CISSP Study Quiz

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Skofft2134
S
Skofft2134
Community Contributor
Quizzes Created: 2 | Total Attempts: 3,294
| Attempts: 2,943
Quiz Flashcard
SettingsSettings
Please wait...
  • 1/335 Questions

    Which of the following refers to a location away from the computer center where document copies and backup media are kept?

    • Storage Area network
    • Off-Site storage
    • On-site storage
    • Network attached storage
Please wait...
About This Quiz

The CISSP Study Quiz is designed to assess knowledge in information security, focusing on business continuity, risk management, and legal frameworks. It prepares learners for the CISSP certification, enhancing their understanding of essential security principles and practices.

CISSP Study Quiz - Quiz

Quiz Preview

  • 2. 

    Which of the following is NOT a natural environmental threat that an organization faces?

    • Floods

    • Environmentalist Strike

    • Storms

    • Earthquake

    Correct Answer
    A. Environmentalist Strike
    Explanation
    An environmentalist strike is not a natural environmental threat that an organization faces. Natural environmental threats refer to events or disasters that occur in nature, such as floods, storms, and earthquakes. These events are beyond human control and can cause significant damage to an organization's infrastructure and operations. On the other hand, an environmentalist strike is a result of human action and activism, where individuals or groups protest against an organization's environmental practices or policies. While it can have an impact on an organization's reputation and operations, it is not considered a natural environmental threat.

    Rate this question:

  • 3. 

    Defining technology security architecture in relationship with other technology domains is a benefit of the enterprise security architecture.

    • True

    • False

    Correct Answer
    A. True
    Explanation
    Defining technology security architecture in relationship with other technology domains is a benefit of the enterprise security architecture because it helps to establish a comprehensive and cohesive approach to securing the organization's technology infrastructure. By aligning the security architecture with other technology domains, such as network architecture or application architecture, it ensures that security measures are integrated throughout the entire technology landscape. This approach enhances the effectiveness and efficiency of security controls, reduces vulnerabilities, and enables better protection of the organization's assets and data.

    Rate this question:

  • 4. 

    Which layer is not part of the OSI model?

    • Application

    • Internet

    • Data Link

    • Session

    Correct Answer
    A. Internet
    Explanation
    The layer that is not part of the OSI model is the Internet layer. The OSI model consists of seven layers: Application, Presentation, Session, Transport, Network, Data Link, and Physical. The Internet layer is not included in the OSI model, as it is part of the TCP/IP protocol suite. The Internet layer is responsible for routing packets across different networks, while the Network layer in the OSI model handles similar functions.

    Rate this question:

  • 5. 

    Encryption is converting a message from ciphertext to plaintext.

    • True

    • False

    Correct Answer
    A. False
    Explanation
    Encryption is the process of converting plaintext into ciphertext, not the other way around. In encryption, the original message is transformed into an unreadable form to protect its confidentiality. The correct answer is false because encryption converts plaintext to ciphertext, not the other way around.

    Rate this question:

  • 6. 

    Remote Access does what of the following?

    • Provides administrators and end users with the ability to access resources from a distant location

    • Is one of the lease exploited IT capabilities

    • Enforces authentication

    • Employs strong authentication

    Correct Answer
    A. Provides administrators and end users with the ability to access resources from a distant location
    Explanation
    Remote Access refers to the capability of accessing resources, such as files, applications, or networks, from a distant location. It enables administrators and end users to connect to their work or personal resources remotely, without being physically present at the location where the resources are stored. This allows for increased flexibility and convenience, as individuals can access their resources from anywhere in the world as long as they have an internet connection. Remote Access often employs strong authentication measures to ensure the security and integrity of the connection.

    Rate this question:

  • 7. 

    The doors of a data center spring open in the event of a fire.  This is an example of 

    • Fail safe

    • Fail secure

    • Fail proof

    • Fail closed

    Correct Answer
    A. Fail safe
    Explanation
    The doors of a data center spring open in the event of a fire, which is an example of a fail safe mechanism. A fail safe system is designed to default to a safe state in the event of a failure or emergency. In this case, the doors opening ensures that people can quickly and safely exit the data center during a fire, minimizing potential harm and damage.

    Rate this question:

  • 8. 

