©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
CISSP Exam Questions And Correct
Answers.
A. Honesty
B. Ethical Behavior
C. Legality
D. Control - answer✔The ISC2 Code of Ethics does not include which of the following behaviors
for a CISSP:
a. Preventive / Technical Pairing
b. Preventive / Administrative Pairing
c. Preventive / Physical Pairing
d. Detective / Administrative Pairing - answer✔Which of the following control pairing places
emphasis on "soft" mechanisms that support the access control objectives?
Administrative Control - answer✔Soft Control is another way of referring to
a. Preventive / Physical
b. Detective / Technical
c. Detective /Physical
d. Detective / Administrative - answer✔The control measures that are intended to reveal the
violations of security policy using software and hardware are associated with:
a. Logon Banners
b. Wall Posters
c. Employee Handbook
d. Written Agreement - answer✔Which of the following is most appropriate to notify an
external user that session monitoring is being conducted?
1|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
The detective/technical control - answer✔What measures are intended to reveal the violations
of security policy using technical means?
a. to detect improper or illegal acts by employees
b. to lead to greater productivity through a better quality of life for the employee
c. to provide proper cross training for another employee
d. to allow more employees to have a better understanding of the overall system -
answer✔Why do many organizations require every employee to take a mandatory vacation of a
week or more?
a. Establish procedures for periodically reviewing the classification and ownership
b. Specify the security controls required for each classification level
c. Identify the data custodian and define their responsibilities
d. Specify the criteria that will determine how data is classified - answer✔You have been tasked
to develop an effective information classification program. Which one of the following steps
should be performed first?
a. System programmer
b. Legal staff
c. Business unit manager
d. Programmer - answer✔The IS review is focused on the controls in place related to the
process of defining IT service levels. Which of the following staff member would be best suited
to provide information during a review?
Security Officer - answer✔Who directs, coordinates, plans, and organizes information security
activities throughout the organization? Who works with many different individuals, such as
executive management, management of the business units, technical staff, business partners,
auditors, and third parties such as vendors. who and his or her team are responsible for the
design, implementation, management, and review of the organization's security policies,
standards, procedures, baselines, and guidelines?
Executive Management/Senior Management - answer✔Who maintains the overall
responsibility for protection of the information assets. The business operations are dependent
upon information being available, accurate, and protected from individuals without a need to
know.
2|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
A data custodian - answer✔is an individual or function that takes care of the information on
behalf of the owner. These individuals ensure that the information is available to the end users
and is backed up to enable recovery in the event of data loss or corruption. Information may be
stored in files, databases, or systems whose technical infrastructure must be managed, by
systems administrators. This group administers access rights to the information assets.
Data/Information/Business/System Owners - answer✔These peoples are generally managers
and directors responsible for using information for running and controlling the business. Their
security responsibilities include authorizing access, ensuring that access rules are updated when
personnel changes occur, and regularly review access rule for the data for which they are
responsible.
a. Hot site
b. Warm site
c. Redundant or Alternate site
d. Reciprocal Agreement - answer✔Which of the following alternative business recovery
strategies would be LEAST reliable in a large database and on-line communications network
environment where the critical business continuity period is 7 days ?
Hot Site - answer✔A facility that is leased or rented and is fully configured and ready to operate
within a few hours. The only missing resources are usually the data, which will be retrieved
from a backup site, and the people who will be processing the data.
Cold site - answer✔Leased or rented facility that supplies the basic environment, electrical
wiring, air conditioning, plumbing, and flooring, but none of the equipment or additional
services.
Warm site - answer✔• Less expensive
• Available for longer timeframes because of the reduced costs
• Practical for proprietary hardware or software use
Warm and Cold Site Disadvantages
• Operational testing not usually available
• Resources for operations not immediately available
a. IP spoofing
b. Password sniffing
c. Data diddling
3|Page
ALL RIGHTS RESERVED.
CISSP Exam Questions And Correct
Answers.
