CISSP PRACTICE TEST QUESTIONS
WITH ANSWERS||d
\. Access control model is: - Answer-A formal control model is a formal description of a
security policy.
\.. Evidence like printed business records, manuals, and, printouts are classified as: -
Answer-Real evidence
\.. Fastest backup restoration time is provided by combination - Answer-Full backups
and differential backups
\.. Which type of firewall can be used to track connectionless protocols such as UDP
and RPC? - Answer-Stateful inspection firewall
\.A commercial application of steganography that is used to identify documents or verify
their authenticity is ---- - Answer-A watermark
\.A contingency plan should address which of the following - Answer-Potential risks,
residual risks, identified risk
\.Access to audit reports be controlled and restricted because: - Answer-They contain
info about the vulnerabilities of the system
\.According to RFC 1087, 'Ethics and the Internet,' which of the following statement is
considered unethical? - Answer-actions that compromise the privacy of users
\.Active attack includes - Answer-Masquarading
\.Allowing access to resources based on permitted IP addresses is definition of: -
Answer-ACL
\.Another name for the Orange Book - Answer-The Trusted Computer System Eval.
Criteria (TCSEC)
\.At which layer of OSI model encryption is not possible? - Answer-Cipher Block
Chaining & Cipher Feedback
\.At which layer of OSI model encryption is not possible? - Answer-Data Link Layer
\.Audit trails are ------ type of security controls. - Answer-Passive
, \.Biometrics that can last a lifetime - Answer-Iris pattern
\.Buffer overflow and boundary condition errors are examples of: - Answer-Input
validation errors
\.Business continuity plan developed is based mostly on - Answer-Business Impact
Analysis
\.Calculate Single Loss Expectancy (SLE) for Jet Industries which expects that it would
lose $40 million, if flash floods struck its aircraft operations facility. - Answer-
$40,000,000 [amount of damage that would be caused by a single occurrence of the
risk]
\.Cat5 and Cat6 Categories are examples of - Answer-Twisted Pair
\.Clipping levels refers to: - Answer-Settling Allowable Thresholds on a Reported Activity
\.Computer center fires are generally caused by: - Answer-Electric distribution system
\.Detective technical control - Answer-IDS, Violation Reports, Honeypot
\.Disaster Recovery Planning's objective is: - Answer-Restoring normal business activity
\.During which phase of SDLC should Security and access controls be incorporated? -
Answer-Detailed design
\.Ethernet LAN in a bus topology is prone to unauthorized disclosure than switched
Ethernet in a star topology because - Answer-Ethernet is a broadcast technology
\.Ethics are - Answer-rules of personal behavior
\.Examples of operation control - Answer-Backup and recovery, contingency planning,
operations procedures
\.Fastest backup creation time is provided by combination - Answer-Full backups and
incremental backups
\.Fault tolerance safeguards help us to combat threats to - Answer-Data Reliability
\.Fraudulent use of a telephone service? - Answer-Phreaking
\.How a subject gets access to an object in Multi-Level Security Policy? - Answer-The
subjects sensitivity label must dominate the object's sensitivity label
WITH ANSWERS||d
\. Access control model is: - Answer-A formal control model is a formal description of a
security policy.
\.. Evidence like printed business records, manuals, and, printouts are classified as: -
Answer-Real evidence
\.. Fastest backup restoration time is provided by combination - Answer-Full backups
and differential backups
\.. Which type of firewall can be used to track connectionless protocols such as UDP
and RPC? - Answer-Stateful inspection firewall
\.A commercial application of steganography that is used to identify documents or verify
their authenticity is ---- - Answer-A watermark
\.A contingency plan should address which of the following - Answer-Potential risks,
residual risks, identified risk
\.Access to audit reports be controlled and restricted because: - Answer-They contain
info about the vulnerabilities of the system
\.According to RFC 1087, 'Ethics and the Internet,' which of the following statement is
considered unethical? - Answer-actions that compromise the privacy of users
\.Active attack includes - Answer-Masquarading
\.Allowing access to resources based on permitted IP addresses is definition of: -
Answer-ACL
\.Another name for the Orange Book - Answer-The Trusted Computer System Eval.
Criteria (TCSEC)
\.At which layer of OSI model encryption is not possible? - Answer-Cipher Block
Chaining & Cipher Feedback
\.At which layer of OSI model encryption is not possible? - Answer-Data Link Layer
\.Audit trails are ------ type of security controls. - Answer-Passive
, \.Biometrics that can last a lifetime - Answer-Iris pattern
\.Buffer overflow and boundary condition errors are examples of: - Answer-Input
validation errors
\.Business continuity plan developed is based mostly on - Answer-Business Impact
Analysis
\.Calculate Single Loss Expectancy (SLE) for Jet Industries which expects that it would
lose $40 million, if flash floods struck its aircraft operations facility. - Answer-
$40,000,000 [amount of damage that would be caused by a single occurrence of the
risk]
\.Cat5 and Cat6 Categories are examples of - Answer-Twisted Pair
\.Clipping levels refers to: - Answer-Settling Allowable Thresholds on a Reported Activity
\.Computer center fires are generally caused by: - Answer-Electric distribution system
\.Detective technical control - Answer-IDS, Violation Reports, Honeypot
\.Disaster Recovery Planning's objective is: - Answer-Restoring normal business activity
\.During which phase of SDLC should Security and access controls be incorporated? -
Answer-Detailed design
\.Ethernet LAN in a bus topology is prone to unauthorized disclosure than switched
Ethernet in a star topology because - Answer-Ethernet is a broadcast technology
\.Ethics are - Answer-rules of personal behavior
\.Examples of operation control - Answer-Backup and recovery, contingency planning,
operations procedures
\.Fastest backup creation time is provided by combination - Answer-Full backups and
incremental backups
\.Fault tolerance safeguards help us to combat threats to - Answer-Data Reliability
\.Fraudulent use of a telephone service? - Answer-Phreaking
\.How a subject gets access to an object in Multi-Level Security Policy? - Answer-The
subjects sensitivity label must dominate the object's sensitivity label