    When outsourcing IT systems

    • All regulatory and compliance requirements must be passed on to the provider

    • The outsourcing organization is free from compliance obligations

    • The outsourced IT systems are free from compliance obligations

    • The provider is free from compliance obligations

    Correct Answer
    A. All regulatory and compliance requirements must be passed on to the provider
    Explanation
    An organization's obligations for due care extend to its business partners

    Rate this question:

  • 9. 

    Define and detail the aspects of password selection that distinguish good password choices from ultimately poor password choices.

    • Difficult to guess or unpredictable

    • Meet minimum length requirements

    • Meet specific complexity requirements

    • All of the above

    Correct Answer
    A. All of the above
    Explanation
    The correct answer is "All of the above" because all three aspects mentioned - being difficult to guess or unpredictable, meeting minimum length requirements, and meeting specific complexity requirements - are important in distinguishing good password choices from ultimately poor password choices. A strong password should be hard for others to guess, should be of sufficient length to make it harder to crack, and should include a combination of different character types to increase its complexity. Considering all these aspects together ensures a stronger and more secure password.

    Rate this question:

  • 10. 

    It can be said that IPSec

    • Provides mechanisms for authentication and encryption

    • Provides mechanisms for nonrepudiatoin

    • Will only be deployed with IPv6

    • Only authenticates clients against a server

    Correct Answer
    A. Provides mechanisms for authentication and encryption
    Explanation
    IPSec is a suite of protocols for communicating securely with IP by providing mechanisms for authenticating and encryption. Standard IPSec authenticates only hosts with each other.

    Rate this question:

  • 11. 

    A botnet can be characterized as

    • A network used solely for internal communications

    • An automatic security alerting tool for corporate networks

    • A group of dispersed, compromised machines controlled remotely for illicit reasons.

    • A type of virus

    Correct Answer
    A. A group of dispersed, compromised machines controlled remotely for illicit reasons.
    Explanation
    A botnet refers to a network of computers that have been compromised and are under the control of a remote attacker. These compromised machines are often spread out across different locations and are used for various illicit purposes, such as launching distributed denial-of-service (DDoS) attacks, sending spam emails, or stealing sensitive information. The term "botnet" does not refer to a network used solely for internal communications or an automatic security alerting tool for corporate networks. It is also not a type of virus, as it involves the control and coordination of multiple compromised machines rather than being a standalone malicious program.

    Rate this question:

  • 12. 

    __________ requires that a user of process be granted access to only those resources necessary to perform assigned functions.

    • Discretionary access control

    • Separation of duties

    • Least privilege

    • Rotation of duties

    Correct Answer
    A. Least privilege
    Explanation
    The principle of least privilege is one of the most fundamental characteristics of access control for meeting security objectives. Least privilege requires that a user or process be given no more access privilege than necessary to perform a job, task, or function

    Rate this question:

  • 13. 

    Effective security management:

    • Achieves security at the lowest cost

    • Reduces risk to an acceptable level

    • Prioritizes security for new products

    • Installs patches in a timely manner

    Correct Answer
    A. Reduces risk to an acceptable level
    Explanation
    Effective security management is the process of implementing strategies and measures to protect assets and minimize vulnerabilities. By reducing risk to an acceptable level, security management ensures that potential threats and vulnerabilities are identified and addressed, minimizing the likelihood and impact of security breaches. This approach allows organizations to allocate their resources efficiently and effectively, focusing on areas that pose the greatest risk. By prioritizing risk reduction, organizations can achieve a balance between security and cost, ensuring that security measures are implemented in a cost-effective manner while still providing an acceptable level of protection.

    Rate this question:

  • 14. 

    The major benefit of information classification is to

    • Map out the computing ecosystem

    • Identify the threats and vulnerabilities

    • Determine the software baseline

    • Identify the appropriate level of protection needs

    Correct Answer
    A. Identify the appropriate level of protection needs
    Explanation
    Information classification helps in identifying the appropriate level of protection needs for different types of information. By categorizing information based on its sensitivity and criticality, organizations can determine the level of security measures required to safeguard it. This includes implementing access controls, encryption, and other security measures based on the classification level. This ensures that resources are allocated effectively and that the necessary safeguards are in place to protect information from unauthorized access, modification, or disclosure.

    Rate this question:

  • 15. 

    Test outputs should be compared against expected outputs.

