CISSP Practice Test

Question 1

Which statement is most accurate if one of your responsibilities is to manually monitor audit logs to detect suspicious activity,
 as stated in your job description?

Accepted Answer

The mechanism that creates audit logs is a technical control that supplements manual processes

Answer

This particular job duty is a compensating control for the audit logs themselves

Answer

The audit logs are a compensating control for the detection of malicious activity

Answer

The audit logs are a detective control when combined with review processes

Question 2

To authenticate the company's public users, your CIO wishes to employ Lightweight Directory Access Protocol (LDAP). 
The following should be your initial consideration:

Accepted Answer

Whether the considered version of LDAP has sufficient support for transport layer security

Answer

Whether the software can support LDAP using a hierarchical tree structure

Answer

Whether the Domain Component (DC) is included in the entry

Answer

Whether the LDAP entry includes the appropriate Common Name (CN)

Question 3

Configuration management is most likely handled during which phase (s) of the asset lifecycle?

Accepted Answer

Secure

Answer

Secure, Monitor

Answer

Identify and classify, Secure

Answer

Monitor, Recover

Question 4

To acquire access to a database and begin his work as an administrator, Jeffrey utilizes a secret code. He must also offer a
 thumbprint, a retina scan, and the system checks the position of his terminal's authentication. What is most likely
 being described?

Accepted Answer

Since there are four items required and three categories provided, this is a form of multi-factor authentication

Answer

Since there are four categories provided and three itemized provisions, this is a form of type 3 authentication

Answer

Since there are four items provided and three categories of factors, this is a form of hybrid authentication

Answer

Since there are two biometrics, one item of knowledge, and a location based factor, this is a form of tri-factor authentication

Question 5

Both the principal and mirror sites of Astrotek Company have recently gone down due to an unplanned outage. The outage 
will last at least three weeks, according to officials. What is the first category of items you should check for while reviewing
 the contingency plan?

Accepted Answer

Recovery steps to the alternate site within the recovery time objective

Answer

Reconstitution steps to the warm site that exceed the maximum allowable downtime

Answer

Recovery steps to the hot site within the given recovery time objective

Answer

Reconstitution steps to the cold site within the recovery point objective

Question 6

A negative test is described by which of the following?

Accepted Answer

Where the application fails a test if it does not provide the expected result

Answer

Where the expected result is a graceful rejection of data without crashing the application

Answer

Providing evidence of application behavior when unexpected or invalid data is used

Answer

An attempt to provoke an application’s failure

Question 7

You receive a message from Jeff. On his message, the cryptosystem does a hash. After that, Jeff's private key is 
used to encrypt the digest. This method is most likely to describe:

Accepted Answer

Jeff’s digital signature that may have used a weak hashing algorithm

Answer

A messaging system with strong cryptographic solutions and possibly weak hashing algorithms

Answer

An asymmetric cryptosystem with public and non-public keys

Answer

A digital hashing system with strong digests and collision resistant algorithms

Question 8

What has most likely happened if a colleague uses publicly available information from social media to guess one of your 
system administrator's passwords and then takes classified information?

Accepted Answer

Masquerading, where audit logs could still be useful

Answer

Spoofing without repudiation or recourse

Answer

Tampering, one of the damaging steps within the STRIDE model

Answer

Escalation of privilege with non-repudiation

Question 9

The CIO asks for a solution to prevent digital squatting; the Board of Directors asks for a solution to safeguard digital rights; 
the CEO asks for a solution to safeguard intellectual property; and the CFO asks for a solution to safeguard digital real estate. 
Which of the following is only appropriate for one of the above requests?

Accepted Answer

Using a digital rights management solution

Answer

Implementing multiprotocol labeled switching

Answer

Finding the appropriate security framework

Answer

Employing a group of attorneys

Question 10

Which of the following does not belong in the category of personnel security?

Accepted Answer

Current revision of the employee handbook that has not been released

Answer

Detailed job description with some missing elements

Answer

Non disclosure agreement that fails to cite legal authority

Answer

Employment contract with no signatures