©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
CISSP – Practice Questions And Correct
Answers
Data Remanence - answer✔The remains of partial or even the entire data set of digital
information
Disaster Recovery Planning (DRP) - answer✔Deals with restoring normal business operations
after the disaster takes place...works to get the business back to normal
Maximum tolerable downtime - answer✔The maximum period of time that a critical business
function can be inoperative before the company incurs significant and long-lasting damage.
802.5 - answer✔IEEE standard defines the Token Ring media access method
Recovery Time Objective - answer✔The balance against the cost of recover and the cost of
disruption
Resource Requirements - answer✔portion of the BIA that lists the resources that an
organization needs in order to continue operating each critical business function.
Checklist - answer✔Test is one in which copies of the plan are handed out to each functional
area to ensure the plan deal with their needs
Information Owner - answer✔The one person responsible for data, its classification and control
setting
Job Rotation - answer✔To move from location to location, keeping the same function
Differential power analysis - answer✔A side-channel attack carry-out on smart cards that
examining the power emission release during processing
Mitigate - answer✔Defined as real-time monitoring and analysis of network activity and data
for potential vulnerabilities and attacks in
progress.
1|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
Electromagnetic analysis - answer✔A side-channel attack on smart cards that examine the
frequencies emitted and timing
Analysis - answer✔Systematic assessment of threats and vulnerabilities that provides a basis for
effective management of risk.
Change Control - answer✔Maintaining full control over requests, implementation, traceability,
and proper documentation of changes.
Containment - answer✔Mitigate damage by isolating compromised systems from the network.
30 to 90 Days - answer✔Most organizations enforce policies to change password ranging from
Isochronous - answer✔Process must within set time constrains, applications are video related
where audio and video must match perfectly
Detection - answer✔Identification and notification of an unauthorized and/or undesired action
Electronic Vaulting - answer✔Periodic, automatic and transparent backup of data in bulk.
Fault Tolerance - answer✔Mitigation of system or component loss or interruption through use
of backup capability.
Incremental - answer✔A backup method use when time and space are a high importance
Secure HTTP - answer✔Protocol designed to same individual message securely
Criminal - answer✔Conduct that violates government laws developed to protect society
Class C - answer✔Has 256 hosts
RAID 0 - answer✔Creates one large disk by using several disks
Trade secrets - answer✔Deemed proprietary to a company and often include information that
provides a competitive edge, the information is protected as long the owner takes protective
actions
X.400 - answer✔Active Directory standard
Prevention - answer✔Controls deployed to avert unauthorized and/or undesired actions.
Redundant Array Of Independent Drives (RAID) - answer✔A group of hard drives working as
one storage unit for the purpose of speed and fault tolerance
Proprietary - answer✔Define the way in which the organization operates.
2|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
Gateway - answer✔Used to connect two networks using dissimilar protocols at different layers
of the OSI model
Classification - answer✔The assignment of a level of sensitivity to data (or information) that
results in the specification of controls for each level of classification.
Data Integrity - answer✔The property that data meet with a priority expectation of quality and
that the data can be relied upon.
Alarm Filtering - answer✔The process of categorizing attack alerts produced from an IDS in
order to distinguish false positives from actual attacks
Coaxial Cable - answer✔A cable consisting of a core, inner conductor that is surrounding by an
insulator, an outer cylindrical conductor
Concentrator - answer✔Layer 1 network device that is used to connect network segments
together, but provides no traffic control (a hub).
Digital Signature - answer✔An asymmetric cryptography mechanism that provides
authentication.
Eavesdropping - answer✔A passive network attack involving monitoring of traffic.
E-Mail Spoofing - answer✔Forgery of the sender's email address in an email header.
Emanations - answer✔Potentially compromising leakage of electrical or acoustical signals.
Fiber Optics - answer✔Bundles of long strands of pure glass that efficiently transmit light pulses
over long distances. Interception without detection is difficult.
Fraggle - answer✔A Denial of Service attack initiated by sending spoofed UDP echo request to
IP broadcast addresses.