    • True

    • False

    Correct Answer
    A. True
    Explanation
    The statement is suggesting that when conducting tests, the outputs should be compared to the expected outputs. This is a fundamental principle in testing, as it allows for the verification and validation of the system being tested. By comparing the actual outputs to the expected outputs, any discrepancies or errors can be identified and addressed. Therefore, the answer "True" is correct as it aligns with the standard practice in testing.

    Rate this question:

  • 16. 

    The integrity of a forensic bit stream image is determined by:

    • Comparing hash totals to the original source

    • Keeping good notes

    • Taking pictures

    • Encrypted keys

    Correct Answer
    A. Comparing hash totals to the original source
    Explanation
    To ensure the integrity of a forensic bit stream image, it is necessary to compare the hash totals of the image to the original source. Hashing algorithms generate a unique hash value for a given set of data, and comparing the hash totals helps verify that the image has not been altered or tampered with. This process ensures that the forensic image accurately represents the original source, making it a reliable piece of evidence in forensic investigations. Keeping good notes and taking pictures might be useful for documentation purposes, but they do not directly determine the integrity of the image. Encrypted keys, on the other hand, are unrelated to the integrity of the image.

    Rate this question:

  • 17. 

    Which one is a benefit of a enterprise security architecture?

    • Present and document various elements of the security architecture in order to ensure strategic alignment

    • Provide an understanding of the impact on security posture of development and implementation within other domains

    • Support, enable, and extend security policies and standards

    • All of the above

    Correct Answer
    A. All of the above
    Explanation
    The benefit of an enterprise security architecture is that it allows for the presentation and documentation of various elements of the security architecture, ensuring strategic alignment. It also provides an understanding of the impact on security posture when developing and implementing within other domains. Additionally, it supports, enables, and extends security policies and standards. Therefore, all of the above options are benefits of an enterprise security architecture.

    Rate this question:

  • 18. 

    Modifying identifying information so as to make communication appear to come from a trusted source is known as

    • Spoofing

    • Eavesdropping

    • Emanations

    • Sniffing

    Correct Answer
    A. Spoofing
    Explanation
    Spoofing refers to the act of altering or falsifying identifying information in order to make communication appear to come from a trusted source. This can be done through various means such as manipulating IP addresses, email headers, or caller IDs. Spoofing is often used by attackers to deceive recipients into believing that the communication is legitimate, allowing them to gain unauthorized access or trick individuals into revealing sensitive information. It is a common technique employed in phishing attacks, email scams, and impersonation attempts.

    Rate this question:

  • 19. 

    The monitoring of outbound network traffic for indicators of compromise is called:

    • Outland monitoring

    • Inland monitoring

    • Ingress monitoring

    • Egress monitoring

    Correct Answer
    A. Egress monitoring
    Explanation
    Egress monitoring refers to the practice of monitoring outbound network traffic to identify any signs of compromise or unauthorized activity. By analyzing the data leaving a network, organizations can detect potential threats, such as data breaches, malware infections, or suspicious communication patterns. This allows for the timely response and mitigation of any security incidents, helping to protect the network and its assets.

    Rate this question:

  • 20. 

    A disadvantage of single sign-on is

    • Consistent time-out enforcement across platforms

    • A compromised password exposes all authorized resources

    • Use of multiple passwords to remember

    • Password change control

    Correct Answer
    A. A compromised password exposes all authorized resources
    Explanation
    A disadvantage of single sign-on is that if a user's password is compromised, it can potentially grant access to all authorized resources. This means that if a hacker gains access to a user's single sign-on password, they would have unrestricted access to all the platforms and services that the user has access to, posing a significant security risk.

    Rate this question:

  • 21. 

    To maintain the security architecture, of the following, which is true?

    • Business needs change; technology changes; personnel change; threats adapt and grow; constant reassessment and improvement is necessary

    • Metrics and reporting are required to ensure continuous improvement

    • Maturity models assist in determining whether an organization is focused on optimization

    • All of the above

    Correct Answer
    A. All of the above
    Explanation
    The given correct answer is "All of the above". This means that all of the statements mentioned in the options are true. The explanation for this answer is that maintaining the security architecture requires constant reassessment and improvement due to various factors such as changing business needs, evolving technology, personnel changes, and growing threats. Metrics and reporting are necessary to ensure continuous improvement, and maturity models help in determining if an organization is focused on optimization. Therefore, all of these factors contribute to maintaining the security architecture.

    Rate this question:

  • 22. 

