CISSP Study Quiz

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Skofft2134
S
Skofft2134
Community Contributor
Quizzes Created: 2 | Total Attempts: 3,156
Questions: 335 | Attempts: 2,814

SettingsSettingsSettings
CISSP Study Quiz - Quiz

.


Questions and Answers
  • 1. 

    Which of the following processes identifies the threats that can impact the business continuity of operations?

    • A.

      Function analysis

    • B.

      Risk analysis

    • C.

      Requirement analysis

    • D.

      Business impact analysis

    Correct Answer
    D. Business impact analysis
    Explanation
    Business impact analysis is the process that identifies the threats that can impact the business continuity of operations. It involves assessing the potential risks and their potential impact on the organization's operations. By conducting a business impact analysis, organizations can identify and prioritize their critical functions and processes, as well as develop strategies to mitigate and recover from potential threats and disruptions. This analysis helps in understanding the potential consequences of various risks and enables organizations to develop effective business continuity plans.

    Rate this question:

  • 2. 

    Which of the following is NOT a natural environmental threat that an organization faces?

    • A.

      Floods

    • B.

      Environmentalist Strike

    • C.

      Storms

    • D.

      Earthquake

    Correct Answer
    B. Environmentalist Strike
    Explanation
    An environmentalist strike is not a natural environmental threat that an organization faces. Natural environmental threats refer to events or disasters that occur in nature, such as floods, storms, and earthquakes. These events are beyond human control and can cause significant damage to an organization's infrastructure and operations. On the other hand, an environmentalist strike is a result of human action and activism, where individuals or groups protest against an organization's environmental practices or policies. While it can have an impact on an organization's reputation and operations, it is not considered a natural environmental threat.

    Rate this question:

  • 3. 

    Which one best describes the religious law?

    • A.

      Punishments may take any and all forms

    • B.

      Social mores and norms which dictate behavior have been inculcated into law

    • C.

      Judges are distinct from attorneys, and are actively involved in fact-finding (to include investigations)

    • D.

      Characterized by heavy reliance on legislative law instead of jurisprudence

    Correct Answer
    A. Punishments may take any and all forms
    Explanation
    The correct answer suggests that in religious law, punishments can be diverse and can encompass various forms. This means that there are no limitations on the types of punishments that can be imposed, allowing for flexibility in enforcing religious laws.

    Rate this question:

  • 4. 

    Which of the following refers to a location away from the computer center where document copies and backup media are kept?

    • A.

      Storage Area network

    • B.

      Off-Site storage

    • C.

      On-site storage

    • D.

      Network attached storage

    Correct Answer
    B. Off-Site storage
    Explanation
    Off-Site storage refers to a location away from the computer center where document copies and backup media are kept. This is done to ensure that in case of any disaster or damage to the computer center, the data and documents are safe and can be recovered. Off-Site storage is an essential practice in data management and protection, as it provides an additional layer of security and redundancy.

    Rate this question:

  • 5. 

    What type of analysis emphasizes the formal study of what your organization is doing currently and where it will be in the future?

    • A.

      Gap

    • B.

      Cost Benefit

    • C.

      Requirement

    • D.

      Vulnerability

    Correct Answer
    A. Gap
    Explanation
    Gap analysis is a type of analysis that emphasizes the formal study of what an organization is currently doing and where it aims to be in the future. It involves identifying the difference or "gap" between the current state and the desired future state of the organization. This analysis helps in identifying areas of improvement, setting goals, and developing strategies to bridge the gap and achieve the desired future state.

    Rate this question:

  • 6. 

    Which one of the following is a characteristic of tort law?

    • A.

      Punishments usually include fines, inability to practice a profession, and possibly incarceration

    • B.

      Behaviors or conduct seen as harmful to the public or society

    • C.

      Damages usually entail monetary restitution, which can be compensatory, punitive, or statutory

    • D.

      Punishments may include loss of personal freedom (to include death) or monetary fines

    Correct Answer
    C. Damages usually entail monetary restitution, which can be compensatory, punitive, or statutory
    Explanation
    Tort law is a branch of civil law that deals with behaviors or conduct that are seen as harmful to the public or society. In tort cases, damages are usually awarded to the injured party as a form of monetary restitution. These damages can be compensatory, meant to compensate for the actual harm suffered, punitive, meant to punish the wrongdoer, or statutory, based on predetermined laws or regulations. This distinguishes tort law from criminal law, where punishments may include loss of personal freedom or monetary fines.

