CISSP-operations Security

21 Questions | By Cindymurray | Last updated: Mar 7, 2013 | Total Attempts: 222

Questions

Settings

or Create Online Exam

More Cissp Quizzes

Trivia Quiz: Can You Pass This CISSP Certification Exam? Trivia Quiz: Can You Pass This CISSP Certification Exam?

CISSP Study Quiz CISSP Study Quiz

CISSP Prep Quiz: Short 1 CISSP Prep Quiz: Short 1

Featured Quizzes

Quiz: Which Anime Character Are You Most Like? Quiz: Which Anime Character Are You Most Like?

Are You Really Best Friends? Are You Really Best Friends?

Quiz: Are You A True Star Wars Series Fan? Quiz: Are You A True Star Wars Series Fan?

Related Topics

Questions and Answers

1.

In the event of a security incident, one of the primary objectives of the operations staff is to ensure that
- A.
  
  The attackers are detected and stopped.
- B.
  
  There is minimum disruption to the organization’s activities.
- C.
  
  Appropriate documentation about the event is maintained as chain of evidence.
- D.
  
  Th e affected systems are immediately shut off to limit to the impact.
2.

For which of the following groups is the threat of unauthorized disclosure of sensitive information most likely to go unnoticed in the absence of auditing?
- A.
  
  Malicious software (malware)
- B.
  
  Hacker or cracker
- C.
  
  Disgruntled employee
- D.
  
  Auditors
3.

Which of the following provides controlled and unintercepted interfaces into privileged user functions?
- A.
  
  Ring protection
- B.
  
  Anti-malware
- C.
  
  Maintenance hooks
- D.
  
  Trusted paths
4.

Th e doors of a data center opens up in the event of a fi re. Th is is an example of
- A.
  
  Fail-safe
- B.
  
  Fail-secure
- C.
  
  Fail-open
- D.
  
  Fail-closed
5.

In order to ensure constant redundancy and fault-tolerance, which of the following type of spare is recommended?
- A.
  
  Cold spare
- B.
  
  Warm spare
- C.
  
  Hot spare
- D.
  
  Archives
6.

If speed is preferred over resilience, which of the following RAID confi guration is the most suited?
- A.
  
  RAID 0
- B.
  
  RAID 1
- C.
  
  RAID 5
- D.
  
  RAID 10
7.

Updating records in multiple locations or copying an entire database on to a remote location as a means to ensure the appropriate levels of fault-tolerance and redundancy is known as
- A.
  
  Data mirroring
- B.
  
  Database shadowing
- C.
  
  Backup
- D.
  
  Archiving
8.

When the backup window is not long enough to backup all of the data and the restoration of backup must be as fast as possible, which of the following type of high-availability backup strategy is recommended?
- A.
  
  Full
- B.
  
  Incremental
- C.
  
  Differential
- D.
  
  Increase the backup window so a full backup can be performed
9.

When you approach a restricted facility, you are requested for identifi cation and verifi ed against a pre-approved list by the guard at the front gate before being let in. Th is is an example of checking for the principle of
- A.
  
  Least privilege
- B.
  
  Separation of duties
- C.
  
  Fail-safe
- D.
  
  Psychological acceptability
10.

Th e major benefi t of information classifi cation is to
- A.
  
  Map out the computing ecosystem
- B.
  
  Identify the threats and vulnerabilities
- C.
  
  Determine the software baseline
- D.
  
  Identify the appropriate level of protection needs
11.

When information, once classifi ed highly sensitive, is no longer critical or highly valued, that information must be
- A.
  
  Destroyed
- B.
  
  Declassified
- C.
  
  Degaussed
- D.
  
  Deleted
12.

Th e main benefit of placing users into groups and roles is
- A.
  
  Ease of user administration
- B.
  
  Increased security
- C.
  
  Ease of programmatic access
- D.
  
  Automation
13.

The likelihood of an individual’s compliance to organization’s policy can be determined by their
- A.
  
  Job rank or title
- B.
  
  Partnership with the security team
- C.
  
  Role
- D.
  
  Clearance level
14.

Reports must be specific on both the message and which of the following?
- A.
  
  Intended audience
- B.
  
  Delivery options
- C.
  
  Colors used
- D.
  
  Print layout
15.

Which of the following can help with ensuring that only the needed logs are collected for monitoring?
- A.
  
  Clipping level
- B.
  
  Clearance level
- C.
  
  Least privilege
- D.
  
  Separation of duties
16.

Th e main diff erence between a security event management (SEM) system and a log management system is that SEM systems are useful for log collection, collation, and analysis
- A.
  
  In real time
- B.
  
  For historical purposes
- C.
  
  For admissibility in court
- D.
  
  In discerning patterns
17.

When normal traffic is flagged as an attack, it is an example of
- A.
  
  Fail-safe
- B.
  
  Fail-secure
- C.
  
  False-negative
- D.
  
  False-positive
18.

The best way to ensure that there is no data remanence of sensitive information that was once stored on a burn-once DVD media is by
- A.
  
  Deletion
- B.
  
  Degaussing
- C.
  
  Destruction
- D.
  
  Overwriting
19.

Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue?
- A.
  
  Incident management
- B.
  
  Problem management
- C.
  
  Change management
- D.
  
  Confi guration management
20.

Before applying a software update to production systems, it is extremely important that
- A.
  
  Full disclosure information about the threat that the patch addresses is available
- B.
  
  The patching process is documented
- C.
  
  The production systems are backed up
- D.
  
  An independent third party attests the validity of the patch

Back to top