    Polyalphabetic encryption techniques use multiple alphabets for each successive character replacement, making analysis much more difficult.

    • True

    • False

    Correct Answer
    A. True
    Explanation
    Polyalphabetic encryption techniques use multiple alphabets for each successive character replacement. This means that instead of using a single alphabet for encryption, different alphabets are used for each character in the plaintext. This makes the encryption more secure and difficult to analyze. By using multiple alphabets, it becomes harder for attackers to identify patterns or frequencies in the ciphertext, making it more challenging to break the encryption and decipher the message. Therefore, the given statement is true.

    Rate this question:

  • 23. 

    When sensitive information is no longer critical but still within scope of a record retention policy, that information is BEST

    • Destroyed

    • Re-categorized

    • Degaussed

    • Released

    Correct Answer
    A. Re-categorized
    Explanation
    When sensitive information is no longer critical but still within the scope of a record retention policy, it is best to re-categorize the information. This means that the information should be moved to a different category or classification that reflects its reduced importance or sensitivity. This allows for better organization and management of the information while still adhering to the record retention policy.

    Rate this question:

  • 24. 

    The best way to ensure that there is no data remanence of sensitive information that was once stored on a DVD-R media is by

    • Deletion

    • Degaussing

    • Destruction

    • Overwriting

    Correct Answer
    A. Destruction
    Explanation
    The best way to ensure that there is no data remanence of sensitive information that was once stored on a DVD-R media is by destruction. This means physically destroying the DVD-R media so that the data cannot be recovered. Deletion and overwriting may leave traces of the data that can potentially be recovered, while degaussing may not be effective on optical media like DVD-R. Therefore, destruction is the most reliable method to prevent any data remanence.

    Rate this question:

  • 25. 

    What is not mentioned as a phase of an incident response?

    • Documentation

    • Prosecution

    • Containment

    • Investigation

    Correct Answer
    A. Prosecution
    Explanation
    The incident response and handling phase can be broken down further into triage, investigation, containment, and analysis and tracking.

    Rate this question:

  • 26. 

    Which of the following is the technology of indoor environmental comfort?

    • CCTV

    • HVAC

    • Lightning

    • Fire Suppression

    Correct Answer
    A. HVAC
    Explanation
    HVAC stands for Heating, Ventilation, and Air Conditioning, which is a technology used to control and maintain the indoor environmental comfort of a building. It includes systems and equipment that regulate temperature, humidity, and air quality to create a comfortable and healthy living or working environment. CCTV, lightning, and fire suppression are not related to indoor environmental comfort.

    Rate this question:

  • 27. 

    Which of the following terms refers to a mechanism which proves that the sender really sent a specific message?

    • Integrity

    • Confidentiality

    • Authentication

    • Non-repudiation

    Correct Answer
    A. Non-repudiation
    Explanation
    Non-repudiation refers to a mechanism that proves that the sender really sent a specific message. It ensures that the sender cannot deny sending the message, providing evidence of the message's origin and authenticity. This mechanism is crucial in legal and business contexts where it is important to establish the accountability of the sender and maintain the integrity of communication.

    Rate this question:

  • 28. 

    NIST identifies three service models that represent different types of cloud services available, what are they?

    • Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)

    • Security as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS)

    • Software as a Service (SaaS), Integrity as as Service (IaaS), and Platform as a Service (PaaS)

    • Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Process as a Service (PaaS)

    Correct Answer
    A. Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)
    Explanation
    The correct answer is Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). These three service models are identified by NIST as different types of cloud services available. SaaS refers to software applications that are accessed over the internet, IaaS provides virtualized computing resources like servers and storage, and PaaS offers a platform for developing and deploying applications. These models represent different levels of cloud service offerings, allowing users to choose the level of control and management they require for their applications and infrastructure.

    Rate this question:

  • 29. 

    A new installation requires a network in a heavy manufacturing area with substantial amounts of electromagnetic radiation and power fluctuations.  Which media is best suited for this environment if little degradation is tolerated?

    • Coax cable

    • Wireless

    • Shielded twisted pair

    • Fiber

    Correct Answer
    A. Fiber
    Explanation
    Fiber optic cables are best suited for heavy manufacturing areas with electromagnetic radiation and power fluctuations because they are not affected by electromagnetic interference and can handle high amounts of data without degradation. Fiber optic cables use light signals to transmit data, which makes them immune to electromagnetic radiation. Additionally, they have a higher bandwidth and can transmit data over longer distances compared to other media options.