    Rate this question:

  • 7. 

    Which of the following approaches for identifying appropriate BIA interviewees includes reviewing the enterprise's functional positions?

    • A.

      Executive management interviews

    • B.

      Overlaying system technology

    • C.

      Organizational chart reviews

    • D.

      Organizational process models

    Correct Answer
    C. Organizational chart reviews
    Explanation
    Organizational chart reviews are an appropriate approach for identifying appropriate BIA interviewees as they provide a visual representation of the enterprise's functional positions and hierarchical structure. By reviewing the organizational chart, one can identify key individuals in each department or functional area who can provide valuable insights into the business impact analysis process. This approach helps ensure that all relevant stakeholders are included in the interviews, allowing for a comprehensive and accurate assessment of the organization's critical functions and potential risks.

    Rate this question:

  • 8. 

    The Capability Maturity Model Integration (CMMI) has three constellations. Which of the following is not one of the constellations?

    • A.

      Services

    • B.

      Acquisition

    • C.

      Development

    • D.

      Design

    Correct Answer
    D. Design
    Explanation
    The Capability Maturity Model Integration (CMMI) is a framework used to assess and improve an organization's processes. It consists of three constellations: Services, Acquisition, and Development. The Design constellation is not one of the constellations in CMMI.

    Rate this question:

  • 9. 

    Which of the following is true about maintaining the chain of custody of a digital investigation?

    • A.

      Keep a log of every person who had physical custody of the evidence, documenting the actions that they performed on the evidence and at what time

    • B.

      Using sound, repeatable collection techniques that allow for the demonstration of the accuracy and integrity of the evidence

    • C.

      Using sound scientific methods to determine the characteristics of the evidence

    • D.

      Ensuring that the contamination and destruction of the scene are kept to a minimum

    Correct Answer
    A. Keep a log of every person who had physical custody of the evidence, documenting the actions that they performed on the evidence and at what time
    Explanation
    The correct answer is to keep a log of every person who had physical custody of the evidence, documenting the actions that they performed on the evidence and at what time. This is important in maintaining the chain of custody in a digital investigation as it helps establish the integrity and reliability of the evidence. By keeping a detailed record of who handled the evidence and what actions were taken, it ensures that the evidence remains admissible in court and can be traced back to its original source without any tampering or contamination.

    Rate this question:

  • 10. 

    All of the following is true about trade secrets EXCEPT:

    • A.

      Provides competitive advantage or equal footing

    • B.

      Is not disclosed in legal proceedings

    • C.

      Must generally be not known and provide benefit to the company

    • D.

      Registered with a government registrar

    Correct Answer
    D. Registered with a government registrar
    Explanation
    Trade secrets are a form of intellectual property that provide a competitive advantage or equal footing to a company. They are not disclosed in legal proceedings and must generally be not known and provide benefit to the company. However, trade secrets are not registered with a government registrar, unlike patents, trademarks, or copyrights.

    Rate this question:

  • 11. 

    Which of the following statements about incremental backups are true? (CHECK ALL THAT APPLY)

    • A.

      It is the fastest method of backing up data

    • B.

      It is the slowest method for taking a data backup

    • C.

      A full restoration of data will be slower, since all increments must be restored

    • D.

      It backs up only the files changed since the most recent backup and clears the archive bit

    Correct Answer(s)
    A. It is the fastest method of backing up data
    C. A full restoration of data will be slower, since all increments must be restored
    D. It backs up only the files changed since the most recent backup and clears the archive bit
    Explanation
    Incremental backups are not the fastest method of backing up data, as stated in the first option. Instead, they are the slowest method for taking a data backup. However, the second and fourth options are correct. A full restoration of data will be slower because all increments must be restored, and incremental backups only back up the files that have changed since the most recent backup and clear the archive bit.

    Rate this question:

  • 12. 

    Which of the following is the technology of indoor environmental comfort?

    • A.

      CCTV

    • B.

