Question Bank 01 - CISSP | Multiple Choice Questions

CISSP - Question Bank 01

Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.

A key factor to keep in mind is that guessing is better than not answering a question.

Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.

Question Bank 01
Index

Q1. What is access?

A. Functions of an object
B. Information flow from objects to subjects
C. Unrestricted admittance of subjects on a system
D. Administration of ACLs

The Correct Answer is B.

Explanation: The transfer of information from an object to a subject is called access.

Q2. Which of the following is true?

A. A subject is always a user account.
B. The subject is always the entity that provides or hosts the information or data.
C. The subject is always the entity that receives information about or data from the object.
D. A single entity can never change roles between subject and object.

The Correct Answer is C.

Explanation: The subject is always the entity that receives information about or data from the object. The subject is also the entity that alters information about or data stored within the object. The object is always the entity that provides or hosts the information or data. A subject can be a user, a program, a process, a file, a computer, a database, and so on. The roles of subject and object can switch as two entities, such as a program and a database or a process and a file, communicate to accomplish a task.

Q3. What are the elements of the CIA Triad?

A. Confidentiality, integrity, and availability
B. Confidentiality, interest, and accessibility
C. Control, integrity, and authentication
D. Calculations, interpretation, and accountability

The Correct Answer is A.

Explanation: The essential security principles of confidentiality, integrity, and availability are often referred to as the CIA Triad.

Q4. Which of the following types of access control uses fences, security policies, security awareness training, and antivirus software to stop an unwanted or unauthorized activity from occurring?

A. Preventative
B. Detective
C. Corrective
D. Authoritative

The Correct Answer is A.

Explanation: A preventative access control is deployed to stop an unwanted or unauthorized activity from occurring. Examples of preventative access controls include fences, security policies, security awareness training, and antivirus software.

Q5. ___________________ access controls are the hardware or software mechanisms used to manage access to resources and systems and to provide protection for those resources and systems.

A. Administrative
B. Logical/technical
C. Physical
D. Preventative

The Correct Answer is B.

Explanation: Logical/technical access controls are the hardware or software mechanisms used to manage access to resources and systems and to provide protection for those resources and systems. Examples of logical or technical access controls include encryption, smart cards, passwords, biometrics, constrained interfaces, access control lists, protocols, firewalls, routers, intrusion detection systems, and clipping levels.

Q6. What is the first step of access control?

A. Accountability logging
B. ACL verification
C. Subject authorization
D. Subject identification

The Correct Answer is D.

Explanation: Access controls govern subjects’ access to objects. The first step in this process is identifying who the subject is. In fact, there are several steps preceding actual object access: identification, authentication, authorization, and accountability.

Q7. ___________________ is the process of verifying or testing the validity of a claimed identity.

A. Identification
B. Authentication
C. Authorization
D. Accountability

The Correct Answer is B.

Explanation: The process of verifying or testing the validity of a claimed identity is called authentication.

Q8. Which of the following is an example of a Type 2 authentication factor?

A. Something you have, such as a smart card, ATM card, token device, and memory card
B. Something you are, such as fingerprints, voice print, retina pattern, iris pattern, face shape, palm topology, and hand geometry
C. Something you do, such as type a pass phrase, sign your name, and speak a sentence
D. Something you know, such as a password, personal identification number (PIN), lock combination, pass phrase, mother’s maiden name, and favorite color

The Correct Answer is A.

Explanation: A Type 2 authentication factor is something you have. This could include a smart card, ATM card, token device, and memory card.

Q9. Which of the following is not a reason why using passwords alone is a poor security mechanism?

A. When possible, users choose easy-to-remember passwords, which are therefore easy to guess or crack.
B. Randomly generated passwords are hard to remember, thus many users write them down.
C. Short passwords can be discovered quickly in brute force attacks only when used against a stolen password database file.
D. Passwords can be stolen through many means, including observation, recording and playback, and security database theft.