    Rate this question:

  • 30. 

    Role-based access control

    • Is unique to mandatory access control

    • Is independent of owner input

    • Is based on user job functions

    • Can be compromised by inheritance

    Correct Answer
    A. Is based on user job functions
    Explanation
    Role-based access control is a method of restricting access to resources based on the roles or job functions of users within an organization. It allows administrators to assign permissions to specific roles, and users are then assigned to those roles. This approach is independent of owner input, meaning that access control decisions are not solely based on the ownership of the resource. Instead, it focuses on the job functions of users and their associated roles. In this way, role-based access control provides a more flexible and scalable approach to managing access to resources within an organization.

    Rate this question:

  • 31. 

    Which of the following ensures constant redundancy and fault-tolerance?

    • Cold spare

    • Warm spare

    • Hot spare

    • Archives

    Correct Answer
    A. Hot spare
    Explanation
    Cold spare: spare component can be installed if needed
    Warm spare: installed and powered off
    Hot pare: installed and powered on

    Rate this question:

  • 32. 

    The strategy of forming layers of protection around an asset or facility is known as:

    • Secured perimeter

    • Defense-in-depth

    • Reinforced Barrier Deterrent

    • Reasonable Asset Protection

    Correct Answer
    A. Defense-in-depth
    Explanation
    Defense-in-depth is the strategy of implementing multiple layers of security measures to protect an asset or facility. This approach involves the use of various security controls such as physical barriers, access controls, surveillance systems, and intrusion detection systems. By employing multiple layers of protection, the likelihood of a successful breach or attack is significantly reduced, as each layer adds an additional hurdle for potential threats to overcome. This strategy aims to provide a comprehensive and holistic defense, ensuring that even if one layer is compromised, there are still other layers in place to prevent unauthorized access or damage.

    Rate this question:

  • 33. 

    Which of the following BEST describe three separate functions of CCTV?

    • Surveillance, deterrence, and evidentiary archives

    • Intrusion detection, detainment, and response

    • Optical scanning, infrared beaming, and lighting

    • Monitoring, white balancing, and inspection

    Correct Answer
    A. Surveillance, deterrence, and evidentiary archives
    Explanation
    CCTV, or closed-circuit television, serves multiple functions. Surveillance refers to the act of monitoring and observing activities in a specific area. CCTV cameras are commonly used for this purpose to ensure security and safety. Deterrence involves using the presence of CCTV cameras as a means to discourage potential criminals or wrongdoers from committing offenses. Evidentiary archives refer to the storage of recorded footage from CCTV cameras, which can be used as evidence in investigations or legal proceedings. Therefore, the answer "surveillance, deterrence, and evidentiary archives" best describes three separate functions of CCTV.

    Rate this question:

  • 34. 

    What type of risk remains after the implementation of new or enhanced controls?

    • Substantial

    • Residual

    • Inherent

    • Obsolete

    Correct Answer
    A. Residual
    Explanation
    Residual risk refers to the level of risk that remains after implementing new or enhanced controls. It represents the potential harm or negative impact that could still occur despite the implementation of these controls. Residual risk is important to identify and manage as it helps organizations understand the remaining vulnerabilities and take appropriate actions to mitigate them. Therefore, after implementing new or enhanced controls, residual risk is the type of risk that remains.

    Rate this question:

  • 35. 

    Which one of the following is a common system component in the system security architecture?

    • Processor

    • Storage

    • OS

    • All of the above

    Correct Answer
    A. All of the above
    Explanation
    All of the above options - Processor, Storage, and OS - are common system components in the system security architecture. The processor is responsible for executing instructions and performing calculations, while storage is used to store data and programs. The operating system (OS) manages the hardware and software resources of the computer system, including security features such as user authentication, access control, and encryption. Therefore, all three components play a crucial role in ensuring system security.

    Rate this question:

  • 36. 

    An emerging concept of highly-interconnected physical devices with embedded sensor and communications capabilities is called:

    • Internet devices

    • Internet of things

    • Internet of people

    • Interconnected homes

    Correct Answer
    A. Internet of things
    Explanation
    The correct answer is "Internet of things." This term refers to the concept of connecting various physical devices through the internet, allowing them to communicate with each other and collect and exchange data. These devices are equipped with sensors and communication capabilities, enabling them to interact and share information, leading to increased automation, efficiency, and convenience in various domains such as home automation, healthcare, transportation, and more.

