CISSP QUESTIONS WITH ACCURATE ANSWERS
Accountability Accurate Answer - Holds individuals accountable for
their actions
Accountability Principle Accurate Answer - OECD Privacy Guideline
principle which states individuals should have the right to challenge the
content of any personal data being held, and have a process for updating their
personal data if found to be inaccurate or incomplete
Act honorably, justly, responsibly, and legally Accurate Answer -
Second canon of the (ISC)2 Code of ethics
Administrative Law Accurate Answer - Law enacted by government
agencies, aka regulatory law
Advance and protect the profession Accurate Answer - Fourth canon of
the (ISC)2 Code of Ethics
Agents of law enforcement Accurate Answer - Private citizens carrying
out actions on the behalf of law enforcement
AIC triad Accurate Answer - The three security principles: availability,
intregrity, and confidentiality.
ALE/Annualized Loss Expectancy Accurate Answer - The cost of loss
due to a risk over a year
Annualized loss expectancy (ALE) Accurate Answer - A dollar amount
that estiamtes the loss potenial from a risk in a span of a year. Single Loss
Expectancy (SLE) x annualized rate of occurrence (ARO) = ALE
Annualized Rate of Occurrence (ARO) Accurate Answer - The value
that represents the estimated possibility of a specific threat taking place
within a one-year timeframe.
Antivirus Software Accurate Answer - Software designed to prevent
and detect malware infections
,ARO/Annual Rate of Occurrence Accurate Answer - The number of
losses suffered per year
Attack Accurate Answer - An attempt to bypass security controls in a
system with the mission of using that system or compromising it. An attack is
usually accomplished by exploiting a current vulnerability.
Authentication Accurate Answer - Proof of an Identity claim
Authorization Accurate Answer - Actions an individual can perform on
a system
AV/Asset Value Accurate Answer - The Value of a protected asset
Availability Accurate Answer - The reliability and accessibility of data
and resources to authorized identified individuals in a timely manner.
Availability Accurate Answer - Assures information is available when
needed
Awareness Accurate Answer - Security Control designed to change
user behavior
Background checks Accurate Answer - A Verification of a person's
background and experience, Also called pre-employment screening
Baseline Accurate Answer - Uniform ways to implement a safeguard ,
administrative control
Baseline Accurate Answer - The minimum level of security necessary
to support and enforce a security policy.
Best evidence rule Accurate Answer - Requires use of the strongest
possible evidence
Best practice Accurate Answer - A consensus of the best way to protect
the confidentiality, integrity and availability of assets
,Bot Accurate Answer - A computer system running malware that is
controlled via a botnet
Botnet Accurate Answer - A central bot command and control (C&C)
network, managed by humans
Breach notification Accurate Answer - Notification of persons whose
personal data has been, or is likely to have been, compromised
Business Impact Analysis (BIA) Accurate Answer - A functional
analysis in which a team collects data, documents business functions,
develops a hierarchy of business functions, and applies a classification scheme
to indicate each individual function's criticality level.
CIA triad Accurate Answer - Confidentiality, Integrity and Availability
Circumstantial evidence Accurate Answer - Evidence that servers to
establish the circumstances related to particular points or even other
evidence
Civil law Accurate Answer - Law that resolves disputes between
individuals or organizations
Civil law (legal system) Accurate Answer - Legal system that leverages
codified laws or statues to determine what is considered within the bounds of
law
Classification Accurate Answer - A systematic arrangement of objects
into groups or categories according to a set of established criteria. Data and
resources can be assigned a level of sensitivity as they are being created,
amended, enhanced, stored, or transmitted. The classification level then
determines the extent to which the resource needs to be controlled and
secured, and is indicative of its value in terms of information assets.
Collection Limitation Principle Accurate Answer - OECD Privacy
Guideline principle which states personal data collection should have limits,
be obtained in a lawful manner, and, unless there is a compelling reason to the
contrary, with the individuals knowledge and approval.
, Collusion Accurate Answer - Two or more people working together to
carry out a fraudulent activity. More than one person would need to work
together to cause some type of destruction or fraud; this drastically reduces
its probability.
Color of law Accurate Answer - Acting on the authority of law
enforcement
Commandments of Computer Ethics Accurate Answer - The Computer
Ethics institute code of ethics
Common law Accurate Answer - Legal system that places significant
emphasis on particular cases and judicial precedent as a determinant of laws
Compensation controls Accurate Answer - Additional security controls
put in place to compensate for weaknesses in other controls
Compensatory damages Accurate Answer - Damages provided as
compensation
Computer crimes Accurate Answer - Crimes using computers
Computer Fraud and Abuse Act Accurate Answer - Title 18 United
States Code Section 1030
Copyright Accurate Answer - Type of intellectual property that
protects the form of expression in artistic, musical, or literary works
Copyright Accurate Answer - A legal right that protects the expression
of ideas.