Hijacking - answer✔Interception of a communication session by an attacker.
Hub - answer✔Layer 1 network device that is used to connect network segments together, but
provides no traffic control (a concentrator).
Injection - answer✔An attack technique that exploits systems that do not perform input
validation by embedding partial SQL queries inside input.
Interception - answer✔Unauthorized access of information (e.g. Tapping, sniffing, unsecured
wireless communication, emanations)
IP Address Spoofing - answer✔Forging of an IP address.
3|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
IP Fragmentation - answer✔An attack that breaks up malicious code into fragments, in an
attempt to elude detection.
Kerberos - answer✔A trusted third party authentication protocol
Incident response - answer✔Team should consist of: management, IT, legal, human resources,
public relations, security etc.
Modification - answer✔A type of attack involving attempted insertion, deletion or altering of
data.
Multiplexers - answer✔A device that sequentially switches multiple analog inputs to the
output.
Open Mail Relay Servers - answer✔A mail server that improperly allows inbound SMTP
connections for domains it does not serve.
Enticement - answer✔The legal act of luring an intruder, with intend to monitor their behavior
Packet Filtering - answer✔A basic level of network access control that is based upon
information contained in the IP packet header.
Patch Panels - answer✔Provides a physical cross connect point for devices.
Private Branch Exchange (PBX) - answer✔A telephone exchange for a specific office or business.
Phishing - answer✔A social engineering attack that uses spoofed email or websites to persuade
people to divulge information.
Physical Tampering - answer✔Unauthorized access of network devices.
Proxies - answer✔Mediates communication between un-trusted hosts on behalf of the hosts
that it protects.
Repeaters - answer✔Layer 1 network device that is used to connect network segments
together, but provides no traffic control (a concentrator).
Radio Frequency Interference (RFI) - answer✔A disturbance that degrades performance of
electronic devices and electronic communications.
Rogue Access Points - answer✔Unauthorized wireless network access device.
Routers - answer✔A layer 3 device that used to connect two or more network segments and
regulate traffic.
4|Page
ALL RIGHTS RESERVED.
CISSP – Practice Questions And Correct
Answers
Data Remanence - answer✔The remains of partial or even the entire data set of digital
information
Disaster Recovery Planning (DRP) - answer✔Deals with restoring normal business operations
after the disaster takes place...works to get the business back to normal
Maximum tolerable downtime - answer✔The maximum period of time that a critical business
function can be inoperative before the company incurs significant and long-lasting damage.
802.5 - answer✔IEEE standard defines the Token Ring media access method
Recovery Time Objective - answer✔The balance against the cost of recover and the cost of
disruption
Resource Requirements - answer✔portion of the BIA that lists the resources that an
organization needs in order to continue operating each critical business function.
Checklist - answer✔Test is one in which copies of the plan are handed out to each functional
area to ensure the plan deal with their needs
Information Owner - answer✔The one person responsible for data, its classification and control
setting
Job Rotation - answer✔To move from location to location, keeping the same function
Differential power analysis - answer✔A side-channel attack carry-out on smart cards that
examining the power emission release during processing
Mitigate - answer✔Defined as real-time monitoring and analysis of network activity and data
for potential vulnerabilities and attacks in
progress.
1|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
Electromagnetic analysis - answer✔A side-channel attack on smart cards that examine the
frequencies emitted and timing
Analysis - answer✔Systematic assessment of threats and vulnerabilities that provides a basis for
effective management of risk.
Change Control - answer✔Maintaining full control over requests, implementation, traceability,
and proper documentation of changes.
Containment - answer✔Mitigate damage by isolating compromised systems from the network.
30 to 90 Days - answer✔Most organizations enforce policies to change password ranging from
Isochronous - answer✔Process must within set time constrains, applications are video related
where audio and video must match perfectly
Detection - answer✔Identification and notification of an unauthorized and/or undesired action
Electronic Vaulting - answer✔Periodic, automatic and transparent backup of data in bulk.
Fault Tolerance - answer✔Mitigation of system or component loss or interruption through use
of backup capability.
