Вопросы: CISSP CBK Final Exam
1. A risk is the likelihood of a threat source taking advantage of a vulnerability to an information system. Risks left over after implementing safeguards is known as: |
2. Copyright provides what form of protection: |
4. Which of the following describes the first step in establishing an encrypted session using a Data Encryption Standard (DES) key? |
5. In a typical information security program, what is the primary responsibility of information (data) owner? |
6. Which of the following is not a component of “chain of evidence”: |
7. When an employee transfers within an organization … |
9. What is the inverse of confidentiality, integrity, and availability (C.I.A.) triad in risk management? |
11. Company X is planning to implement rule based access control mechanism for controlling access to its information assets, what type of access control is this usually related to? |
12. In the Common Criteria Evaluation and Validation Scheme (CCEVS), requirements for future products are defined by: |
13. As an information systems security manager (ISSM), how would you explain the purpose for a system security policy? |
14. Configuration management provides assurance that changes…? |
15. Under what circumstance might a certification authority (CA) revoke a certificate? |
16. Which of the following entity is ultimately responsible for information security within an organization? |
17. What type of cryptanalytic attack where an adversary has the least amount of information to work with? |
18. In business continuity planning, which of the following is an advantage of a “hot site” over a “cold site” |
19. Which of the following is the most effective method for reducing security risks associated with building entrances? |
20. All of the following methods ensure the stored data are unreadable except…? |
21. Prior to installation of an intrusion prevention system (IPS), a network engineer would place a packet sniffer on the network, what is the purpose for using a packet sniffer? |
22. What determines the assignment of data classifications in a mandatory access control (MAC) philosophy? |
23. A type cryptographic attack where it is based on the probability of two different messages using the same hash function to produce the same message digest is? |
24. An access control system that grants users only those rights necessary for them to perform their work is operating on which security principle? |
25. Which of the following is the primary goal of a security awareness program? |
26. Which of the following evidence collection method is most likely accepted in a court case? |
27. Which of the following characteristics is not of a good stream cipher? |
28. When a security administrator wants to conduct regular test on the strength of user passwords, what may be the best setup for this test? |
29. When engaging an external contractor for a software development project, source code escrow can be used to protect against…? |
30. Which answer lists the proper steps required to develop a disaster recovery and business continuity plan (DRP/BCP)? |
31. Which of the followings is an example of simple substitution algorithm? |
32. An information security program should include the following elements: |
33. Which of the following refers to a series of characters used to verify a user’s identity? |
34. Which e-mail standard relies on "Web of Trust"? |
35. Security of an automated information system is most effective and economical if the system is…? |
36. Act of obtaining information of a higher level of sensitivity by combining information from lower level of sensitivity is called? |
37. Which of the following virus types changes its characteristics as it spreads? |
38. It is important that information about an ongoing computer crime investigation be…? |
39. Which answer is not true for Diffie-Hellman algorithm? |
41. Job rotation…? |
42. Which of the following is the least important information to record when logging a security violation? |
43. Which of the following mechanism is used to achieve non-repudiation of a message delivery? |
44. What is the trusted registry that guarantees the authenticity of client and server public keys? |
45. The concept that all accesses must be mediated, protected from unauthorized modification, and verifiable as correct is implemented through what? |
46. For what reason would a network administrator leverages promiscuous mode on a network interface? |
47. Which has the flag used for a TCP 3-way handshake? |
48. During a disaster or emergency, how does a closed-circuit television (CCTV) help management and security to minimize loss? |
49. The goal of cryptanalysis is to…? |
50. Which one of the followings cannot be identified by a business impact analysis (BIA)? |