Trivia Quiz: Can You Pass This CISSP Certification Exam?

Reviewed by Editorial Team

The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.

Learn about Our Editorial Process

| By Dbatson

Dbatson

Community Contributor

Quizzes Created: 2 | Total Attempts: 5,175

| Attempts: 4,233 | Questions: 18

Quiz Flashcard

Share on Facebook Share on Twitter Share on Whatsapp Share on Pinterest Share on Email Copy to Clipboard Embed on your website

Question 1 / 18

0 %

0/100

Score 0/100

1. Masquerading is:

Attempting to hack a system through backdoors to an operating system or application

Pretending to be an authorized user

Always done through IP spoofing

Applying a subnet mask to an internal IP range

Answer b:
Pretending to be the authorized user.

Explanation

Answer b:
Pretending to be the authorized user.

Submit

About This Quiz

Trivia Quiz: Can You Pass This CISSP Certification Exam? - Quiz

The Certified Information Systems Security Professional (CISSP) is an information security certification which is allowed by ISC(International Information System Security Certification Consortium). There is a list of questions... see morerelated to Communication and Network Security, Security Assessment, Testing and Operations for security professionals. Read the questions carefully and answer. So, let's try out the quiz. All the best!
see less

2. Integrity is protection of data from all of the following EXCEPT:

Unauthorized changes

Accidental changes

Data analysis

Intentional manipulation

Answer c:
Integrity is the protection of system information or processes from intentional or accidental unauthorized changes. Data analysis would usually be associated with confidentiality.

Explanation

Answer c:
Integrity is the protection of system information or processes from intentional or accidental unauthorized changes. Data analysis would usually be associated with confidentiality.

Submit

3. A main objective of awareness training is:

Provide understanding of responsibilities

Entertaining the users through creative programs

Overcoming all resistance to security procedures

To be repetitive to ensure accountability

Answer a:
All employees must understand their basic security responsibilities.

Explanation

Answer a:
All employees must understand their basic security responsibilities.

Submit

4. In an accounting department, several people are required to complete a financial process. This is most likely an example of:

Segregation of duties

Rotation of duties

Need-to-know

Collusion

Answer a:
No single employee has control of a transaction from beginning to end; two or more people should be responsible for performing it.

Explanation

Answer a:
No single employee has control of a transaction from beginning to end; two or more people should be responsible for performing it.

Submit

5. The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as:

Exposure Factor (EF)

Annualized Rate of Occurrence (ARO)

Vulnerability

Likelihood

Answer a:
This factor represents a measure of the magnitude of loss or
impact on the value of an asset. It is expressed as a percent, ranging from 0% to 100%, of asset value loss arising from a threat event. This factor is used in the calculation of single loss expectancy (SLE).

Explanation

Submit

6. What is the primary target of a person employing social engineering?

An individual

A policy

Government agencies

An information system

Answer a:
Social engineering deals with individual dynamics as opposed to group dynamics, as the primary targets are help desks and/or administrative or technical support people.

Explanation

Answer a:
Social engineering deals with individual dynamics as opposed to group dynamics, as the primary targets are help desks and/or administrative or technical support people.

Submit

7. Incident response planning can be instrumental in:

Meeting regulatory requirements

Creating customer loyalty

Reducing the impact of an adverse event on the organization

Ensuring management makes the correct decisions in a crisis

Answer c:
The goals of a well-prepared incident response team are to detect potential information security breaches and provide an effective and efficient means of dealing with the situation in a manner that reduces the potential impact to the corporation.

Explanation

Submit

8. Data classification can assist an organization in:

Eliminating regulatory mandates

Lowering accountability of data classifiers

Reducing costs for protecting data

Normalization of databases

Answer c:
Data classification is intended to lower the cost of overprotecting all data.

Explanation

Answer c:
Data classification is intended to lower the cost of overprotecting all data.

Submit

9. In most cases, integrity is enforced through:

Physical security

Logical security

Confidentiality

Access controls

Answer d:
Integrity depends on access controls; therefore, it is necessary to positively and uniquely identify and authorize all persons who attempt access.
Answers a and b are good but not thorough enough on their own — they are portions of a complete access control system.

Explanation

Submit

10. Risk Management is commonly understood as all of the following EXCEPT:

Analyzing and assessing risk

Identifying risk

Accepting or mitigation of risk

Likelihood of a risk occurring

Answer d:
The processes of identifying, analyzing, and assessing, mitigating, or transferring risk is generally characterized as risk management.

Explanation

Answer d:
The processes of identifying, analyzing, and assessing, mitigating, or transferring risk is generally characterized as risk management.

Submit

11. The absence of a fire-suppression system would be best characterized as a(n):

Exposure

Threat

Vulnerability

Risk

Answer c:
This term characterizes the absence or weakness of a risk-reducing safeguard.

Explanation

Answer c:
This term characterizes the absence or weakness of a risk-reducing safeguard.

Submit

12. Risk Assessment includes all of the following EXCEPT:

Implementation of effective countermeasures

Ensuring that risk is managed

Analysis of the current state of security in the target environment

Strategic analysis of risk

Answer a:
Fundamental applications of risk assessment to be addressed
include (1) determining the current status of information security in the target environment(s) and ensuring that associated risk is managed (accepted, mitigated, or transferred) according to policy, and (2) assessing risk strategically.

Explanation

Submit

13. Who "owns" an organization's data?

Information technology group

Users

Data custodians

Business units

Answer d:
The business units, not IT (information technology), own the
data. Decisions regarding who has what access, what classification the data should be assigned, etc., are decisions that rest solely with the business data owner and based on organization policy.

Explanation

Submit

14. The role of an information custodian should NOT include:

Restoration of lost or corrupted data

Regular backups of data

Establishing retention periods for data

Ensuring the availability of data

Answer c:
Ensure record retention requirements are met based on the information owner’s analysis.

Explanation

Answer c:
Ensure record retention requirements are met based on the information owner’s analysis.

Submit

15. A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?

Automated tools

Adoption of qualitative risk assessment processes

Increased reliance on internal experts for risk assessment

Recalculation of the work factor

Answer a:
The best automated tools currently available include a well researched threat population and associated statistics. Using one of these tools virtually assures that no relevant threat is overlooked.

Explanation

Submit

16. An information security policy does NOT usually include:

Authority for information security department

Guidelines for how to implement policy

Basis for data classification

Recognition of information as an asset of the organization

Answer b:
Policy is written at a very high level and is intended to describe the “whats” of information security. Procedures, standards, baselines, and guidelines are the “hows” for implementation of the policy.

Explanation

Submit

17. A security program cannot address which of the following business goals?

Accuracy of information

Change control

User expectations

Prevention of fraud

Answer a:
The security program cannot improve the accuracy of data that is put into the system by users, but it can help ensure that any changes are intended and correctly applied.

Explanation

Answer a:
The security program cannot improve the accuracy of data that is put into the system by users, but it can help ensure that any changes are intended and correctly applied.

Submit

18. Social engineering can take many forms EXCEPT:

Dumpster diving

Coercion or intimidation

Sympathy

Eavesdropping

Answer d:
An effective countermeasure is to have very good, established information security policies that are communicated across your organization.

Explanation

Answer d:
An effective countermeasure is to have very good, established information security policies that are communicated across your organization.

Submit

View My Results

Quiz Review Timeline (Updated): Mar 21, 2023 +