CISSP PRACTICE TESTS Chapter 1▪Security & Risk Management (Domain 1) 100 Q&A Verified Solution
CISSP PRACTICE TESTS Chapter 1▪Security & Risk Management (Domain 1) 100 Q&A 1. What is the final step of quantitative? A. Determine asset value. B.Assess the annualized rate of occurrence. C. Derive the annualized loss expectancy. D. Conduct a cost/benefit analysis. D. Conduct a cost/benefit analysis. 2. An evil twin attack that broadcasts a legitimate SSID for an unauthorized network is an example of what category of threat? A. Spoofing B. Information disclosure C. Repudiation D. Tampering A. Spoofing 3. Under the Digital Millennium Copyright Act (DMCA), what type of offenses do not require prompt action by an Internet service provider after it receives a notification of infringement claim from a copyright holder? A. Storage of information by a customer on a provider's server B. Caching of information by the provider C. Transmission of information over the provider's network by a customer D. Caching of information in a provider search engine C. Transmission of information over the provider's network by a customer 4. FlyAway Travel has offices in both the European Union and the United States and transfers personal information between those offices regularly. Which of the seven requirements for processing personal information states that organizations must inform individuals about how the information they collect is used? A. Notice B. Choice C. Onward Transfer D. Enforcement A. Notice 5. Which one of the following is not one of the three common threat modeling techniques? A. Focused on assets B. Focused on attackers C. Focused on software D. Focused on social engineering D. Focused on social engineering 6. Which one of the following elements of information is not considered personally identifiable information that would trigger most US state data breach laws? A. Student identification number B. Social Security number C. Driver's license number D. Credit card number A. Student identification number 7. In 1991, the federal sentencing guidelines formalized a rule that requires senior executives to take personal responsibility for information security matters. What is the name of this rule? A. Due dilidence rule B. Personal liability rule C. Prudent man rule D. Due process rule C. Prudent man rule 8. Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve multifactor authentication? A. Username B. PIN C. Security question D. Fingerprint scan D. Fingerprint scan 9. What United States government agency is responsible for administering the terms of safe harbor agreements between the European Union and the United States under the EU Data Protection Directive? A. Department of Defense B. Department of the Treasury C. State Department D. Department of Commerce D. Department of Commerce 10. Yolanda is the cheif privacy officer for a financial institution and is researching privacy issues related to customer checking accounts. Which one of the following laws is most likely to apply to this situation? A. GLBA B. SOX C. HIPAA D. FERPA A. GLBA 11. Tim's organization recently recieved a contract to conduct sponsored research as a government contractor. What law now likely applies to the information system involved in this contract? A. FISMA B. PCI DSS C. HIPAA D. GISRA A. FISMA 12. Chris is advising travelers from his organization who will be visiting many different countries overseas. He is concerned about compliiance with export control laws. Which of the following technologies is most likely to trigger these regulations?
Written for
- Institution
- CISSP
- Course
- CISSP
Document information
- Uploaded on
- November 1, 2023
- Number of pages
- 19
- Written in
- 2023/2024
- Type
- Exam (elaborations)
- Contains
- Questions & answers
Subjects
-
cissp practice tests chapter 1security risk man