      HVAC

    • C.

      Lightning

    • D.

      Fire Suppression

    Correct Answer
    B. HVAC
    Explanation
    HVAC stands for Heating, Ventilation, and Air Conditioning, which is a technology used to control and maintain the indoor environmental comfort of a building. It includes systems and equipment that regulate temperature, humidity, and air quality to create a comfortable and healthy living or working environment. CCTV, lightning, and fire suppression are not related to indoor environmental comfort.

    Rate this question:

  • 13. 

    Which one of the following is true about the criminal law?

    • A.

      Divided into intentional torts, wrongs against a person or property, dignitary wrongs, economic wrongs, negligence, nuisance, and strict liability

    • B.

      Deals with the governance of public bodies

    • C.

      Punishments usually include fines, inability to practice a profession, and possibly incarceration

    • D.

      Punishments may include loss of personal freedom (to include death) or monetary fines

    Correct Answer
    D. Punishments may include loss of personal freedom (to include death) or monetary fines
    Explanation
    The criminal law involves punishments that can range from loss of personal freedom, such as incarceration, to even death in some cases. These punishments are intended to serve as consequences for committing a crime and to deter individuals from engaging in criminal behavior. The other options mentioned in the question, such as the governance of public bodies and different types of wrongs, are not directly related to the criminal law.

    Rate this question:

  • 14. 

    Copyright conveys exclusive rights to the owner of markings the public uses to identify that owner's goods and products.

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    The statement is false because copyright does not convey exclusive rights to the owner of markings used to identify goods and products. Copyright protects original works of authorship such as literary, artistic, musical, and dramatic works, but it does not cover trademarks or other types of marks used for identification purposes. Trademarks, on the other hand, are used to protect brand names, logos, and symbols that distinguish goods and services in the marketplace.

    Rate this question:

  • 15. 

    Which of the following electronically stored information (ESI) are not considered reasonably accessible?

    • A.

      Manual access disks

    • B.

      Backup tapes for disaster recovery

    • C.

      Hard drives

    • D.

      Auto-access optical disks

    Correct Answer
    B. Backup tapes for disaster recovery
    Explanation
    Backup tapes for disaster recovery are not considered reasonably accessible because they are typically stored offsite and require specialized equipment and expertise to access and restore the data. Unlike manual access disks, hard drives, and auto-access optical disks, which can be easily accessed and retrieved, backup tapes are designed for long-term storage and are not readily available for immediate access. Therefore, they are considered less accessible in comparison to other forms of electronically stored information (ESI).

    Rate this question:

  • 16. 

    Which type of law is derived from court decisions and codification of British law dating back to the 12th century?

    • A.

      Common Law

    • B.

      Criminal Law

    • C.

      Tort Law

    • D.

      Administrative Law

    Correct Answer
    A. Common Law
    Explanation
    Common Law is derived from court decisions and codification of British law dating back to the 12th century. It is a legal system where judges base their decisions on previous court rulings and legal principles established through case law, rather than relying solely on legislation. This system allows for flexibility and the development of legal principles over time. Common Law is widely used in countries that have a historical connection to British law, including the United States and many Commonwealth nations.

    Rate this question:

  • 17. 

    The Investigative phase of the incident response process includes detection, identification, and notification.

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    The investigative phase of the incident response process does not include detection, identification, and notification. Instead, it focuses on gathering evidence, analyzing the incident, and determining the cause and extent of the incident. Detection, identification, and notification are part of the initial response phase of the incident response process.

    Rate this question:

  • 18. 

    Which of the following is NOT a consideration when choosing data retention policies?

    • A.

      Human Resources

    • B.

      Cost of data retention

    • C.

      Data retrieval and use

    • D.

      Inherent aggregation

    Correct Answer
    A. Human Resources
    Explanation
    When choosing data retention policies, human resources is not a consideration. Data retention policies primarily focus on factors such as the cost of data retention, data retrieval and use, and inherent aggregation. Human resources, which involves the management of personnel within an organization, does not directly impact the decision-making process for data retention policies.

    Rate this question:

  • 19. 

    The best exercise type to use in order to validate a specific functional response in your recovery plan is a:

    • A.

      Structured Walk-through

    • B.

