Trivia Quiz: Can You Pass This CISSP Certification Exam?

18 Questions | Total Attempts: 3247

SettingsSettingsSettings
Trivia Quiz: Can You Pass This CISSP Certification Exam?

The Certified Information Systems Security Professional (CISSP) is an information security certification which is allowed by ISC(International Information System Security Certification Consortium). There is a list of questions related to Communication and Network Security, Security Assessment, Testing and Operations for security professionals. Read the questions carefully and answer. So, let's try out the quiz. All the best!


Questions and Answers
  • 1. 
    Masquerading is:
    • A. 

      Attempting to hack a system through backdoors to an operating system or application

    • B. 

      Pretending to be an authorized user

    • C. 

      Always done through IP spoofing

    • D. 

      Applying a subnet mask to an internal IP range

  • 2. 
    Integrity is protection of data from all of the following EXCEPT:
    • A. 

      Unauthorized changes

    • B. 

      Accidental changes

    • C. 

      Data analysis

    • D. 

      Intentional manipulation

  • 3. 
    A security program cannot address which of the following business goals?
    • A. 

      Accuracy of information

    • B. 

      Change control

    • C. 

      User expectations

    • D. 

      Prevention of fraud

  • 4. 
    In most cases, integrity is enforced through:
    • A. 

      Physical security

    • B. 

      Logical security

    • C. 

      Confidentiality

    • D. 

      Access controls

  • 5. 
    In an accounting department, several people are required to complete a financial process. This is most likely an example of:
    • A. 

      Segregation of duties

    • B. 

      Rotation of duties

    • C. 

      Need-to-know

    • D. 

      Collusion

  • 6. 
    Risk Management is commonly understood as all of the following EXCEPT:
    • A. 

      Analyzing and assessing risk

    • B. 

      Identifying risk

    • C. 

      Accepting or mitigation of risk

    • D. 

      Likelihood of a risk occurring

  • 7. 
    The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as:
    • A. 

      Exposure Factor (EF)

    • B. 

      Annualized Rate of Occurrence (ARO)

    • C. 

      Vulnerability

    • D. 

      Likelihood

  • 8. 
    The absence of a fire-suppression system would be best characterized as a(n):
    • A. 

      Exposure

    • B. 

      Threat

    • C. 

      Vulnerability

    • D. 

      Risk

  • 9. 
    • A. 

      Implementation of effective countermeasures

    • B. 

      Ensuring that risk is managed

    • C. 

      Analysis of the current state of security in the target environment

    • D. 

      Strategic analysis of risk

  • 10. 
    A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?
    • A. 

      Automated tools

    • B. 

      Adoption of qualitative risk assessment processes

    • C. 

      Increased reliance on internal experts for risk assessment

    • D. 

      Recalculation of the work factor

  • 11. 
    Data classification can assist an organization in:
    • A. 

      Eliminating regulatory mandates

    • B. 

      Lowering accountability of data classifiers

    • C. 

      Reducing costs for protecting data

    • D. 

      Normalization of databases

  • 12. 
    Who “owns” an organization’s data?
    • A. 

      Information technology group

    • B. 

      Users

    • C. 

      Data custodians

    • D. 

      Business units

  • 13. 
    An information security policy does NOT usually include:
    • A. 

      Authority for information security department

    • B. 

      Guidelines for how to implement policy

    • C. 

      Basis for data classification

    • D. 

      Recognition of information as an asset of the organization

  • 14. 
    The role of an information custodian should NOT include:
    • A. 

      Restoration of lost or corrupted data

    • B. 

      Regular backups of data

    • C. 

      Establishing retention periods for data

    • D. 

      Ensuring the availability of data

  • 15. 
    A main objective of awareness training is:
    • A. 

      Provide understanding of responsibilities

    • B. 

      Entertaining the users through creative programs

    • C. 

      Overcoming all resistance to security procedures

    • D. 

      To be repetitive to ensure accountability

  • 16. 
    What is the primary target of a person employing social engineering?
    • A. 

      An individual

    • B. 

      A policy

    • C. 

      Government agencies

    • D. 

      An information system

  • 17. 
    Social engineering can take many forms EXCEPT:
    • A. 

      Dumpster diving

    • B. 

      Coercion or intimidation

    • C. 

      Sympathy

    • D. 

      Eavesdropping

  • 18. 
    Incident response planning can be instrumental in:
    • A. 

      Meeting regulatory requirements

    • B. 

      Creating customer loyalty

    • C. 

      Reducing the impact of an adverse event on the organization

    • D. 

      Ensuring management makes the correct decisions in a crisis