CISSP Prep Quiz: Domain 1

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Andy
A
Andy
Community Contributor
Quizzes Created: 1 | Total Attempts: 2,333
| Attempts: 2,352
Quiz Flashcard
SettingsSettings
Please wait...
  • 1/18 Questions

    3. Integrity is protection of data from all of the following EXCEPT:

    • Unauthorized changes
    • Accidental changes
    • Data analysis
    • Intentional manipulation
Please wait...
About This Quiz

This quiz contains example questions for the CISSP certification exam. The questions in this quiz were taken from the:OFFICIAL (ISC)2® GUIDE TO THE CISSP® EXAM

CISSP Quizzes & Trivia

Quiz Preview

  • 2. 

    2. Masquerading is:

    • Attempting to hack a system through backdoors to an operating system or application

    • Pretending to be an authorized user

    • Always done through IP spoofing

    • Applying a subnet mask to an internal IP range

    Correct Answer
    A. Pretending to be an authorized user
    Explanation
    Answer b:
    Pretending to be the authorized user.

    Rate this question:

  • 3. 

    17. A main objective of awareness training is:

    • Provide understanding of responsibilities

    • Entertaining the users through creative programs

    • Overcoming all resistance to security procedures

    • To be repetitive to ensure accountability

    Correct Answer
    A. Provide understanding of responsibilities
    Explanation
    Answer a:
    All employees must understand their basic security responsibilities.

    Rate this question:

  • 4. 

    9. The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as:

    • Exposure Factor (EF)

    • Annualized Rate of Occurrence (ARO)

    • Vulnerability

    • Likelihood

    Correct Answer
    A. Exposure Factor (EF)
    Explanation
    Answer a:
    This factor represents a measure of the magnitude of loss or
    impact on the value of an asset. It is expressed as a percent, ranging from 0% to 100%, of asset value loss arising from a threat event. This factor is used in the calculation of single loss expectancy (SLE).

    Rate this question:

  • 5. 

    18. What is a primary target of a person employing social engineering?

    • An individual

    • A policy

    • Government agencies

    • An information system

    Correct Answer
    A. An individual
    Explanation
    Answer a:
    Social engineering deals with individual dynamics as opposed to group dynamics, as the primary targets are help desks and/or administrative or technical support people.

    Rate this question:

  • 6. 

    7. In an accounting department, several people are required to complete a financial process. This is most likely an example of:

    • Segregation of duties

    • Rotation of duties

    • Need-to-know

    • Collusion

    Correct Answer
    A. Segregation of duties
    Explanation
    Answer a:
    No single employee has control of a transaction from beginning to end; two or more people should be responsible for performing it.

    Rate this question:

  • 7. 

    5. In most cases, integrity is enforced through:

    • Physical security

    • Logical security

    • Confidentiality

    • Access controls

    Correct Answer
    A. Access controls
    Explanation
    Answer d:
    Integrity depends on access controls; therefore, it is necessary to positively and uniquely identify and authorize all persons who attempt access.
    Answers a and b are good but not thorough enough on their own — they are portions of a complete access control system.

    Rate this question:

  • 8. 

    20. Incident response planning can be instrumental in:

    • Meeting regulatory requirements

    • Creating customer loyalty

    • Reducing the impact of an adverse event on the organization

    • Ensuring management makes the correct decisions in a crisis

    Correct Answer
    A. Reducing the impact of an adverse event on the organization
    Explanation
    Answer c:
    The goals of a well-prepared incident response team are to detect potential information security breaches and provide an effective and efficient means of dealing with the situation in a manner that reduces the potential impact to the corporation.

    Rate this question:

  • 9. 

    8. Risk Management is commonly understood as all of the following EXCEPT:

    • Analyzing and assessing risk

    • Identifying risk

    • Accepting or mitigation of risk

    • Likelihood of a risk occurring

    Correct Answer
    A. Likelihood of a risk occurring
    Explanation
    Answer d:
    The processes of identifying, analyzing, and assessing, mitigating, or transferring risk is generally characterized as risk management.

    Rate this question:

  • 10. 