      Tabletop Exercise

    • C.

      Parallel Test

    • D.

      Simulation Test

    Correct Answer
    D. Simulation Test
    Explanation
    A simulation test is the best exercise type to use in order to validate a specific functional response in a recovery plan. This is because a simulation test involves creating a realistic scenario that mimics real-life conditions and allows participants to actively engage in responding to the situation. It provides a hands-on experience and allows for the identification of any gaps or weaknesses in the recovery plan. The simulation test helps to assess the effectiveness of the plan and identify areas for improvement.

    Rate this question:

  • 20. 

    Of the following plans, which is designed to protect critical business processes from natural or man-made failures or disasters and the consequential loss of capital due to the unavailability of normal business operations?

    • A.

      Disaster Recovery Plan

    • B.

      Contingency Plan

    • C.

      Business Continuity Plan

    • D.

      Crisis Communication Plan

    Correct Answer
    C. Business Continuity Plan
    Explanation
    A Business Continuity Plan is designed to protect critical business processes from failures or disasters, whether natural or man-made. It focuses on ensuring that normal business operations can continue or be quickly restored in the event of a disruption. This plan includes strategies, procedures, and resources to minimize the impact of the disruption and ensure the continuity of essential functions. It aims to prevent the loss of capital that may occur due to the unavailability of normal business operations.

    Rate this question:

  • 21. 

    Many organizations purchase insurance policies to provide various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques are being employed?

    • A.

      Risk avoidance

    • B.

      Risk Transfer

    • C.

      Risk acceptance

    • D.

      Risk insurance

    Correct Answer
    B. Risk Transfer
    Explanation
    The organization is employing the risk transfer technique by purchasing insurance policies to transfer the liability coverage for information security risks to the insurance provider. This means that in the event of any physical damage of assets or hacking attacks, the organization can transfer the financial burden and responsibility to the insurance company.

    Rate this question:

  • 22. 

    Management should decide when a system should be returned to operational status in which phase of the incident response process?

    • A.

      Recovery Phase

    • B.

      Triage Phase

    • C.

      Investigative Phase

    • D.

      Post-incident Phase

    Correct Answer
    A. Recovery Phase
    Explanation
    In the Recovery Phase of the incident response process, management should decide when a system should be returned to operational status. This phase involves restoring the affected system or network to its normal state and ensuring that it is fully functional and secure. During this phase, management evaluates the extent of the incident, assesses the impact on operations, and makes decisions regarding the appropriate time to bring the system back online.

    Rate this question:

  • 23. 

    Which phase of the incident response process is triggered by awareness?

    • A.

      Post-incident Phase

    • B.

      Investigative Phase

    • C.

      Recovery Phase

    • D.

      Triage Phase

    Correct Answer
    D. Triage Phase
    Explanation
    The Triage Phase of the incident response process is triggered by awareness. Triage is the initial assessment and prioritization of incidents based on their potential impact and urgency. During this phase, the incident response team gathers information about the incident, determines its severity, and assigns resources accordingly. This phase helps in quickly identifying and addressing the most critical incidents to minimize their impact and prevent further damage.

    Rate this question:

  • 24. 

    Administrative law is concerned with confining government power, curtailing governmental abuses, ensuring procedural adherence, and ensuring performance of statutory duties.

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Administrative law is a branch of law that focuses on regulating the actions and powers of government agencies. It aims to limit government power, prevent abuses by the government, ensure that government procedures are followed, and ensure that government agencies fulfill their statutory obligations. Therefore, the statement accurately reflects the purpose and scope of administrative law, making the answer "True" correct.

    Rate this question:

  • 25. 

    In which of the following alternative site configurations is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility?

    • A.

      Hot Site

    • B.

      Mobile Site

    • C.

      Warm Site

    • D.

      Cold Site

    Correct Answer
    A. Hot Site
    Explanation
    A hot site is a type of alternative site configuration where a backup facility is maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility. This means that all the necessary equipment and resources are readily available and operational, allowing for a seamless transition in case of a disaster or system failure.

    Rate this question:

  • 26. 

    Which one of the following is designed to protect the goodwill and reputation a merchant or vendor invests in its products?

    • A.

