Trivia Quiz: Can You Pass This CISSP Certification Exam?

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Dbatson
D
Dbatson
Community Contributor
Quizzes Created: 2 | Total Attempts: 5,151
Questions: 18 | Attempts: 4,210

SettingsSettingsSettings
Trivia Quiz: Can You Pass This CISSP Certification Exam? - Quiz

The Certified Information Systems Security Professional (CISSP) is an information security certification which is allowed by ISC(International Information System Security Certification Consortium). There is a list of questions related to Communication and Network Security, Security Assessment, Testing and Operations for security professionals. Read the questions carefully and answer. So, let's try out the quiz. All the best!


Questions and Answers
  • 1. 

    Masquerading is:

    • A.

      Attempting to hack a system through backdoors to an operating system or application

    • B.

      Pretending to be an authorized user

    • C.

      Always done through IP spoofing

    • D.

      Applying a subnet mask to an internal IP range

    Correct Answer
    B. Pretending to be an authorized user
    Explanation
    Answer b:
    Pretending to be the authorized user.

    Rate this question:

  • 2. 

    Integrity is protection of data from all of the following EXCEPT:

    • A.

      Unauthorized changes

    • B.

      Accidental changes

    • C.

      Data analysis

    • D.

      Intentional manipulation

    Correct Answer
    C. Data analysis
    Explanation
    Answer c:
    Integrity is the protection of system information or processes from intentional or accidental unauthorized changes. Data analysis would usually be associated with confidentiality.

    Rate this question:

  • 3. 

    A security program cannot address which of the following business goals?

    • A.

      Accuracy of information

    • B.

      Change control

    • C.

      User expectations

    • D.

      Prevention of fraud

    Correct Answer
    A. Accuracy of information
    Explanation
    Answer a:
    The security program cannot improve the accuracy of data that is put into the system by users, but it can help ensure that any changes are intended and correctly applied.

    Rate this question:

  • 4. 

    In most cases, integrity is enforced through:

    • A.

      Physical security

    • B.

      Logical security

    • C.

      Confidentiality

    • D.

      Access controls

    Correct Answer
    D. Access controls
    Explanation
    Answer d:
    Integrity depends on access controls; therefore, it is necessary to positively and uniquely identify and authorize all persons who attempt access.
    Answers a and b are good but not thorough enough on their own — they are portions of a complete access control system.

    Rate this question:

  • 5. 

    In an accounting department, several people are required to complete a financial process. This is most likely an example of:

    • A.

      Segregation of duties

    • B.

      Rotation of duties

    • C.

      Need-to-know

    • D.

      Collusion

    Correct Answer
    A. Segregation of duties
    Explanation
    Answer a:
    No single employee has control of a transaction from beginning to end; two or more people should be responsible for performing it.

    Rate this question:

  • 6. 

    Risk Management is commonly understood as all of the following EXCEPT:

    • A.

      Analyzing and assessing risk

    • B.

      Identifying risk

    • C.

      Accepting or mitigation of risk

    • D.

      Likelihood of a risk occurring

    Correct Answer
    D. Likelihood of a risk occurring
    Explanation
    Answer d:
    The processes of identifying, analyzing, and assessing, mitigating, or transferring risk is generally characterized as risk management.

    Rate this question:

  • 7. 

    The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as:

    • A.

      Exposure Factor (EF)

    • B.

      Annualized Rate of Occurrence (ARO)

    • C.

      Vulnerability

    • D.

      Likelihood

    Correct Answer
    A. Exposure Factor (EF)
    Explanation
    Answer a:
    This factor represents a measure of the magnitude of loss or
    impact on the value of an asset. It is expressed as a percent, ranging from 0% to 100%, of asset value loss arising from a threat event. This factor is used in the calculation of single loss expectancy (SLE).

    Rate this question:

  • 8. 

    The absence of a fire-suppression system would be best characterized as a(n):

    • A.

      Exposure

    • B.

      Threat

    • C.

      Vulnerability

    • D.

      Risk

    Correct Answer
    C. Vulnerability
    Explanation
    Answer c:
    This term characterizes the absence or weakness of a risk-reducing safeguard.

    Rate this question:

  • 9. 

    Risk Assessment includes all of the following EXCEPT:

    • A.

      Implementation of effective countermeasures

    • B.

      Ensuring that risk is managed

    • C.

