CISSP - Practice QUESTIONS WITH
ACCURATE ANSWERS | MULTIPLE
CHOICES |2026\2027!! CSIA EXAM
Data Remanence - Answer--The remains of partial or even the entire data set of
digital information
Disaster Recovery Planning (DRP) - Answer--Deals with restoring normal business
operations after the disaster takes place...works to get the business back to normal
um tolerable downtime - Answer--The maximum period of time that a critical
business
Maxim function can be inoperative before the company incurs significant and
long-lasting damage.
802.5 - Answer--IEEE standard defines the Token Ring media access method
Recovery Time Objective - Answer--The balance against the cost of recover and the
cost of disruption
Resource Requirements - Answer--portion of the BIA that lists the resources that an
organization needs in order to continue operating each critical business function.
Checklist - Answer--Test is one in which copies of the plan are handed out to each
functional area to ensure the plan deal with their needs
Information Owner - Answer--The one person responsible for data, its classification
and control setting
Job Rotation - Answer--To move from location to location, keeping the same function
Differential power analysis - Answer--A side-channel attack carry-out on smart cards
that examining the power emission release during processing
Mitigate - Answer--Defined as real-time monitoring and analysis of network activity
and data for potential vulnerabilities and attacks in
progress.
,Electromagnetic analysis - Answer--A side-channel attack on smart cards that
examine the frequencies emitted and timing
Analysis - Answer--Systematic assessment of threats and vulnerabilities that
provides a basis for effective management of risk.
Change Control - Answer--Maintaining full control over requests, implementation,
traceability, and proper documentation of changes.
Containment - Answer--Mitigate damage by isolating compromised systems from the
network.
30 to 90 Days - Answer--Most organizations enforce policies to change password
ranging from
Isochronous - Answer--Process must within set time constrains, applications are
video related where audio and video must match perfectly
Detection - Answer--Identification and notification of an unauthorized and/or
undesired action
Electronic Vaulting - Answer--Periodic, automatic and transparent backup of data in
bulk.
Fault Tolerance - Answer--Mitigation of system or component loss or interruption
through use of backup capability.
Incremental - Answer--A backup method use when time and space are a high
importance
Secure HTTP - Answer--Protocol designed to same individual message securely
Criminal - Answer--Conduct that violates government laws developed to protect
society
Class C - Answer--Has 256 hosts
RAID 0 - Answer--Creates one large disk by using several disks
Trade secrets - Answer--Deemed proprietary to a company and often include
information that provides a competitive edge, the information is protected as long the
owner takes protective actions
X.400 - Answer--Active Directory standard
,Prevention - Answer--Controls deployed to avert unauthorized and/or undesired
actions.
Redundant Array Of Independent Drives (RAID) - Answer--A group of hard drives
working as one storage unit for the purpose of speed and fault tolerance
Proprietary - Answer--Define the way in which the organization operates.
Gateway - Answer--Used to connect two networks using dissimilar protocols at
different layers of the OSI model
Classification - Answer--The assignment of a level of sensitivity to data (or
information) that results in the specification of controls for each level of classification.
Data Integrity - Answer--The property that data meet with a priority expectation of
quality and that the data can be relied upon.
Alarm Filtering - Answer--The process of categorizing attack alerts produced from an
IDS in order to distinguish false positives from actual attacks
Coaxial Cable - Answer--A cable consisting of a core, inner conductor that is
surrounding by an insulator, an outer cylindrical conductor
Concentrator - Answer--Layer 1 network device that is used to connect network
segments together, but provides no traffic control (a hub).
Digital Signature - Answer--An asymmetric cryptography mechanism that provides
authentication.
Eavesdropping - Answer--A passive network attack involving monitoring of traffic.
E-Mail Spoofing - Answer--Forgery of the sender's email address in an email header.
Emanations - Answer--Potentially compromising leakage of electrical or acoustical
signals.
Fiber Optics - Answer--Bundles of long strands of pure glass that efficiently transmit
light pulses over long distances. Interception without detection is difficult.
Fraggle - Answer--A Denial of Service attack initiated by sending spoofed UDP echo
request to IP broadcast addresses.
Hijacking - Answer--Interception of a communication session by an attacker.
, Hub - Answer--Layer 1 network device that is used to connect network segments
together, but provides no traffic control (a concentrator).
Injection - Answer--An attack technique that exploits systems that do not perform
input validation by embedding partial SQL queries inside input.
Interception - Answer--Unauthorized access of information (e.g. Tapping, sniffing,
unsecured wireless communication, emanations)
IP Address Spoofing - Answer--Forging of an IP address.
IP Fragmentation - Answer--An attack that breaks up malicious code into fragments,
in an attempt to elude detection.
Kerberos - Answer--A trusted third party authentication protocol
Incident response - Answer--Team should consist of: management, IT, legal, human
resources, public relations, security etc.
Modification - Answer--A type of attack involving attempted insertion, deletion or
altering of data.
Multiplexers - Answer--A device that sequentially switches multiple analog inputs to
the output.
Open Mail Relay Servers - Answer--A mail server that improperly allows inbound
SMTP connections for domains it does not serve.
Enticement - Answer--The legal act of luring an intruder, with intend to monitor their
behavior
Packet Filtering - Answer--A basic level of network access control that is based upon
information contained in the IP packet header.
Patch Panels - Answer--Provides a physical cross connect point for devices.
Private Branch Exchange (PBX) - Answer--A telephone exchange for a specific
office or business.
Phishing - Answer--A social engineering attack that uses spoofed email or websites
to persuade people to divulge information.
Physical Tampering - Answer--Unauthorized access of network devices.
