CISSP CBK Final Exam - вопросы к тесту на TestsOnline.ru бесплатно

Вопросы: CISSP CBK Final Exam

1. A risk is the likelihood of a threat source taking advantage of a vulnerability to an information system. Risks left over after implementing safeguards is known as:

2. Copyright provides what form of protection:

3. As an information systems security professional, what is the highest amount would you recommend to a corporation to invest annually on a countermeasure for protecting their assets valued at $1 million from a potential threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 10% :

4. Which of the following describes the first step in establishing an encrypted session using a Data Encryption Standard (DES) key?

5. In a typical information security program, what is the primary responsibility of information (data) owner?

6. Which of the following is not a component of “chain of evidence”:

7. When an employee transfers within an organization …

8. A system security engineer is evaluation methods to store user passwords in an information system, so what may be the best method to store user passwords and meeting the confidentiality security objective?

9. What is the inverse of confidentiality, integrity, and availability (C.I.A.) triad in risk management?

10. A CISSP may face with an ethical conflict between their company’s policies and the (ISC)2 Code of Ethics. According to the (ISC)2 Code of Ethics, in which order of priority should ethical conflicts be resolved?

11. Company X is planning to implement rule based access control mechanism for controlling access to its information assets, what type of access control is this usually related to?

12. In the Common Criteria Evaluation and Validation Scheme (CCEVS), requirements for future products are defined by:

13. As an information systems security manager (ISSM), how would you explain the purpose for a system security policy?

14. Configuration management provides assurance that changes…?

15. Under what circumstance might a certification authority (CA) revoke a certificate?

16. Which of the following entity is ultimately responsible for information security within an organization?

17. What type of cryptanalytic attack where an adversary has the least amount of information to work with?

18. In business continuity planning, which of the following is an advantage of a “hot site” over a “cold site”

19. Which of the following is the most effective method for reducing security risks associated with building entrances?

20. All of the following methods ensure the stored data are unreadable except…?

21. Prior to installation of an intrusion prevention system (IPS), a network engineer would place a packet sniffer on the network, what is the purpose for using a packet sniffer?

22. What determines the assignment of data classifications in a mandatory access control (MAC) philosophy?

23. A type cryptographic attack where it is based on the probability of two different messages using the same hash function to produce the same message digest is?

24. An access control system that grants users only those rights necessary for them to perform their work is operating on which security principle?

25. Which of the following is the primary goal of a security awareness program?

26. Which of the following evidence collection method is most likely accepted in a court case?

27. Which of the following characteristics is not of a good stream cipher?

28. When a security administrator wants to conduct regular test on the strength of user passwords, what may be the best setup for this test?

29. When engaging an external contractor for a software development project, source code escrow can be used to protect against…?

30. Which answer lists the proper steps required to develop a disaster recovery and business continuity plan (DRP/BCP)?

31. Which of the followings is an example of simple substitution algorithm?

32. An information security program should include the following elements:

33. Which of the following refers to a series of characters used to verify a user’s identity?

34. Which e-mail standard relies on "Web of Trust"?

35. Security of an automated information system is most effective and economical if the system is…?

36. Act of obtaining information of a higher level of sensitivity by combining information from lower level of sensitivity is called?

37. Which of the following virus types changes its characteristics as it spreads?

38. It is important that information about an ongoing computer crime investigation be…?

39. Which answer is not true for Diffie-Hellman algorithm?

40. After signing out a laptop computer from the company loaner pool, you discovered there is a memorandum stored in the loaner laptop written to a competitor containing sensitive information about a new product your company is about to release. Based on the (ISC)2 Code of Ethics, what is the first action you should take?

41. Job rotation…?

42. Which of the following is the least important information to record when logging a security violation?

43. Which of the following mechanism is used to achieve non-repudiation of a message delivery?

44. What is the trusted registry that guarantees the authenticity of client and server public keys?

45. The concept that all accesses must be mediated, protected from unauthorized modification, and verifiable as correct is implemented through what?

46. For what reason would a network administrator leverages promiscuous mode on a network interface?

47. Which has the flag used for a TCP 3-way handshake?

48. During a disaster or emergency, how does a closed-circuit television (CCTV) help management and security to minimize loss?

49. The goal of cryptanalysis is to…?

50. Which one of the followings cannot be identified by a business impact analysis (BIA)?

1
2
3
4
5