      Trademark

    • B.

      Patent

    • C.

      Copyright

    • D.

      Trade Secret

    Correct Answer
    A. Trademark
    Explanation
    A trademark is designed to protect the goodwill and reputation that a merchant or vendor invests in its products. It is a recognizable sign, symbol, or logo that distinguishes the products or services of one company from another. By registering a trademark, a company can prevent others from using a similar mark that could confuse consumers or dilute the brand's reputation. Trademarks are essential for building brand recognition and ensuring that customers can identify and trust a particular product or service.

    Rate this question:

  • 27. 

    Which of the following plans is a comprehensive statement of consistent actions to be taken before, during, and after a disruptive event that causes a significant loss of information systems resources?

    • A.

      Contingency Plan

    • B.

      Continuity of Operations plan

    • C.

      Disaster recovery plan

    • D.

      Business Continuity plan

    Correct Answer
    C. Disaster recovery plan
    Explanation
    A disaster recovery plan is a comprehensive statement of consistent actions to be taken before, during, and after a disruptive event that causes a significant loss of information systems resources. It outlines the steps and procedures to recover and restore the affected systems and data, ensuring minimal downtime and business continuity. This plan focuses specifically on the recovery of information systems and resources, distinguishing it from other plans such as a contingency plan, continuity of operations plan, or business continuity plan which may address broader aspects of business operations and resilience.

    Rate this question:

  • 28. 

    Which one is a benefit of a enterprise security architecture?

    • A.

      Present and document various elements of the security architecture in order to ensure strategic alignment

    • B.

      Provide an understanding of the impact on security posture of development and implementation within other domains

    • C.

      Support, enable, and extend security policies and standards

    • D.

      All of the above

    Correct Answer
    D. All of the above
    Explanation
    The benefit of an enterprise security architecture is that it allows for the presentation and documentation of various elements of the security architecture, ensuring strategic alignment. It also provides an understanding of the impact on security posture when developing and implementing within other domains. Additionally, it supports, enables, and extends security policies and standards. Therefore, all of the above options are benefits of an enterprise security architecture.

    Rate this question:

  • 29. 

    Which one of the following tests the system's hardware, software, and configuration in an environment like its eventual operational setting?

    • A.

      Certification

    • B.

      Accreditation

    • C.

      Recertification

    • D.

      None of the above

    Correct Answer
    A. Certification
    Explanation
    Certification tests the system's hardware, software, and configuration in an environment like its eventual operational setting. This process ensures that the system meets the necessary standards and requirements for functionality, security, and performance. It involves evaluating and verifying the system's components, functionalities, and compatibility to ensure that it is ready for deployment and use in its intended operational setting.

    Rate this question:

  • 30. 

    In defining and maintaining the enterprise security architecture, which aspect describes the creating of a catalog of inputs?

    • A.

      Document current technology positions

    • B.

      Actual placement and layout and interconnectivity in implementation

    • C.

      Compare the current architecture to the target

    • D.

      Results in a strategic roadmap for migrating from current to target (typically, over 3-5 years)

    Correct Answer
    A. Document current technology positions
    Explanation
    The aspect that describes the creating of a catalog of inputs in defining and maintaining the enterprise security architecture is "Document current technology positions". This involves documenting the current technology assets and their positions within the organization's infrastructure. It helps in understanding the existing technology landscape and identifying any potential vulnerabilities or gaps in security.

    Rate this question:

  • 31. 

    The Capability Maturity Model Integration (CMMI) has three constellations. Which of the following is not one of the constellations?

    • A.

      Design

    • B.

      Acquisition

    • C.

      Development

    • D.

      Services

    Correct Answer
    A. Design
    Explanation
    The Capability Maturity Model Integration (CMMI) is a framework used to assess and improve an organization's processes. It consists of three constellations: Acquisition, Development, and Services. The Design constellation is not one of the constellations in CMMI. This means that Design is not a specific focus area within the CMMI framework and is not evaluated or improved using CMMI practices.

    Rate this question:

  • 32. 

    Defining technology security architecture in relationship with other technology domains is a benefit of the enterprise security architecture.