    Rate this question:

  • 37. 

    A guard dog patrolling the perimeter of a data center is what type of a control?

    • Recovery

    • Administrative

    • Logical

    • Physical

    Correct Answer
    A. Physical
    Explanation
    A guard dog patrolling the perimeter of a data center is an example of a physical control. Physical controls are measures that are put in place to physically protect assets or resources. In this case, the guard dog serves as a physical deterrent and protection against unauthorized access to the data center.

    Rate this question:

  • 38. 

    Assuming a working IDS is in place, which of the following groups is BEST capable of stealing sensitive information due to the absence of system auditing?

    • Malicious software (malware)

    • Hacker or cracker

    • Disgruntled employee

    • Auditors

    Correct Answer
    A. Disgruntled employee
    Explanation
    A disgruntled employee is the best capable of stealing sensitive information due to the absence of system auditing because they have insider knowledge and access to the organization's systems and data. Unlike external threats like malicious software or hackers, a disgruntled employee already has authorized access and can exploit this advantage without raising suspicion. Additionally, auditors are responsible for ensuring system auditing and compliance, so they would not be able to steal sensitive information due to their role.

    Rate this question:

  • 39. 

    Which of the following is responsible for maintaining certificates in a public key infrastructure (PKI)?

    • Domain Controller

    • Certificate User

    • Certification Authority

    • Public Authentication Server

    Correct Answer
    A. Certification Authority
    Explanation
    A Certification Authority is responsible for maintaining certificates in a public key infrastructure (PKI). A Certification Authority is a trusted entity that issues and manages digital certificates, which are used to verify the authenticity and integrity of electronic documents and communications. The Certification Authority ensures that the certificates are valid, up-to-date, and properly issued. It also revokes certificates when necessary and manages the overall security of the PKI system.

    Rate this question:

  • 40. 

    Which of the following is most likely to detect DoS attacks?

    • Host-based IDS

    • Network-based IDS

    • Vulnerability scanner

    • Penetration Testing

    Correct Answer
    A. Network-based IDS
    Explanation
    A network-based IDS (Intrusion Detection System) is most likely to detect DoS (Denial of Service) attacks. Unlike a host-based IDS, which monitors the activities on a single host or device, a network-based IDS monitors the network traffic and analyzes it for any suspicious or malicious activities. DoS attacks typically involve overwhelming a network or system with excessive traffic or requests, causing it to become unavailable to legitimate users. Therefore, a network-based IDS can detect and alert administrators about the abnormal traffic patterns associated with DoS attacks, allowing them to take necessary actions to mitigate the attack.

    Rate this question:

  • 41. 

    Within the realm of IT security, which of the following combinations best defines risk?

    • Threat coupled with a breach

    • Threat coupled with a vulnerabilty

    • Vulnerability coupled with an attack

    • Threat coupled with a breach of security

    Correct Answer
    A. Threat coupled with a vulnerabilty
    Explanation
    Risk in the realm of IT security is best defined as a combination of a threat and a vulnerability. A threat refers to any potential danger or harm that could exploit a vulnerability in a system or network. A vulnerability, on the other hand, is a weakness or flaw in the system that could be exploited by a threat. Therefore, the combination of a threat and a vulnerability poses the highest level of risk, as it indicates the presence of a potential danger that could exploit a weakness in the system.

    Rate this question:

  • 42. 

    Which of the following methods is not acceptable for exercising the business continuity plan?

    • Table-top exercise

    • Call exercise

    • Simulated exercise

    • Halting a production application or function

    Correct Answer
    A. Halting a production application or function
    Explanation
    Halting a production application or function is not an acceptable method for exercising the business continuity plan because it can disrupt the normal operations of the business and potentially cause financial losses. The purpose of exercising the plan is to test its effectiveness in maintaining critical functions during a crisis, not to intentionally disrupt those functions. Table-top exercises, call exercises, and simulated exercises are more appropriate methods for testing the plan's response to different scenarios without causing actual disruptions to the business.

    Rate this question:

  • 43. 

