CISSP QUESTIONS WITH ACCURATE ANSWERS
A. Honesty
B. Ethical Behavior
C. Legality
D. Control Accurate Answer - The ISC2 Code of Ethics does not include
which of the following behaviors for a CISSP:
a. Preventive / Technical Pairing
b. Preventive / Administrative Pairing
c. Preventive / Physical Pairing
d. Detective / Administrative Pairing Accurate Answer - Which of the
following control pairing places emphasis on "soft" mechanisms that support
the access control objectives?
Administrative Control Accurate Answer - Soft Control is another way
of referring to
a. Preventive / Physical
b. Detective / Technical
c. Detective /Physical
d. Detective / Administrative Accurate Answer - The control measures
that are intended to reveal the violations of security policy using software and
hardware are associated with:
a. Logon Banners
b. Wall Posters
c. Employee Handbook
d. Written Agreement Accurate Answer - Which of the following is
most appropriate to notify an external user that session monitoring is being
conducted?
The detective/technical control Accurate Answer - What measures are
intended to reveal the violations of security policy using technical means?
a. to detect improper or illegal acts by employees
b. to lead to greater productivity through a better quality of life for the
employee
,c. to provide proper cross training for another employee
d. to allow more employees to have a better understanding of the overall
system Accurate Answer - Why do many organizations require every
employee to take a mandatory vacation of a week or more?
a. Establish procedures for periodically reviewing the classification and
ownership
b. Specify the security controls required for each classification level
c. Identify the data custodian and define their responsibilities
d. Specify the criteria that will determine how data is classified
Accurate Answer - You have been tasked to develop an effective information
classification program. Which one of the following steps should be performed
first?
a. System programmer
b. Legal staff
c. Business unit manager
d. Programmer Accurate Answer - The IS review is focused on the
controls in place related to the process of defining IT service levels. Which of
the following staff member would be best suited to provide information
during a review?
Security Officer Accurate Answer - Who directs, coordinates, plans, and
organizes information security activities throughout the organization? Who
works with many different individuals, such as executive management,
management of the business units, technical staff, business partners, auditors,
and third parties such as vendors. who and his or her team are responsible for
the design, implementation, management, and review of the organization's
security policies, standards, procedures, baselines, and guidelines?
Executive Management/Senior Management Accurate Answer - Who
maintains the overall responsibility for protection of the information assets.
The business operations are dependent upon information being available,
accurate, and protected from individuals without a need to know.
A data custodian Accurate Answer - is an individual or function that
takes care of the information on behalf of the owner. These individuals ensure
that the information is available to the end users and is backed up to enable
recovery in the event of data loss or corruption. Information may be stored in
, files, databases, or systems whose technical infrastructure must be managed,
by systems administrators. This group administers access rights to the
information assets.
Data/Information/Business/System Owners Accurate Answer - These
peoples are generally managers and directors responsible for using
information for running and controlling the business. Their security
responsibilities include authorizing access, ensuring that access rules are
updated when personnel changes occur, and regularly review access rule for
the data for which they are responsible.
a. Hot site
b. Warm site
c. Redundant or Alternate site
d. Reciprocal Agreement Accurate Answer - Which of the following
alternative business recovery strategies would be LEAST reliable in a large
database and on-line communications network environment where the
critical business continuity period is 7 days ?
Hot Site Accurate Answer - A facility that is leased or rented and is fully
configured and ready to operate within a few hours. The only missing
resources are usually the data, which will be retrieved from a backup site, and
the people who will be processing the data.
Cold site Accurate Answer - Leased or rented facility that supplies the
basic environment, electrical wiring, air conditioning, plumbing, and flooring,
but none of the equipment or additional services.