      Analysis of the current state of security in the target environment

    • D.

      Strategic analysis of risk

    Correct Answer
    A. Implementation of effective countermeasures
    Explanation
    Answer a:
    Fundamental applications of risk assessment to be addressed
    include (1) determining the current status of information security in the target environment(s) and ensuring that associated risk is managed (accepted, mitigated, or transferred) according to policy, and (2) assessing risk strategically.

    Rate this question:

  • 10. 

    A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?

    • A.

      Automated tools

    • B.

      Adoption of qualitative risk assessment processes

    • C.

      Increased reliance on internal experts for risk assessment

    • D.

      Recalculation of the work factor

    Correct Answer
    A. Automated tools
    Explanation
    Answer a:
    The best automated tools currently available include a well researched threat population and associated statistics. Using one of these tools virtually assures that no relevant threat is overlooked.

    Rate this question:

  • 11. 

    Data classification can assist an organization in:

    • A.

      Eliminating regulatory mandates

    • B.

      Lowering accountability of data classifiers

    • C.

      Reducing costs for protecting data

    • D.

      Normalization of databases

    Correct Answer
    C. Reducing costs for protecting data
    Explanation
    Answer c:
    Data classification is intended to lower the cost of overprotecting all data.

    Rate this question:

  • 12. 

    Who “owns” an organization’s data?

    • A.

      Information technology group

    • B.

      Users

    • C.

      Data custodians

    • D.

      Business units

    Correct Answer
    D. Business units
    Explanation
    Answer d:
    The business units, not IT (information technology), own the
    data. Decisions regarding who has what access, what classification the data should be assigned, etc., are decisions that rest solely with the business data owner and based on organization policy.

    Rate this question:

  • 13. 

    An information security policy does NOT usually include:

    • A.

      Authority for information security department

    • B.

      Guidelines for how to implement policy

    • C.

      Basis for data classification

    • D.

      Recognition of information as an asset of the organization

    Correct Answer
    B. Guidelines for how to implement policy
    Explanation
    Answer b:
    Policy is written at a very high level and is intended to describe the “whats” of information security. Procedures, standards, baselines, and guidelines are the “hows” for implementation of the policy.

    Rate this question:

  • 14. 

    The role of an information custodian should NOT include:

    • A.

      Restoration of lost or corrupted data

    • B.

      Regular backups of data

    • C.

      Establishing retention periods for data

    • D.

      Ensuring the availability of data

    Correct Answer
    C. Establishing retention periods for data
    Explanation
    Answer c:
    Ensure record retention requirements are met based on the information owner’s analysis.

    Rate this question:

  • 15. 

    A main objective of awareness training is:

    • A.

      Provide understanding of responsibilities

    • B.

      Entertaining the users through creative programs

    • C.

      Overcoming all resistance to security procedures

    • D.

      To be repetitive to ensure accountability

    Correct Answer
    A. Provide understanding of responsibilities
    Explanation
    Answer a:
    All employees must understand their basic security responsibilities.

    Rate this question:

  • 16. 

    What is the primary target of a person employing social engineering?

    • A.

      An individual

    • B.

      A policy

    • C.

      Government agencies

    • D.

      An information system

    Correct Answer
    A. An individual
    Explanation
    Answer a:
    Social engineering deals with individual dynamics as opposed to group dynamics, as the primary targets are help desks and/or administrative or technical support people.

    Rate this question:

  • 17. 

    Social engineering can take many forms EXCEPT:

    • A.

      Dumpster diving

    • B.

      Coercion or intimidation

    • C.

      Sympathy

    • D.

      Eavesdropping

    Correct Answer
    D. Eavesdropping
    Explanation
    Answer d:
    An effective countermeasure is to have very good, established information security policies that are communicated across your organization.

    Rate this question:

  • 18. 

    Incident response planning can be instrumental in:

    • A.

      Meeting regulatory requirements

    • B.

      Creating customer loyalty

    • C.

      Reducing the impact of an adverse event on the organization

    • D.

      Ensuring management makes the correct decisions in a crisis

    Correct Answer
    C. Reducing the impact of an adverse event on the organization
    Explanation
    Answer c:
    The goals of a well-prepared incident response team are to detect potential information security breaches and provide an effective and efficient means of dealing with the situation in a manner that reduces the potential impact to the corporation.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Sep 23, 2008
    Quiz Created by
    Dbatson
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.