related where audio
and video must match perfectly
Detection - ANSWER Identification and notification of an unauthorized and/or undesired action
Electronic Vaulting - ANSWER Periodic, automatic and transparent backup of data in bulk.
Fault Tolerance - ANSWER Mitigation of system or component loss or interruption through use of backup
capability.
Incremental - ANSWER A backup method use when time and space are a high importance
Secure HTTP - ANSWER Protocol designed to same individual message securely
Criminal - ANSWER Conduct that violates government laws developed to protect society
,Class C - ANSWER Has 256 hosts
RAID 0 - ANSWER Creates one large disk by using several disks
Trade secrets - ANSWER Deemed proprietary to a company and often include information that provides a
competitive edge, the information is protected as long the owner takes protective actions
X.400 - ANSWER Active Directory standard
Prevention - ANSWER Controls deployed to avert unauthorized and/or undesired actions.
Redundant Array Of Independent Drives (RAID) - ANSWER A group of hard drives working as one storage
unit for the purpose of speed and fault tolerance
Proprietary - ANSWER Define the way in which the organization operates.
Gateway - ANSWER Used to connect two networks using dissimilar protocols at different layers of the OSI
model
Classification - ANSWER The assignment of a level of sensitivity to data (or information) that results in the
specification of controls for each level of classification.
Data Integrity - ANSWER The property that data meet with a priority expectation of quality and that the
data can be relied upon.
Alarm Filtering - ANSWER The process of categorizing attack alerts produced from an IDS in order to
distinguish false positives from actual attacks
Coaxial Cable - ANSWER A cable consisting of a core, inner conductor that is surrounding by an insulator,
an outer cylindrical conductor
, Concentrator - ANSWER Layer 1 network device that is used to connect network segments together, but
provides no traffic control (a hub).
Digital Signature - ANSWER An asymmetric cryptography mechanism that provides authentication.
Eavesdropping - ANSWER A passive network attack involving monitoring of traffic.
E-Mail Spoofing - ANSWER Forgery of the sender's email address in an email header.
Emanations - ANSWER Potentially compromising leakage of electrical or acoustical signals.
Fiber Optics - ANSWER Bundles of long strands of pure glass that efficiently transmit light pulses over long
distances. Interception without detection is difficult.
Fraggle - ANSWER A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast
addresses.
Hijacking - ANSWER Interception of a communication session by an attacker.
Hub - ANSWER Layer 1 network device that is used to connect network segments together, but provides
no traffic control (a concentrator).
Injection - ANSWER An attack technique that exploits systems that do not perform input validation by
embedding partial SQL queries inside input.
Interception - ANSWER Unauthorized access of information (e.g. Tapping, sniffing, unsecured wireless
communication, emanations)
IP Address Spoofing - ANSWER Forging of an IP address.
ANSWERS WITH SOLUTIONS 2024
Data Remanence - ANSWER The remains of partial or even the entire data set of digital information
Disaster Recovery Planning (DRP) - ANSWER Deals with restoring normal business operations after the
disaster takes place...works to get the business back to normal
Maximum tolerable downtime - ANSWER The maximum period of time that a critical business function
can be inoperative before the company incurs significant and long-lasting damage.
802.5 - ANSWER IEEE standard defines the Token Ring media access method
Recovery Time Objective - ANSWER The balance against the cost of recover and the cost of disruption
Resource Requirements - ANSWER portion of the BIA that lists the resources that an organization needs in
order to continue operating each critical business function.
Checklist - ANSWER Test is one in which copies of the plan are handed out to each functional area to
ensure the plan deal with their needs
Information Owner - ANSWER The one person responsible for data, its classification and control setting
Job Rotation - ANSWER To move from location to location, keeping the same function
Differential power analysis - ANSWER A side-channel attack carry-out on smart cards that examining the
power emission release during processing
Mitigate - ANSWER Defined as real-time monitoring and analysis of network activity and data for potential
vulnerabilities and attacks in
progress.
,Electromagnetic analysis - ANSWER A side-channel attack on smart cards that examine the frequencies
emitted and timing
Analysis - ANSWER Systematic assessment of threats and vulnerabilities that provides a basis for effective
management of risk.
Change Control - ANSWER Maintaining full control over requests, implementation, traceability, and proper
documentation of changes.
Containment - ANSWER Mitigate damage by isolating compromised systems from the network.
30 to 90 Days - ANSWER Most organizations enforce policies to change password ranging from
Isochronous - ANSWER Process must within set time constrains, applications are video related where audio
and video must match perfectly
Detection - ANSWER Identification and notification of an unauthorized and/or undesired action
Electronic Vaulting - ANSWER Periodic, automatic and transparent backup of data in bulk.
Fault Tolerance - ANSWER Mitigation of system or component loss or interruption through use of backup
capability.
Incremental - ANSWER A backup method use when time and space are a high importance
Secure HTTP - ANSWER Protocol designed to same individual message securely
Criminal - ANSWER Conduct that violates government laws developed to protect society
,Class C - ANSWER Has 256 hosts
RAID 0 - ANSWER Creates one large disk by using several disks
Trade secrets - ANSWER Deemed proprietary to a company and often include information that provides a
competitive edge, the information is protected as long the owner takes protective actions
X.400 - ANSWER Active Directory standard
Prevention - ANSWER Controls deployed to avert unauthorized and/or undesired actions.
Redundant Array Of Independent Drives (RAID) - ANSWER A group of hard drives working as one storage
unit for the purpose of speed and fault tolerance
Proprietary - ANSWER Define the way in which the organization operates.
Gateway - ANSWER Used to connect two networks using dissimilar protocols at different layers of the OSI
model
Classification - ANSWER The assignment of a level of sensitivity to data (or information) that results in the
specification of controls for each level of classification.
Data Integrity - ANSWER The property that data meet with a priority expectation of quality and that the
data can be relied upon.
Alarm Filtering - ANSWER The process of categorizing attack alerts produced from an IDS in order to
distinguish false positives from actual attacks
Coaxial Cable - ANSWER A cable consisting of a core, inner conductor that is surrounding by an insulator,
an outer cylindrical conductor
, Concentrator - ANSWER Layer 1 network device that is used to connect network segments together, but
provides no traffic control (a hub).
Digital Signature - ANSWER An asymmetric cryptography mechanism that provides authentication.
Eavesdropping - ANSWER A passive network attack involving monitoring of traffic.
E-Mail Spoofing - ANSWER Forgery of the sender's email address in an email header.
Emanations - ANSWER Potentially compromising leakage of electrical or acoustical signals.
Fiber Optics - ANSWER Bundles of long strands of pure glass that efficiently transmit light pulses over long
distances. Interception without detection is difficult.
Fraggle - ANSWER A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast
addresses.
Hijacking - ANSWER Interception of a communication session by an attacker.
Hub - ANSWER Layer 1 network device that is used to connect network segments together, but provides
no traffic control (a concentrator).
Injection - ANSWER An attack technique that exploits systems that do not perform input validation by
embedding partial SQL queries inside input.
Interception - ANSWER Unauthorized access of information (e.g. Tapping, sniffing, unsecured wireless
communication, emanations)
IP Address Spoofing - ANSWER Forging of an IP address.