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Defining technology security architecture in relationship with other technology domains is a benefit of the enterprise security architecture because it helps to establish a comprehensive and cohesive approach to securing the organization's technology infrastructure. By aligning the security architecture with other technology domains, such as network architecture or application architecture, it ensures that security measures are integrated throughout the entire technology landscape. This approach enhances the effectiveness and efficiency of security controls, reduces vulnerabilities, and enables better protection of the organization's assets and data.

    Rate this question:

  • 33. 

    To maintain the security architecture, of the following, which is true?

    • A.

      Business needs change; technology changes; personnel change; threats adapt and grow; constant reassessment and improvement is necessary

    • B.

      Metrics and reporting are required to ensure continuous improvement

    • C.

      Maturity models assist in determining whether an organization is focused on optimization

    • D.

      All of the above

    Correct Answer
    D. All of the above
    Explanation
    The given correct answer is "All of the above". This means that all of the statements mentioned in the options are true. The explanation for this answer is that maintaining the security architecture requires constant reassessment and improvement due to various factors such as changing business needs, evolving technology, personnel changes, and growing threats. Metrics and reporting are necessary to ensure continuous improvement, and maturity models help in determining if an organization is focused on optimization. Therefore, all of these factors contribute to maintaining the security architecture.

    Rate this question:

  • 34. 

    Which regulatory guidance pertains to any company that is publicly traded on U.S. markets?

    • A.

      The Health Insurance Portability and Accountability Act (HIPAA)

    • B.

      The Computer Fraud and Abuse Act (CFAA)

    • C.

      The Payment Card Industry Data Security Standard (PCI DSS)

    • D.

      The Sarbanes-Oxley Act (SOX)

    Correct Answer
    D. The Sarbanes-Oxley Act (SOX)
    Explanation
    The Sarbanes-Oxley Act (SOX) pertains to any company that is publicly traded on U.S. markets. This act was passed in 2002 to protect investors and ensure the accuracy and reliability of financial statements. It establishes strict regulations for corporate governance, financial reporting, and internal controls. SOX requires companies to have independent audits of their financial statements, maintain proper documentation, and establish internal controls to prevent fraud and financial misstatements. It also imposes criminal penalties for non-compliance and includes provisions to protect whistleblowers. Overall, SOX aims to enhance transparency and accountability in publicly traded companies.

    Rate this question:

  • 35. 

    Which one of the following describes the Information Technology Security Evaluation Criteria (ITSEC)?

    • A.

      Vendor has the option to define a set of requirements from a menu of possible options into a Security Target (ST)

    • B.

      Vendors develop products (Targets of Evaluation, or ToEs) and have them evaluated against the ST

    • C.

      Addresses all three Triad elements

    • D.

      All of the above

    Correct Answer
    D. All of the above
    Explanation
    The correct answer is "All of the above." This means that all of the statements mentioned in the options describe the Information Technology Security Evaluation Criteria (ITSEC). The ITSEC allows the vendor to define a set of requirements from a menu of options into a Security Target (ST). Vendors then develop products (Targets of Evaluation, or ToEs) and have them evaluated against the ST. Additionally, ITSEC addresses all three elements of the Triad, which are confidentiality, integrity, and availability.

    Rate this question:

  • 36. 

    Which of the following forms of attack can be used to disrupt even the best physical and logical security mechanism to gain access to a system?

    • A.

      Social Engineering Attack

    • B.

      Cross Site Scripting Attack

    • C.

      Distributed Denial of Service Attack

    • D.

      Advanced Persistent Threat

    Correct Answer
    A. Social Engineering Attack
    Explanation
    A social engineering attack is a form of attack that exploits human psychology and manipulates individuals into revealing sensitive information or granting unauthorized access to a system. Unlike other forms of attacks that focus on technical vulnerabilities, social engineering attacks target the weakest link in any security system - the human element. By utilizing tactics such as deception, persuasion, and impersonation, attackers can bypass even the most robust physical and logical security mechanisms. This makes social engineering attacks highly effective and dangerous, as they can compromise a system without leaving any trace of intrusion.

    Rate this question:

  • 37. 

    Information will not be disclosed to any unauthorized person on a local network via which of the following cryptographic system services?

    • A.

      Authentication

    • B.

      Non-Repudiation

    • C.