A. Honesty
B. Ethical Behavior
C. Legality
D. Control - answer✔The ISC2 Code of Ethics does not include which of the following behaviors
for a CISSP:
a. Preventive / Technical Pairing
b. Preventive / Administrative Pairing
c. Preventive / Physical Pairing
d. Detective / Administrative Pairing - answer✔Which of the following control pairing places
emphasis on "soft" mechanisms that support the access control objectives?
Administrative Control - answer✔Soft Control is another way of referring to
a. Preventive / Physical
b. Detective / Technical
c. Detective /Physical
d. Detective / Administrative - answer✔The control measures that are intended to reveal the
violations of security policy using software and hardware are associated with:
a. Logon Banners
b. Wall Posters
c. Employee Handbook
d. Written Agreement - answer✔Which of the following is most appropriate to notify an
external user that session monitoring is being conducted?
1|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
The detective/technical control - answer✔What measures are intended to reveal the violations
of security policy using technical means?
a. to detect improper or illegal acts by employees
b. to lead to greater productivity through a better quality of life for the employee
c. to provide proper cross training for another employee
d. to allow more employees to have a better understanding of the overall system -
answer✔Why do many organizations require every employee to take a mandatory vacation of a
week or more?
a. Establish procedures for periodically reviewing the classification and ownership
b. Specify the security controls required for each classification level
c. Identify the data custodian and define their responsibilities
d. Specify the criteria that will determine how data is classified - answer✔You have been tasked
to develop an effective information classification program. Which one of the following steps
should be performed first?
a. System programmer
b. Legal staff
c. Business unit manager
d. Programmer - answer✔The IS review is focused on the controls in place related to the
process of defining IT service levels. Which of the following staff member would be best suited
to provide information during a review?
Security Officer - answer✔Who directs, coordinates, plans, and organizes information security
activities throughout the organization? Who works with many different individuals, such as
executive management, management of the business units, technical staff, business partners,
auditors, and third parties such as vendors. who and his or her team are responsible for the
design, implementation, management, and review of the organization's security policies,
standards, procedures, baselines, and guidelines?
Executive Management/Senior Management - answer✔Who maintains the overall
responsibility for protection of the information assets. The business operations are dependent
upon information being available, accurate, and protected from individuals without a need to
know.
2|Page
, ©BRAINBARTER EXAM SOLUTIONS 2024/2025
ALL RIGHTS RESERVED.
A data custodian - answer✔is an individual or function that takes care of the information on
behalf of the owner. These individuals ensure that the information is available to the end users
and is backed up to enable recovery in the event of data loss or corruption. Information may be
stored in files, databases, or systems whose technical infrastructure must be managed, by
systems administrators. This group administers access rights to the information assets.
Data/Information/Business/System Owners - answer✔These peoples are generally managers
and directors responsible for using information for running and controlling the business. Their
security responsibilities include authorizing access, ensuring that access rules are updated when
personnel changes occur, and regularly review access rule for the data for which they are
responsible.
a. Hot site
b. Warm site
c. Redundant or Alternate site
d. Reciprocal Agreement - answer✔Which of the following alternative business recovery
strategies would be LEAST reliable in a large database and on-line communications network
environment where the critical business continuity period is 7 days ?
Hot Site - answer✔A facility that is leased or rented and is fully configured and ready to operate
within a few hours. The only missing resources are usually the data, which will be retrieved
from a backup site, and the people who will be processing the data.
Cold site - answer✔Leased or rented facility that supplies the basic environment, electrical
wiring, air conditioning, plumbing, and flooring, but none of the equipment or additional
services.
Warm site - answer✔• Less expensive
• Available for longer timeframes because of the reduced costs
• Practical for proprietary hardware or software use
Warm and Cold Site Disadvantages
• Operational testing not usually available
• Resources for operations not immediately available
a. IP spoofing
b. Password sniffing
c. Data diddling
3|Page
