100 Top CISSP Multiple Choice Questions and Answers

CISSP Multiple Choice Questions:-

1. When an attacker sends unsolicited communication, it is an example of:
A. Spoofing
B. Spamming
C. Crackers
D. Sniffers
ANS:- B

2. Masquerading is:

A. Attempting to hack a system through backdoors to an operating system or application
B. Pretending to be an authorized user
C. Always done through IP spoofing
D. Applying a subnet mask to an internal IP range
ANS:- B

3. Integrity is the protection of data from all of the following EXCEPT:

A. Unauthorized changes
B. Accidental changes
C. Data analysis
D. Intentional manipulation
ANS:- C

4. A security program cannot address which of the following business goals?

A. Accuracy of information
B. Change control
C. User expectations
D. Prevention of fraud
ANS:- A

5. In most cases, integrity is enforced through :

A. Physical security
B. Logical security
C. Confidentiality
D. Access controls
ANS:- D

6. A “well-formed transaction” is one that:

A. Has all the necessary paperwork to substantiate the transaction.
B. Is based on clear business objectives.
C. Ensures that data can be manipulated only by a specific set of programs.
D. Is subject to duplicate processing.
ANS:- C

7. In an accounting department, several people are required to complete a financial process. This is most likely an example of:

A. Segregation of duties
B. Rotation of duties
C. Need-to-know
D. Collusion
ANS:- A

8. Risk Management is commonly understood as all of the following EXCEPT:

A. Analyzing and assessing risk
B. Identifying risk
C. Accepting or mitigation of risk
D. Likelihood of a risk occurring
ANS:- D

9. The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as:

A. Exposure Factor (EF)
B. Annualized Rate of Occurrence (ARO)
C. Vulnerability
D. Likelihood
ANS:- A

10. The absence of a fire-suppression system would be best characterized as a(n):

A. Exposure
B. Threat
C. Vulnerability
D. Risk
ANS:- C

11. Risk Assessment includes all of the following EXCEPT:

A. Implementation of effective countermeasures
B. Ensuring that risk is managed
C. Analysis of the current state of security in the target environment
D. Strategic analysis of risk
ANS:- A

12. A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?

A. Automated tools
B. Adoption of qualitative risk assessment processes
C. Increased reliance on internal experts for risk assessment
D. Recalculation of the work factor
ANS:- A

13. Data classification can assist an organization in:

A. Eliminating regulatory mandates
B. Lowering accountability of data classifiers
C. Reducing costs for protecting data
D. Normalization of databases
ANS:- C

14. Who “owns” an organization’s data?

A. Information technology group
B. Users
C. Data custodians
D. Business units
ANS:- D

15. An information security policy does NOT usually include:

A. Authority for the information security department
B. Guidelines for how to implement policy
C. The basis for data classification
D. Recognition of information as an asset of the organization
ANS:- B

16. The role of an information custodian should NOT include:

A. Restoration of lost or corrupted data
B. Regular backups of data
C. Establishing retention periods for data
D. Ensuring the availability of data
ANS:- C

17. The main objective of awareness training is:

A. Provide an understanding of responsibilities
B. Entertaining the users through creative programs
C. Overcoming all resistance to security procedures
D. To be repetitive to ensure accountability
ANS:- A

18. What is the primary target of a person employing social engineering?

A. An individual
B. A policy
C. Government agencies
D. An information system
ANS:- A

19. Social engineering can take many forms EXCEPT:

A. Dumpster diving
B. Coercion or intimidation
C. Sympathy
D. Eavesdropping
ANS:- D

20. Incident response planning can be instrumental in:

A. Meeting regulatory requirements
B. Creating customer loyalty
C. Reducing the impact of an adverse event on the organization
D. Ensuring management makes the correct decisions in a crisis
ANS:- C

CISSP Objective Questions Pdf Free Download::