Incremental - answer✔A backup method use when time and space are a high importance
Secure HTTP - answer✔Protocol designed to same individual message securely
Criminal - answer✔Conduct that violates government laws developed to protect society
Class C - answer✔Has 256 hosts
RAID 0 - answer✔Creates one large disk by using several disks
Trade secrets - answer✔Deemed proprietary to a company and often include information that
provides a competitive edge, the information is protected as long the owner takes protective
actions
X.400 - answer✔Active Directory standard
Prevention - answer✔Controls deployed to avert unauthorized and/or undesired actions.
Redundant Array Of Independent Drives (RAID) - answer✔A group of hard drives working as
one storage unit for the purpose of speed and fault tolerance
Proprietary - answer✔Define the way in which the organization operates.
2|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
Gateway - answer✔Used to connect two networks using dissimilar protocols at different layers
of the OSI model
Classification - answer✔The assignment of a level of sensitivity to data (or information) that
results in the specification of controls for each level of classification.
Data Integrity - answer✔The property that data meet with a priority expectation of quality and
that the data can be relied upon.
Alarm Filtering - answer✔The process of categorizing attack alerts produced from an IDS in
order to distinguish false positives from actual attacks
Coaxial Cable - answer✔A cable consisting of a core, inner conductor that is surrounding by an
insulator, an outer cylindrical conductor
Concentrator - answer✔Layer 1 network device that is used to connect network segments
together, but provides no traffic control (a hub).
Digital Signature - answer✔An asymmetric cryptography mechanism that provides
authentication.
Eavesdropping - answer✔A passive network attack involving monitoring of traffic.
E-Mail Spoofing - answer✔Forgery of the sender's email address in an email header.
Emanations - answer✔Potentially compromising leakage of electrical or acoustical signals.
Fiber Optics - answer✔Bundles of long strands of pure glass that efficiently transmit light pulses
over long distances. Interception without detection is difficult.
Fraggle - answer✔A Denial of Service attack initiated by sending spoofed UDP echo request to
IP broadcast addresses.
Hijacking - answer✔Interception of a communication session by an attacker.
Hub - answer✔Layer 1 network device that is used to connect network segments together, but
provides no traffic control (a concentrator).
Injection - answer✔An attack technique that exploits systems that do not perform input
validation by embedding partial SQL queries inside input.
Interception - answer✔Unauthorized access of information (e.g. Tapping, sniffing, unsecured
wireless communication, emanations)
IP Address Spoofing - answer✔Forging of an IP address.
3|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
IP Fragmentation - answer✔An attack that breaks up malicious code into fragments, in an
attempt to elude detection.
Kerberos - answer✔A trusted third party authentication protocol
Incident response - answer✔Team should consist of: management, IT, legal, human resources,
public relations, security etc.
Modification - answer✔A type of attack involving attempted insertion, deletion or altering of
data.
Multiplexers - answer✔A device that sequentially switches multiple analog inputs to the
output.
Open Mail Relay Servers - answer✔A mail server that improperly allows inbound SMTP
connections for domains it does not serve.
Enticement - answer✔The legal act of luring an intruder, with intend to monitor their behavior
Packet Filtering - answer✔A basic level of network access control that is based upon
information contained in the IP packet header.
Patch Panels - answer✔Provides a physical cross connect point for devices.
Private Branch Exchange (PBX) - answer✔A telephone exchange for a specific office or business.
Phishing - answer✔A social engineering attack that uses spoofed email or websites to persuade
people to divulge information.
Physical Tampering - answer✔Unauthorized access of network devices.
Proxies - answer✔Mediates communication between un-trusted hosts on behalf of the hosts
that it protects.
Repeaters - answer✔Layer 1 network device that is used to connect network segments
together, but provides no traffic control (a concentrator).
Radio Frequency Interference (RFI) - answer✔A disturbance that degrades performance of
electronic devices and electronic communications.
Rogue Access Points - answer✔Unauthorized wireless network access device.
Routers - answer✔A layer 3 device that used to connect two or more network segments and
regulate traffic.
4|Page