The Correct Answer is C.

Explanation: Brute force attacks can be used against password database files and system logon prompts.

Q10. Which of the following is not a valid means to improve the security offered by password authentication?

A. Enabling account lockout controls
B. Enforcing a reasonable password policy
C. Using password verification tools and password cracking tools against your own password database file
D. Allowing users to reuse the same password

The Correct Answer is D.

Explanation: Preventing password reuse increases security by preventing the theft of older password database files, which can be used against the current user passwords.

Q11. What can be used as an authentication factor that is a behavioral or physiological characteristic unique to a subject?

A. Account ID
B. Biometric factor
C. Token
D. IQ

The Correct Answer is A.

Explanation: A biometric factor is a behavioral or physiological characteristic that is unique to a subject, such as fingerprints and face scans.

Q12. What does the Crossover Error Rate (CER) for a biometric device indicate?

A. The sensitivity is tuned too high.
B. The sensitivity is tuned too low.
C. The False Rejection Rate and False Acceptance Rate are equal.
D. The biometric device is not properly configured.

The Correct Answer is C.

Explanation: The point at which the FRR and FAR are equal is known as the Crossover Error Rate (CER). The CER level is used as a standard assessment point from which to measure the performance of a biometric device.

Q13. Which if the following is not an example of an SSO mechanism?

A. Kerberos
B. KryptoKnight
C. TACACS
D. SESAME

The Correct Answer is C.

Explanation: Kerberos, SESAME, and KryptoKnight are examples of SSO mechanisms. TACACS is a centralized authentication service used for remote access clients.

Q14. ___________________ access controls rely upon the use of labels.

A. Discretionary
B. Role-based
C. Mandatory
D. Nondiscretionary

The Correct Answer is C.

Explanation: Mandatory access controls rely upon the use of labels. A system that employs discretionary access controls allows the owner or creator of an object to control and define subject access to that object. Nondiscretionary access controls are also called role-based access controls. Systems that employ nondiscretionary access controls define a subject's ability to access an object through the use of subject roles or tasks.

Q15. A network environment that uses discretionary access controls is vulnerable to which of the following?

A. SYN flood
B. Impersonation
C. Denial of service
D. Birthday attack

The Correct Answer is B.

Explanation: A discretionary access control environment controls access based on user identity. If a user account is compromised and another person uses that account, they are impersonating the real owner of the account.

Q16. What is the most important aspect of a biometric device?

A. Accuracy
B. Acceptability
C. Enrollment time
D. Invasiveness

The Correct Answer is A.

Explanation: The most important aspect of a biometric factor is its accuracy. If a biometric factor is not accurate, it may allow unauthorized users into a system.

Q17. Which of the following is not an example of a deterrent access control?

A. Encryption
B. Auditing
C. Awareness training
D. Antivirus software

The Correct Answer is D.

Explanation: Antivirus software is an example of a recovery or corrective access control.

Q18. Kerberos provides the security services of ____________________ protection for authentication traffic.

A. Availability and nonrepudiation
B. Confidentiality and authentication
C. Confidentiality and integrity
D. Availability and authorization

The Correct Answer is C.

Explanation: Kerberos provides the security services of confidentiality and integrity protection for authentication traffic.

Q19. Which of the following forms of authentication provides the strongest security?

A. Password and a PIN

B. One-time password
C. Pass phrase and a smart card
D. Fingerprint

The Correct Answer is C.

Explanation: A pass phrase and a smart card provide the strongest authentication security because it is the only selection offering two-factor authentication.

Q20. Which of the following is the least acceptable form of biometric device?

A. Iris scan
B. Retina scan
C. Fingerprint
D. Facial geometry

The Correct Answer is B.

Explanation: Of the options listed, retina scan is the least accepted form of biometric device because it requires touching a shared eye cup and can reveal personal health issues.

Copyright © 2018 | All Rights Reserved | Designed & Developed by Yeahhub.com