31) Asymmetric key cryptography is used for all of the following except:
A. Encryption of data
B. Access control
C. Nonrepudiation
D. Steganography
ANS:- D

32) The most common forms of asymmetric key cryptography include
A. Diffie–Hellman
B. Rijndael
C. Blowfish
D. SHA-256
ANS:- A

33) What is an important disadvantage of using a public key algorithm compared to a symmetric algorithm?
A. A symmetric algorithm provides better access control.
B. A symmetric algorithm is a faster process.
C. A symmetric algorithm provides nonrepudiation of delivery.
D. A symmetric algorithm is more difficult to implement.
ANS:- B

34) When a user needs to provide message integrity, what options may be best?
A. Send a digital signature of the message to the recipient
B. Encrypt the message with a symmetric algorithm and send it
C. Encrypt the message with a private key to the recipient can decrypt with the corresponding public key
D. Create a checksum, append it to the message, encrypt the message, then send to a recipient.
ANS:- D

35) Does a certificate authority provide what benefits to a user?
A. Protection of public keys of all users
B. History of symmetric keys
C. Proof of nonrepudiation of origin
D. Validation that a public key is associated with a particular user
ANS:- D

36) What is the output length of a RIPEMD-160 hash?
A. 160 bits
B. 150 bits
C. 128 bits
D. 104 bits
ANS:- A

37) ANSI X9.17 is concerned primarily with
A. Protection and secrecy of keys
B. Financial records and retention of encrypted data
C. Formalizing a key hierarchy
D. The lifespan of key-encrypting keys (KKMs)
ANS:- A

38) When a certificate is revoked, what is the proper procedure?
A. Setting new key expiry dates
B. Updating the certificate revocation list
C. Removal of the private key from all directories
D. Notification to all employees of revoked keys
ANS:- B

39) What is not true about link encryption?
A. Link encryption encrypts routing information.
B. Link encryption is often used for Frame Relay or satellite links.
C. Link encryption is suitable for high-risk environments.
D. Link encryption provides better traffic flow confidentiality.
ANS:- C

40) A_________ is the sequence that controls the operation of the cryptographic algorithm .
A. Encoder
B. Decoder wheel
C. Cryptovariable
D. Cryptographic routine
ANS:- C

41) The process used in most block ciphers to increase their strength is
A. Diffusion
B. Confusion
C. Step function
D. SP-network
ANS:- D

42) The two methods of encrypting data are
A. Substitution and transposition
B. Block and stream
C. Symmetric and asymmetric
D. DES and AES
ANS:- C

43) Cryptography supports all of the core principles of information security except
A. Availability
B. Confidentiality
C. Integrity
D. Authenticity
ANS:- D

44) A way to defeat frequency analysis as a method to determine the key is to use
A. Substitution ciphers
B. Transposition ciphers
C. Polyalphabetic ciphers
D. Inversion ciphers
ANS:- C

45) The running key cipher is based on
A. Modular arithmetic
B. XOR mathematics
C. Factoring
D. Exponentiation
ANS:- A

46) The only cipher system said to be unbreakable by brute force is
A. AES
B. DES
C. One-time pad
D. Triple DES
ANS:- C

47) Messages protected by steganography can be transmitted to
A. Picture files
B. Music files
C. Video files
D. All of the above
ANS:- D

48) a significant action has a state that enables actions on an ADP system to be traced to individuals who may then be held responsible. The action does NOT include :
A. Violations of security policy.
B. Attempted violations of security policy.
C. Non-violations of security policy.
D. Attempted violations of allowed actions.
ANS:- D

49) Which of the following embodies all the detailed actions that personnel is required to follow?
A. Standards
B. Guidelines
C. Procedures
D. Baselines
ANS:- C

50) which of the following choices is NOT part of a security policy?
A. definition of overall steps of information security and the importance of security
B. statement of management intend, supporting the goals and principles of information security
C. definition of general and specific responsibilities for information security management
D. .description of specific technologies used in the field of information security
ANS:- D