      Integrity

    • D.

      Confidentiality

    Correct Answer
    D. Confidentiality
    Explanation
    Confidentiality ensures that information is kept private and protected from unauthorized access. In the context of cryptographic system services, confidentiality means that the information cannot be disclosed to any unauthorized person on a local network. This means that even if someone gains access to the network, they would not be able to view or access the confidential information. Authentication, non-repudiation, and integrity do not directly address the issue of preventing unauthorized disclosure of information.

    Rate this question:

  • 38. 

    With public key cryptography, confidential messages with proof of origin are encrypted with the sender's private key and the public key of the recipient

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    With public key cryptography, confidential messages are encrypted with the sender's private key and the public key of the recipient. This ensures that only the intended recipient, who possesses the corresponding private key, can decrypt and access the message. Additionally, the use of the sender's private key provides proof of origin, as only the sender possesses this key. Therefore, the statement is true.

    Rate this question:

  • 39. 

    Which of the following activities is NOT an example of a technical control?

    • A.

      Auditing

    • B.

      Data Backup

    • C.

      Network Architecture

    • D.

      System Access

    Correct Answer
    B. Data Backup
    Explanation
    Data backup is not an example of a technical control because it is a process of creating copies of data to protect against loss or damage, rather than a control that directly prevents or detects unauthorized access or misuse of data. Technical controls typically involve the use of technology, such as firewalls, encryption, or access controls, to secure systems and data. Auditing, network architecture, and system access, on the other hand, are examples of technical controls as they involve the implementation and management of technical measures to protect and control access to data and systems.

    Rate this question:

  • 40. 

    What is the best protection measure against unauthorized access to personal privacy information records in an area where systems are accessed by multiple employees?

    • A.

      The use of CHAP

    • B.

      Time of day restrictions

    • C.

      The use of smart cards

    • D.

      Sign in sheets

    Correct Answer
    C. The use of smart cards
    Explanation
    The use of smart cards is the best protection measure against unauthorized access to personal privacy information records in an area where systems are accessed by multiple employees. Smart cards provide an additional layer of security by requiring employees to present their card, which contains encrypted data, in order to gain access to the system. This helps to ensure that only authorized individuals can access the sensitive information, reducing the risk of unauthorized access and potential data breaches.

    Rate this question:

  • 41. 

    Which of the following terms refers to a mechanism which proves that the sender really sent a specific message?

    • A.

      Integrity

    • B.

      Confidentiality

    • C.

      Authentication

    • D.

      Non-repudiation

    Correct Answer
    D. Non-repudiation
    Explanation
    Non-repudiation refers to a mechanism that proves that the sender really sent a specific message. It ensures that the sender cannot deny sending the message, providing evidence of the message's origin and authenticity. This mechanism is crucial in legal and business contexts where it is important to establish the accountability of the sender and maintain the integrity of communication.

    Rate this question:

  • 42. 

    Which one of the following is a common system component in the system security architecture?

    • A.

      Processor

    • B.

      Storage

    • C.

      OS

    • D.

      All of the above

    Correct Answer
    D. All of the above
    Explanation
    All of the above options - Processor, Storage, and OS - are common system components in the system security architecture. The processor is responsible for executing instructions and performing calculations, while storage is used to store data and programs. The operating system (OS) manages the hardware and software resources of the computer system, including security features such as user authentication, access control, and encryption. Therefore, all three components play a crucial role in ensuring system security.

    Rate this question:

  • 43. 

    Which of the following is the technology of indoor environmental comfort?

    • A.

      CCTV

    • B.

      HVAC

    • C.

      Lightning

    • D.

      Fire Suppression

    Correct Answer
    B. HVAC
    Explanation
    HVAC stands for Heating, Ventilation, and Air Conditioning, which is a technology used to provide indoor environmental comfort. It involves controlling and regulating the temperature, humidity, and air quality within a building or enclosed space. HVAC systems are commonly used in residential, commercial, and industrial settings to ensure a comfortable and healthy indoor environment for occupants.

    Rate this question:

  • 44. 

    Encryption is converting a message from ciphertext to plaintext.