Corrective controls Accurate Answer - Controls that correct a damaged
system or process
Corroborative evidence Accurate Answer - Evidence that provides
additional support for a fact that might have been called into question
cost/benefit analysis Accurate Answer - An assessment that is
performed to ensure that the cost of a safeguard does not outweighs the
Accountability Accurate Answer - Holds individuals accountable for
their actions
Accountability Principle Accurate Answer - OECD Privacy Guideline
principle which states individuals should have the right to challenge the
content of any personal data being held, and have a process for updating their
personal data if found to be inaccurate or incomplete
Act honorably, justly, responsibly, and legally Accurate Answer -
Second canon of the (ISC)2 Code of ethics
Administrative Law Accurate Answer - Law enacted by government
agencies, aka regulatory law
Advance and protect the profession Accurate Answer - Fourth canon of
the (ISC)2 Code of Ethics
Agents of law enforcement Accurate Answer - Private citizens carrying
out actions on the behalf of law enforcement
AIC triad Accurate Answer - The three security principles: availability,
intregrity, and confidentiality.
ALE/Annualized Loss Expectancy Accurate Answer - The cost of loss
due to a risk over a year
Annualized loss expectancy (ALE) Accurate Answer - A dollar amount
that estiamtes the loss potenial from a risk in a span of a year. Single Loss
Expectancy (SLE) x annualized rate of occurrence (ARO) = ALE
Annualized Rate of Occurrence (ARO) Accurate Answer - The value
that represents the estimated possibility of a specific threat taking place
within a one-year timeframe.
Antivirus Software Accurate Answer - Software designed to prevent
and detect malware infections
,ARO/Annual Rate of Occurrence Accurate Answer - The number of
losses suffered per year
Attack Accurate Answer - An attempt to bypass security controls in a
system with the mission of using that system or compromising it. An attack is
usually accomplished by exploiting a current vulnerability.
Authentication Accurate Answer - Proof of an Identity claim
Authorization Accurate Answer - Actions an individual can perform on
a system
AV/Asset Value Accurate Answer - The Value of a protected asset
Availability Accurate Answer - The reliability and accessibility of data
and resources to authorized identified individuals in a timely manner.
Availability Accurate Answer - Assures information is available when
needed
Awareness Accurate Answer - Security Control designed to change
user behavior
Background checks Accurate Answer - A Verification of a person's
background and experience, Also called pre-employment screening
Baseline Accurate Answer - Uniform ways to implement a safeguard ,
administrative control
Baseline Accurate Answer - The minimum level of security necessary
to support and enforce a security policy.
Best evidence rule Accurate Answer - Requires use of the strongest
possible evidence
Best practice Accurate Answer - A consensus of the best way to protect
the confidentiality, integrity and availability of assets
,Bot Accurate Answer - A computer system running malware that is
controlled via a botnet
Botnet Accurate Answer - A central bot command and control (C&C)
network, managed by humans
Breach notification Accurate Answer - Notification of persons whose
personal data has been, or is likely to have been, compromised
Business Impact Analysis (BIA) Accurate Answer - A functional
analysis in which a team collects data, documents business functions,
develops a hierarchy of business functions, and applies a classification scheme
to indicate each individual function's criticality level.
CIA triad Accurate Answer - Confidentiality, Integrity and Availability
Circumstantial evidence Accurate Answer - Evidence that servers to
establish the circumstances related to particular points or even other
evidence
Civil law Accurate Answer - Law that resolves disputes between
individuals or organizations
Civil law (legal system) Accurate Answer - Legal system that leverages
codified laws or statues to determine what is considered within the bounds of
law
Classification Accurate Answer - A systematic arrangement of objects
into groups or categories according to a set of established criteria. Data and
resources can be assigned a level of sensitivity as they are being created,
amended, enhanced, stored, or transmitted. The classification level then
determines the extent to which the resource needs to be controlled and
secured, and is indicative of its value in terms of information assets.
Collection Limitation Principle Accurate Answer - OECD Privacy
Guideline principle which states personal data collection should have limits,
be obtained in a lawful manner, and, unless there is a compelling reason to the
contrary, with the individuals knowledge and approval.
, Collusion Accurate Answer - Two or more people working together to
carry out a fraudulent activity. More than one person would need to work
together to cause some type of destruction or fraud; this drastically reduces
its probability.
Color of law Accurate Answer - Acting on the authority of law
enforcement
Commandments of Computer Ethics Accurate Answer - The Computer
Ethics institute code of ethics
Common law Accurate Answer - Legal system that places significant
emphasis on particular cases and judicial precedent as a determinant of laws
Compensation controls Accurate Answer - Additional security controls
put in place to compensate for weaknesses in other controls
Compensatory damages Accurate Answer - Damages provided as
compensation
Computer crimes Accurate Answer - Crimes using computers
Computer Fraud and Abuse Act Accurate Answer - Title 18 United
States Code Section 1030
Copyright Accurate Answer - Type of intellectual property that
protects the form of expression in artistic, musical, or literary works
Copyright Accurate Answer - A legal right that protects the expression
of ideas.
Corrective controls Accurate Answer - Controls that correct a damaged
system or process
Corroborative evidence Accurate Answer - Evidence that provides
additional support for a fact that might have been called into question
cost/benefit analysis Accurate Answer - An assessment that is
performed to ensure that the cost of a safeguard does not outweighs the
