CISSP Study Quiz 2

25 Questions | Total Attempts: 146

SettingsSettingsSettings
CISSP Quizzes & Trivia

.


Questions and Answers
  • 1. 
    A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:
    • A. 

      Concern that the laser beam may cause eye damage

    • B. 

      The iris pattern changes as a person grows older

    • C. 

      There is a relatively high rate of false accepts

    • D. 

      The optical unit must be positioned so that the sun does not shine into the aperature

  • 2. 
    In Mandatory Access Control, sensitivity labels attached to an object contain what information?
    • A. 

      The item's classification

    • B. 

      The item's classification and category set

    • C. 

      The item's category

    • D. 

      The item's need to know

  • 3. 
    Which of the following is true about Kerberos?
    • A. 

      It utilizes public key cryptography

    • B. 

      It encrypts data after a ticket is granted, but passwords are exchanged in plain text.

    • C. 

      It depends upon symmetric ciphers

    • D. 

      It is a second party authentication system

  • 4. 
    Which of the following authentication mechanisms creates a problem for mobile users?
    • A. 

      Mechanisms based on IP addresses

    • B. 

      Mechanism with reusable passwords

    • C. 

      One-time password mechanism

    • D. 

      Challenge response mechanism

  • 5. 
    Organizations should consider which of the following first before allowing external access to their LANs via the Internet?
    • A. 

      Plan for implementing workstation locking mechanisms

    • B. 

      Plan for protecting the modem pool

    • C. 

      Plan for providing the user with his account usage information

    • D. 

      Plan for considering proper authentication options

  • 6. 
    Kerberos can prevent which one of the following attacks?
    • A. 

      Tunneling attack

    • B. 

      Playback (replay attack)

    • C. 

      Destructive attack

    • D. 

      Process attack

  • 7. 
    In discretionary access environments, which of the following entities is authorized to grant information access to other people?
    • A. 

      System Administrator

    • B. 

      Data Custodian

    • C. 

      Security Manager

    • D. 

      Data Owner

  • 8. 
    Who developed one of the first mathematical models of a multilevel-security computer system?
    • A. 

      Diffie and Hellman

    • B. 

      Clark and Wilson

    • C. 

      Bell and LaPadula

    • D. 

      Gasser and Lipner

  • 9. 
    Which of the following is the most reliable authentication method for remote access?
    • A. 

      Variable callback system

    • B. 

      Synchronous token

    • C. 

      Fixed callback system

    • D. 

      Combination of callback and caller ID

  • 10. 
    There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?
    • A. 

      Public keys

    • B. 

      Private keys

    • C. 

      Public-key certificates

    • D. 

      Private-key certificates

  • 11. 
    A company outsources payroll services to a third party company.  Which of the following roles most likely applies to the third-party payroll company?
    • A. 

      Data controller

    • B. 

      Data handler

    • C. 

      Data owner

    • D. 

      Data processor

  • 12. 
    Which managerial role is responsible for the actual computers that house data, including the security of hardware and software components?
    • A. 

      Custodian

    • B. 

      Data owner

    • C. 

      Mission owner

    • D. 

      System owner

  • 13. 
    What method destroys the integrity of magnetic media, such as tapes or disk drives, and the data they contain by exposing them to a strong magnetic field?
    • A. 

      Bit-level overwrite

    • B. 

      Degaussing

    • C. 

      Destruction

    • D. 

      Shredding

  • 14. 
    What type of relatively expensive and fast memory uses small latches called "flip-flops" to store bits?
    • A. 

      DRAM

    • B. 

      EPROM

    • C. 

      SRAM

    • D. 

      SSD

  • 15. 
    What type of memory stores bits in small capacitors (like small batteries)?
    • A. 

      DRAM

    • B. 

      EPROM

    • C. 

      SRAM

    • D. 

      SSD

  • 16. 
    Your company sells Apple iPods online and has suffered many denial-of-service (DoS) attacks. Your company makes an average $20,000 profit per week, and a typical DoS attack lowers sales by 40%. You suffer seven DoS attacks on average per year. A DoS-mitigation service is available for a subscription fee of $10,000 per month. You have tested this service and believe it will mitigate the attacks. What is the ARO?
    • A. 

      $20,000

    • B. 

      40%

    • C. 

      7

    • D. 

      $10,000

  • 17. 
    Your company sells Apple iPods online and has suffered many denial-of-service (DoS) attacks. Your company makes an average $20,000 profit per week, and a typical DoS attack lowers sales by 40%. You suffer seven DoS attacks on average per year. A DoS-mitigation service is available for a subscription fee of $10,000 per month. You have tested this service and believe it will mitigate the attacks.What is the ALE of lost iPod sales due to the DoS attacks?
    • A. 

      $20,000

    • B. 

      $8000

    • C. 

      $84,000

    • D. 

      $56,000

  • 18. 
    Your company sells Apple iPods online and has suffered many denial-of-service (DoS) attacks. Your company makes an average $20,000 profit per week, and a typical DoS attack lowers sales by 40%. You suffer seven DoS attacks on average per year. A DoS-mitigation service is available for a subscription fee of $10,000 per month. You have tested this service and believe it will mitigate the attacks.Is the DoS mitigation service a good investment?
    • A. 

      Yes, it will pay for itself

    • B. 

      Yes, $10,000 is less than the $56,000 ALE

    • C. 

      No, the annual TCO is higher than the ALE

    • D. 

      No, the annual TCO is lower than the ALE

  • 19. 
    Which canon of The (ISC)2 Code of Ethics should be considered the most important?
    • A. 

      Protect society, the commonwealth, and the infrastructure

    • B. 

      Advance and protect the profession

    • C. 

      Act honorably, honestly, justly, responsibly, and legally

    • D. 

      Provide diligent and competent service to principals

  • 20. 
    Which of the following can be classified as objects?
    • A. 

      Readme.txt file

    • B. 

      Database table

    • C. 

      Running login process

    • D. 

      Authenticated user

    • E. 

      1099 Tax Form

  • 21. 
    Which of the following is true for digital signatures?
    • A. 

      The sender encrypts the hash with a public key

    • B. 

      The sender encrypts the hash with a private key

    • C. 

      The sender encrypts the plaintext with a public key

    • D. 

      The sender encrypts the plaintext with a private key

  • 22. 
    Under which type of cloud service level would Linux hosting be offered?
    • A. 

      IaaS

    • B. 

      IDaaS

    • C. 

      PaaS

    • D. 

      SaaS

  • 23. 
    A criminal deduces that an organization is holding an offsite meeting and there are few people in the building, based on the low traffic volume to and from the parking lot.  The criminal uses the opportunity to break into the building to steal laptops.  What type of attack has been launched?
    • A. 

      Aggregation

    • B. 

      Emanations

    • C. 

      Inference

    • D. 

      Maintenance Hook

  • 24. 
    EMI such as crosstalk primarily impact which aspect of security?
    • A. 

      Confidentiality

    • B. 

      Integrity

    • C. 

      Availability

    • D. 

      Authentication

  • 25. 
    Restricting Bluetooth device discovery relies on the secrecy of what?
    • A. 

      MAC address

    • B. 

      Symmetric key

    • C. 

      Private key

    • D. 

      Public key