CISSP Multiple Choice Questions:-
1. When an attacker sends unsolicited communication, it is an example of:
2. Masquerading is:
A. Attempting to hack a system through backdoors to an operating system or application
B. Pretending to be an authorized user
C. Always done through IP spoofing
D. Applying a subnet mask to an internal IP range
3. Integrity is the protection of data from all of the following EXCEPT:
A. Unauthorized changes
B. Accidental changes
C. Data analysis
D. Intentional manipulation
4. A security program cannot address which of the following business goals?
A. Accuracy of information
B. Change control
C. User expectations
D. Prevention of fraud
5. In most cases, integrity is enforced through :
A. Physical security
B. Logical security
D. Access controls
6. A “well-formed transaction” is one that:
A. Has all the necessary paperwork to substantiate the transaction.
B. Is based on clear business objectives.
C. Ensures that data can be manipulated only by a specific set of programs.
D. Is subject to duplicate processing.
7. In an accounting department, several people are required to complete a financial process. This is most likely an example of:
A. Segregation of duties
B. Rotation of duties
8. Risk Management is commonly understood as all of the following EXCEPT:
A. Analyzing and assessing risk
B. Identifying risk
C. Accepting or mitigation of risk
D. Likelihood of a risk occurring
9. The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as:
A. Exposure Factor (EF)
B. Annualized Rate of Occurrence (ARO)
10. The absence of a fire-suppression system would be best characterized as a(n):
11. Risk Assessment includes all of the following EXCEPT:
A. Implementation of effective countermeasures
B. Ensuring that risk is managed
C. Analysis of the current state of security in the target environment
D. Strategic analysis of risk
12. A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?
A. Automated tools
B. Adoption of qualitative risk assessment processes
C. Increased reliance on internal experts for risk assessment
D. Recalculation of the work factor
13. Data classification can assist an organization in:
A. Eliminating regulatory mandates
B. Lowering accountability of data classifiers
C. Reducing costs for protecting data
D. Normalization of databases
14. Who “owns” an organization’s data?
A. Information technology group
C. Data custodians
D. Business units
15. An information security policy does NOT usually include:
A. Authority for the information security department
B. Guidelines for how to implement policy
C. The basis for data classification
D. Recognition of information as an asset of the organization
16. The role of an information custodian should NOT include:
A. Restoration of lost or corrupted data
B. Regular backups of data
C. Establishing retention periods for data
D. Ensuring the availability of data
17. The main objective of awareness training is:
A. Provide an understanding of responsibilities
B. Entertaining the users through creative programs
C. Overcoming all resistance to security procedures
D. To be repetitive to ensure accountability
18. What is the primary target of a person employing social engineering?
A. An individual
B. A policy
C. Government agencies
D. An information system
19. Social engineering can take many forms EXCEPT:
A. Dumpster diving
B. Coercion or intimidation
20. Incident response planning can be instrumental in:
A. Meeting regulatory requirements
B. Creating customer loyalty
C. Reducing the impact of an adverse event on the organization
D. Ensuring management makes the correct decisions in a crisis
CISSP Objective Questions Pdf Free Download::
31) Asymmetric key cryptography is used for all of the following except:
A. Encryption of data
B. Access control
32) The most common forms of asymmetric key cryptography include
33) What is an important disadvantage of using a public key algorithm compared to a symmetric algorithm?
A. A symmetric algorithm provides better access control.
B. A symmetric algorithm is a faster process.
C. A symmetric algorithm provides nonrepudiation of delivery.
D. A symmetric algorithm is more difficult to implement.
34) When a user needs to provide message integrity, what options may be best?
A. Send a digital signature of the message to the recipient
B. Encrypt the message with a symmetric algorithm and send it
C. Encrypt the message with a private key to the recipient can decrypt with the corresponding public key
D. Create a checksum, append it to the message, encrypt the message, then send to a recipient.
35) Does a certificate authority provide what benefits to a user?
A. Protection of public keys of all users
B. History of symmetric keys
C. Proof of nonrepudiation of origin
D. Validation that a public key is associated with a particular user
36) What is the output length of a RIPEMD-160 hash?
A. 160 bits
B. 150 bits
C. 128 bits
D. 104 bits
37) ANSI X9.17 is concerned primarily with
A. Protection and secrecy of keys
B. Financial records and retention of encrypted data
C. Formalizing a key hierarchy
D. The lifespan of key-encrypting keys (KKMs)
38) When a certificate is revoked, what is the proper procedure?
A. Setting new key expiry dates
B. Updating the certificate revocation list
C. Removal of the private key from all directories
D. Notification to all employees of revoked keys
39) What is not true about link encryption?
A. Link encryption encrypts routing information.
B. Link encryption is often used for Frame Relay or satellite links.
C. Link encryption is suitable for high-risk environments.
D. Link encryption provides better traffic flow confidentiality.
40) A_________ is the sequence that controls the operation of the cryptographic algorithm .
B. Decoder wheel
D. Cryptographic routine
41) The process used in most block ciphers to increase their strength is
C. Step function
42) The two methods of encrypting data are
A. Substitution and transposition
B. Block and stream
C. Symmetric and asymmetric
D. DES and AES
43) Cryptography supports all of the core principles of information security except
44) A way to defeat frequency analysis as a method to determine the key is to use
A. Substitution ciphers
B. Transposition ciphers
C. Polyalphabetic ciphers
D. Inversion ciphers
45) The running key cipher is based on
A. Modular arithmetic
B. XOR mathematics
46) The only cipher system said to be unbreakable by brute force is
C. One-time pad
D. Triple DES
47) Messages protected by steganography can be transmitted to
A. Picture files
B. Music files
C. Video files
D. All of the above
48) a significant action has a state that enables actions on an ADP system to be traced to individuals who may then be held responsible. The action does NOT include :
A. Violations of security policy.
B. Attempted violations of security policy.
C. Non-violations of security policy.
D. Attempted violations of allowed actions.
49) Which of the following embodies all the detailed actions that personnel is required to follow?
50) which of the following choices is NOT part of a security policy?
A. definition of overall steps of information security and the importance of security
B. statement of management intend, supporting the goals and principles of information security
C. definition of general and specific responsibilities for information security management
D. .description of specific technologies used in the field of information security