ACCURATE ANSWERS | MULTIPLE
CHOICES |2026\2027!! CSIA EXAM
Data Remanence - Answer--The remains of partial or even the entire data set of
digital information
Disaster Recovery Planning (DRP) - Answer--Deals with restoring normal business
operations after the disaster takes place...works to get the business back to normal
um tolerable downtime - Answer--The maximum period of time that a critical
business
Maxim function can be inoperative before the company incurs significant and
long-lasting damage.
802.5 - Answer--IEEE standard defines the Token Ring media access method
Recovery Time Objective - Answer--The balance against the cost of recover and the
cost of disruption
Resource Requirements - Answer--portion of the BIA that lists the resources that an
organization needs in order to continue operating each critical business function.
Checklist - Answer--Test is one in which copies of the plan are handed out to each
functional area to ensure the plan deal with their needs
Information Owner - Answer--The one person responsible for data, its classification
and control setting
Job Rotation - Answer--To move from location to location, keeping the same function
Differential power analysis - Answer--A side-channel attack carry-out on smart cards
that examining the power emission release during processing
Mitigate - Answer--Defined as real-time monitoring and analysis of network activity
and data for potential vulnerabilities and attacks in
progress.
,Electromagnetic analysis - Answer--A side-channel attack on smart cards that
examine the frequencies emitted and timing
Analysis - Answer--Systematic assessment of threats and vulnerabilities that
provides a basis for effective management of risk.
Change Control - Answer--Maintaining full control over requests, implementation,
traceability, and proper documentation of changes.
Containment - Answer--Mitigate damage by isolating compromised systems from the
network.
30 to 90 Days - Answer--Most organizations enforce policies to change password
ranging from
Isochronous - Answer--Process must within set time constrains, applications are
video related where audio and video must match perfectly
Detection - Answer--Identification and notification of an unauthorized and/or
undesired action
Electronic Vaulting - Answer--Periodic, automatic and transparent backup of data in
bulk.
Fault Tolerance - Answer--Mitigation of system or component loss or interruption
through use of backup capability.
Incremental - Answer--A backup method use when time and space are a high
importance
Secure HTTP - Answer--Protocol designed to same individual message securely
Criminal - Answer--Conduct that violates government laws developed to protect
society
Class C - Answer--Has 256 hosts
RAID 0 - Answer--Creates one large disk by using several disks
Trade secrets - Answer--Deemed proprietary to a company and often include
information that provides a competitive edge, the information is protected as long the
owner takes protective actions
X.400 - Answer--Active Directory standard
,Prevention - Answer--Controls deployed to avert unauthorized and/or undesired
actions.
Redundant Array Of Independent Drives (RAID) - Answer--A group of hard drives
working as one storage unit for the purpose of speed and fault tolerance
Proprietary - Answer--Define the way in which the organization operates.
Gateway - Answer--Used to connect two networks using dissimilar protocols at
different layers of the OSI model
Classification - Answer--The assignment of a level of sensitivity to data (or
information) that results in the specification of controls for each level of classification.
Data Integrity - Answer--The property that data meet with a priority expectation of
quality and that the data can be relied upon.
Alarm Filtering - Answer--The process of categorizing attack alerts produced from an
IDS in order to distinguish false positives from actual attacks
Coaxial Cable - Answer--A cable consisting of a core, inner conductor that is
surrounding by an insulator, an outer cylindrical conductor
Concentrator - Answer--Layer 1 network device that is used to connect network
segments together, but provides no traffic control (a hub).
Digital Signature - Answer--An asymmetric cryptography mechanism that provides
authentication.
Eavesdropping - Answer--A passive network attack involving monitoring of traffic.
E-Mail Spoofing - Answer--Forgery of the sender's email address in an email header.
Emanations - Answer--Potentially compromising leakage of electrical or acoustical
signals.
Fiber Optics - Answer--Bundles of long strands of pure glass that efficiently transmit
light pulses over long distances. Interception without detection is difficult.
Fraggle - Answer--A Denial of Service attack initiated by sending spoofed UDP echo
request to IP broadcast addresses.
Hijacking - Answer--Interception of a communication session by an attacker.
, Hub - Answer--Layer 1 network device that is used to connect network segments
together, but provides no traffic control (a concentrator).
Injection - Answer--An attack technique that exploits systems that do not perform
input validation by embedding partial SQL queries inside input.
Interception - Answer--Unauthorized access of information (e.g. Tapping, sniffing,
unsecured wireless communication, emanations)
IP Address Spoofing - Answer--Forging of an IP address.
IP Fragmentation - Answer--An attack that breaks up malicious code into fragments,
in an attempt to elude detection.
Kerberos - Answer--A trusted third party authentication protocol
Incident response - Answer--Team should consist of: management, IT, legal, human
resources, public relations, security etc.
Modification - Answer--A type of attack involving attempted insertion, deletion or
altering of data.
Multiplexers - Answer--A device that sequentially switches multiple analog inputs to
the output.
Open Mail Relay Servers - Answer--A mail server that improperly allows inbound
SMTP connections for domains it does not serve.
Enticement - Answer--The legal act of luring an intruder, with intend to monitor their
behavior
Packet Filtering - Answer--A basic level of network access control that is based upon
information contained in the IP packet header.
Patch Panels - Answer--Provides a physical cross connect point for devices.
Private Branch Exchange (PBX) - Answer--A telephone exchange for a specific
office or business.
Phishing - Answer--A social engineering attack that uses spoofed email or websites
to persuade people to divulge information.
Physical Tampering - Answer--Unauthorized access of network devices.