    4. A security program cannot address which of the following business goals?

    • Accuracy of information

    • Change control

    • User expectations

    • Prevention of fraud

    Correct Answer
    A. User expectations
    Explanation
    A security program focuses on protecting an organization's assets, information, and resources from unauthorized access, threats, and vulnerabilities. While user expectations are important for overall user satisfaction and experience, they are not directly addressed by a security program. The other options (A, B, and D) are all aspects that a security program can address to varying degrees.

    Rate this question:

  • 11. 

    13. Data classification can assist an organization in:

    • Eliminating regulatory mandates

    • Lowering accountability of data classifiers

    • Reducing costs for protecting data

    • Normalization of databases

    Correct Answer
    A. Reducing costs for protecting data
    Explanation
    Answer c:
    Data classification is intended to lower the cost of overprotecting all data.

    Rate this question:

  • 12. 

    10. The absence of a fire-suppression system would be best characterized as a(n):

    • Exposure

    • Threat

    • Vulnerability

    • Risk

    Correct Answer
    A. Vulnerability
    Explanation
    Answer c:
    This term characterizes the absence or weakness of a risk-reducing safeguard.

    Rate this question:

  • 13. 

    16. The role of an information custodian should NOT include:

    • Restoration of lost or corrupted data

    • Regular backups of data

    • Establishing retention periods for data

    • Ensuring the availability of data

    Correct Answer
    A. Establishing retention periods for data
    Explanation
    Answer c:
    Ensure record retention requirements are met based on the information owner’s analysis.

    Rate this question:

  • 14. 

    11. Risk Assessment includes all of the following EXCEPT:

    • Implementation of effective countermeasures

    • Ensuring that risk is managed

    • Analysis of the current state of security in the target environment

    • Strategic analysis of risk

    Correct Answer
    A. Implementation of effective countermeasures
    Explanation
    Answer a:
    Fundamental applications of risk assessment to be addressed
    include (1) determining the current status of information security in the target environment(s) and ensuring that associated risk is managed (accepted, mitigated, or transferred) according to policy, and (2) assessing risk strategically.

    Rate this question:

  • 15. 

    Who “owns” an organization’s data?

    • Information technology group

    • Users

    • Data custodians

    • Business units

    Correct Answer
    A. Business units
    Explanation
    Answer d:
    The business units, not IT (information technology), own the
    data. Decisions regarding who has what access, what classification the data should be assigned, etc., are decisions that rest solely with the business data owner and based on organization policy.

    Rate this question:

  • 16. 

    15. An information security policy does NOT usually include:

    • Authority for information security department

    • Guidelines for how to implement policy

    • Basis for data classification

    • Recognition of information as an asset of the organization

    Correct Answer
    A. Guidelines for how to implement policy
    Explanation
    Answer b:
    Policy is written at a very high level and is intended to describe the “whats” of information security. Procedures, standards, baselines, and guidelines are the “hows” for implementation of the policy.

    Rate this question:

  • 17. 

    12. A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?

    • Automated tools

    • Adoption of qualitative risk assessment processes

    • Increased reliance on internal experts for risk assessment

    • Recalculation of the work factor

    Correct Answer
    A. Automated tools
    Explanation
    Answer a:
    The best automated tools currently available include a well researched threat population and associated statistics. Using one of these tools virtually assures that no relevant threat is overlooked.

    Rate this question:

  • 18. 

    19. Social engineering can take many forms EXCEPT:

    • Dumpster diving

    • Coercion or intimidation

    • Sympathy

    • Eavesdropping

    Correct Answer
    A. Eavesdropping
    Explanation
    Social engineering is a manipulation tactic used to deceive individuals into divulging confidential information or taking certain actions. While it can involve tactics like dumpster diving (searching through trash for information), coercion, or sympathy, eavesdropping typically refers to the act of secretly listening to conversations, which is a different method of information gathering rather than manipulation.

    Rate this question:

Quiz Review Timeline (Updated): Sep 4, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Sep 04, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Sep 12, 2018
    Quiz Created by
    Andy
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.