    A potential vulnerability of the Kerberos authentication server is

    • Single point of failure

    • Asymmetric key compromise

    • Use of dynamic passwords

    • Limited lifetimes for authentication credentials

    Correct Answer
    A. Single point of failure
    Explanation
    The potential vulnerability of the Kerberos authentication server is a single point of failure. This means that if the server fails or is compromised, the entire authentication process becomes compromised, allowing unauthorized access to the system. It is important to have redundancy and backup measures in place to mitigate this vulnerability and ensure the secure functioning of the authentication server.

    Rate this question:

  • 44. 

    Before applying a software update to production systems, it is MOST important that

    • Full disclosure information about the threat that the patch addresses is available

    • The patching process is documented

    • The production systems are backed up

    • An independent third party attests the validity of the patch

    Correct Answer
    A. The production systems are backed up
    Explanation
    Before applying a software update to production systems, it is most important that the production systems are backed up. This is crucial because if anything goes wrong during the update process, the backed-up data can be used to restore the systems to their previous state. Backing up the production systems ensures that any potential data loss or system failure can be mitigated, minimizing the impact on the organization's operations.

    Rate this question:

  • 45. 

    In which of the following alternative site configurations is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility?

    • Hot Site

    • Mobile Site

    • Warm Site

    • Cold Site

    Correct Answer
    A. Hot Site
    Explanation
    A hot site is a type of alternative site configuration where a backup facility is maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility. This means that all the necessary equipment and resources are readily available and operational, allowing for a seamless transition in case of a disaster or system failure.

    Rate this question:

  • 46. 

    Which of the following is the technology of indoor environmental comfort?

    • CCTV

    • HVAC

    • Lightning

    • Fire Suppression

    Correct Answer
    A. HVAC
    Explanation
    HVAC stands for Heating, Ventilation, and Air Conditioning, which is a technology used to provide indoor environmental comfort. It involves controlling and regulating the temperature, humidity, and air quality within a building or enclosed space. HVAC systems are commonly used in residential, commercial, and industrial settings to ensure a comfortable and healthy indoor environment for occupants.

    Rate this question:

  • 47. 

    Attempting to crack a password by using common words from a text file is known as what kind of attack?

    • Brute force

    • Shoulder surfing

    • Dictionary

    • SQL Injection

    Correct Answer
    A. Dictionary
    Explanation
    The correct answer is "Dictionary". In a dictionary attack, an attacker tries to crack a password by using common words from a text file. This method is based on the assumption that many users choose weak passwords that can be found in a dictionary. The attacker systematically tries each word from the dictionary file as a potential password, until the correct one is found.

    Rate this question:

  • 48. 

    Which of the following uses a Key Distribution Center (KDC) to authenticate a principle?

    • CHAP

    • PAP

    • TACACS

    • Kerberos

    Correct Answer
    A. Kerberos
    Explanation
    Kerberos uses a Key Distribution Center (KDC) to authenticate a principle. The KDC acts as a trusted third party that issues tickets to the clients and servers in the network. These tickets are used to authenticate the identity of the principle and establish secure communication between them. The KDC generates a session key that is shared between the client and the server, which is used to encrypt and decrypt the communication. This ensures that only authorized entities can access the network resources and prevents unauthorized access or tampering.

    Rate this question:

  • 49. 

    The best way to ensure that there is no data remanence of sensitive information that was once stored on a DVD-R media is by 

    • Deletion

    • Degaussing

    • Destruction

    • Overwriting

    Correct Answer
    A. Destruction
    Explanation
    The best way to ensure that there is no data remanence of sensitive information that was once stored on a DVD-R media is by destruction. Destruction involves physically damaging the DVD-R media to the point where the data cannot be recovered. This can be done through methods such as shredding, incineration, or crushing. By completely destroying the media, any sensitive information stored on it will be permanently erased, making it impossible for anyone to retrieve the data.

    Rate this question:

Quiz Review Timeline (Updated): Mar 21, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Jun 21, 2016
    Quiz Created by
    Skofft2134

Recent Quizzes

CISSP Prep Quiz: Domain 1 CISSP Prep Quiz: Domain 1
Trivia quiz on CISSP exam! Trivia quiz on CISSP exam!
CISSP Study Quiz 2 CISSP Study Quiz 2
Highmark- CISSP Initial Skill Set Evaluation Highmark- CISSP Initial Skill Set Evaluation
CISSP- Telecommunications & Networking CISSP- Telecommunications & Networking
CISSP- Security Architecture and Design CISSP- Security Architecture and Design
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.