Warm site Accurate Answer - • Less expensive
• Available for longer timeframes because of the reduced costs
• Practical for proprietary hardware or software use
Warm and Cold Site Disadvantages
• Operational testing not usually available
• Resources for operations not immediately available
a. IP spoofing
b. Password sniffing
c. Data diddling
A. Honesty
B. Ethical Behavior
C. Legality
D. Control Accurate Answer - The ISC2 Code of Ethics does not include
which of the following behaviors for a CISSP:
a. Preventive / Technical Pairing
b. Preventive / Administrative Pairing
c. Preventive / Physical Pairing
d. Detective / Administrative Pairing Accurate Answer - Which of the
following control pairing places emphasis on "soft" mechanisms that support
the access control objectives?
Administrative Control Accurate Answer - Soft Control is another way
of referring to
a. Preventive / Physical
b. Detective / Technical
c. Detective /Physical
d. Detective / Administrative Accurate Answer - The control measures
that are intended to reveal the violations of security policy using software and
hardware are associated with:
a. Logon Banners
b. Wall Posters
c. Employee Handbook
d. Written Agreement Accurate Answer - Which of the following is
most appropriate to notify an external user that session monitoring is being
conducted?
The detective/technical control Accurate Answer - What measures are
intended to reveal the violations of security policy using technical means?
a. to detect improper or illegal acts by employees
b. to lead to greater productivity through a better quality of life for the
employee
,c. to provide proper cross training for another employee
d. to allow more employees to have a better understanding of the overall
system Accurate Answer - Why do many organizations require every
employee to take a mandatory vacation of a week or more?
a. Establish procedures for periodically reviewing the classification and
ownership
b. Specify the security controls required for each classification level
c. Identify the data custodian and define their responsibilities
d. Specify the criteria that will determine how data is classified
Accurate Answer - You have been tasked to develop an effective information
classification program. Which one of the following steps should be performed
first?
a. System programmer
b. Legal staff
c. Business unit manager
d. Programmer Accurate Answer - The IS review is focused on the
controls in place related to the process of defining IT service levels. Which of
the following staff member would be best suited to provide information
during a review?
Security Officer Accurate Answer - Who directs, coordinates, plans, and
organizes information security activities throughout the organization? Who
works with many different individuals, such as executive management,
management of the business units, technical staff, business partners, auditors,
and third parties such as vendors. who and his or her team are responsible for
the design, implementation, management, and review of the organization's
security policies, standards, procedures, baselines, and guidelines?
Executive Management/Senior Management Accurate Answer - Who
maintains the overall responsibility for protection of the information assets.
The business operations are dependent upon information being available,
accurate, and protected from individuals without a need to know.
A data custodian Accurate Answer - is an individual or function that
takes care of the information on behalf of the owner. These individuals ensure
that the information is available to the end users and is backed up to enable
recovery in the event of data loss or corruption. Information may be stored in
, files, databases, or systems whose technical infrastructure must be managed,
by systems administrators. This group administers access rights to the
information assets.
Data/Information/Business/System Owners Accurate Answer - These
peoples are generally managers and directors responsible for using
information for running and controlling the business. Their security
responsibilities include authorizing access, ensuring that access rules are
updated when personnel changes occur, and regularly review access rule for
the data for which they are responsible.
a. Hot site
b. Warm site
c. Redundant or Alternate site
d. Reciprocal Agreement Accurate Answer - Which of the following
alternative business recovery strategies would be LEAST reliable in a large
database and on-line communications network environment where the
critical business continuity period is 7 days ?
Hot Site Accurate Answer - A facility that is leased or rented and is fully
configured and ready to operate within a few hours. The only missing
resources are usually the data, which will be retrieved from a backup site, and
the people who will be processing the data.
Cold site Accurate Answer - Leased or rented facility that supplies the
basic environment, electrical wiring, air conditioning, plumbing, and flooring,
but none of the equipment or additional services.
Warm site Accurate Answer - • Less expensive
• Available for longer timeframes because of the reduced costs
• Practical for proprietary hardware or software use
Warm and Cold Site Disadvantages
• Operational testing not usually available
• Resources for operations not immediately available
a. IP spoofing
b. Password sniffing
c. Data diddling