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    Encryption is the process of converting plaintext into ciphertext, not the other way around. In encryption, the original message is transformed into an unreadable form to protect its confidentiality. The correct answer is false because encryption converts plaintext to ciphertext, not the other way around.

    Rate this question:

  • 45. 

    To authenticate the remote computer, which of the following protocols uses public-key cryptography?

    • A.

      SSL

    • B.

      FTP

    • C.

      SSH

    • D.

      WEP

    Correct Answer
    C. SSH
    Explanation
    SSH (Secure Shell) is the correct answer because it uses public-key cryptography to authenticate the remote computer. Public-key cryptography involves the use of a key pair, consisting of a public key and a private key. The remote computer's public key is used to encrypt a message that can only be decrypted using its corresponding private key. This ensures the authenticity of the remote computer, as only the genuine private key can decrypt the message. SSH is commonly used for secure remote access to servers and other network devices.

    Rate this question:

  • 46. 

    All of the following describes link encryption except:

    • A.

      Encrypts the message payload

    • B.

      Performed by the end-user

    • C.

      Requires decrypting and re-encrypting at each communications node

    • D.

      Encrypts the routing information

    Correct Answer
    B. Performed by the end-user
    Explanation
    The correct answer is "Performed by the end-user." Link encryption refers to the process of encrypting data as it is transmitted over a network. It is typically performed by network devices such as routers or switches, rather than by end-users. The end-user's role is usually limited to using encryption protocols or tools to secure their own data before sending it over the network.

    Rate this question:

  • 47. 

    Which one of the following is NOT a common security service in the system security architecture?

    • A.

      Access control services

    • B.

      Audit and monitoring services

    • C.

      Boundary control services

    • D.

      Groups and protection services

    Correct Answer
    D. Groups and protection services
    Explanation
    Groups and protection services are not a common security service in the system security architecture. Access control services, audit and monitoring services, and boundary control services are commonly used to ensure the security of a system. Access control services manage and control user access to resources, audit and monitoring services track and log system activities, and boundary control services protect the system from external threats. However, groups and protection services are not typically considered as standalone security services in the system security architecture.

    Rate this question:

  • 48. 

    Polyalphabetic encryption techniques use multiple alphabets for each successive character replacement, making analysis much more difficult.

    • A.

      True

    • B.

      False

    Correct Answer
    A. True
    Explanation
    Polyalphabetic encryption techniques use multiple alphabets for each successive character replacement. This means that instead of using a single alphabet for encryption, different alphabets are used for each character in the plaintext. This makes the encryption more secure and difficult to analyze. By using multiple alphabets, it becomes harder for attackers to identify patterns or frequencies in the ciphertext, making it more challenging to break the encryption and decipher the message. Therefore, the given statement is true.

    Rate this question:

  • 49. 

    A minimum security baseline is a set of standards:

    • A.

      That are applied enterprise-wide to ensure a consistent level of compliance.

    • B.

      That are applied to a minimum set of controls to ensure a minimum level of compliance

    • C.

      That are based on regulatory requirements

    • D.

      That are not based on a systematic review of risks

    Correct Answer
    A. That are applied enterprise-wide to ensure a consistent level of compliance.
    Explanation
    The correct answer is "That are applied enterprise-wide to ensure a consistent level of compliance." This means that a minimum security baseline consists of standards that are implemented across the entire organization to ensure that all systems and processes meet a consistent level of compliance. This approach ensures that there are no gaps or inconsistencies in security measures and helps to maintain a uniform level of protection throughout the enterprise.

    Rate this question:

  • 50. 

    In defining and maintaining the enterprise security architecture, the gap analysis describes the security functionality in terms of generic components, component flows, and nodes.

    • A.

      True

    • B.

      False

    Correct Answer
    B. False
    Explanation
    The statement is false because the gap analysis does not describe the security functionality in terms of generic components, component flows, and nodes. Gap analysis is a process used to identify the difference or "gap" between the current state and the desired state of a system or process. In the context of enterprise security architecture, the gap analysis would focus on identifying the gaps or vulnerabilities in the existing security measures and determining the necessary actions to address those gaps. It does not specifically describe the security functionality in terms of components, flows, and nodes.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 21, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Jun 21, 2016
    Quiz Created by
    Skofft2134
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.