CISSP - Question Bank 12
Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.
A key factor to keep in mind is that guessing is better than not answering a question.
Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.
StartQ1. What is system certification?
A. Formal acceptance of a stated system configuration
B. A technical evaluation of each part of a computer system to assess its compliance with security standards
C. A functional evaluation of the manufacturer’s goals for each hardware and software component to meet integration standards
D. A manufacturer’s certificate stating that all components were installed and configured correctly
Q2. What is system accreditation?
A. Formal acceptance of a stated system configuration
B. A functional evaluation of the manufacturer’s goals for each hardware and software component to meet integration standards
C. Acceptance of test results that prove the computer system enforces the security policy
D. The process to specify secure communication between machines
Q3. What is a closed system?
A. A system designed around final, or closed, standards
B. A system that includes industry standards
C. A proprietary system that uses unpublished protocols
D. Any machine that does not run Windows
Q4. Which best describes a confined process?
A. A process that can run only for a limited time
B. A process that can run only during certain times of the day
C. A process that can access only certain memory locations
D. A process that controls access to an object
Q5. What is an access object?
A. A resource a user or process wishes to access
B. A user or process that wishes to access a resource
C. A list of valid access rules
D. The sequence of valid access types
Q6. What is a security control?
A. A security component that stores attributes that describe an object
B. A document that lists all data classification types
C. A list of valid access rules
D. A mechanism that limits access to an object
Q7. For what type of information system security accreditation are the applications and systems at a specific, self-contained location evaluated?
A. System accreditation
B. Site accreditation
C. Application accreditation
D. Type accreditation
Q8. How many major categories do the TCSEC criteria define?
A. Two
B. Three
C. Four
D. Five
Q9. What is a trusted computing base (TCB)?
A. Hosts on your network that support secure transmissions
B. The operating system kernel and device drivers
C. The combination of hardware, software, and controls that work together to enforce a security policy
D. The software and controls that certify a security policy
Q10. What is a security perimeter? (Choose all that apply.)
A. The boundary of the physically secure area surrounding your system
B. The imaginary boundary that separates the TCB from the rest of the system
C. The network where your firewall resides
D. Any connections to your computer system
Q11. What part of the TCB validates access to every resource prior to granting the requested access?
A. TCB partition
B. Trusted library
C. Reference monitor
D. Security kernel
Q12. What is the best definition of a security model?
A. A security model states policies an organization must follow.
B. A security model provides a framework to implement a security policy.
C. A security model is a technical evaluation of each part of a computer system to assess its concordance with security standards.
D. A security model is the process of formal acceptance of a certified configuration.
Q13. Which security models are built on a state machine model?
A. Bell-LaPadula and Take-Grant
B. Biba and Clark-Wilson
C. Clark-Wilson and Bell-LaPadula
D. Bell-LaPadula and Biba
Q14. Which security model(s) address(es) data confidentiality?
A. Bell-LaPadula
B. Biba
C. Clark-Wilson
D. Both A and B
Q15. Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher security level?
A. * (star) Security Property
B. No write up property
C. No read up property
D. No read down property
Q16. What is a covert channel?
A. A method that is used to pass information and that is not normally used for communication
B. Any communication used to transmit secret or top secret data
C. A trusted path between the TCB and the rest of the system
D. Any channel that crosses the security perimeter
Q17. What term describes an entry point that only the developer knows about into a system?
A. Maintenance hook
B. Covert channel
C. Buffer overflow
D. Trusted path
Q18. What is the time-of-check?
A. The length of time it takes a subject to check the status of an object
B. The time at which the subject checks on the status of the object
C. The time at which a subject accesses an object
D. The time between checking and accessing an object
Q19. How can electromagnetic radiation be used to compromise a system?
A. Electromagnetic radiation can be concentrated to disrupt computer operation.
B. Electromagnetic radiation makes some protocols inoperable.
C. Electromagnetic radiation can be intercepted.
D. Electromagnetic radiation is necessary for some communication protocol protection schemes to work.
Q20. What is the most common programmer-generated security flaw?
A. TOCTTOU vulnerability
B. Buffer overflow
C. Inadequate control checks
D. Improper logon authentication
- Question Bank 00
- Question Bank 01
- Question Bank 02
- Question Bank 03
- Question Bank 04
- Question Bank 05
- Question Bank 06
- Question Bank 07
- Question Bank 08
- Question Bank 09
- Question Bank 10
- Question Bank 11
- Question Bank 12
- Question Bank 13
- Question Bank 14
- Question Bank 15
- Question Bank 16
- Question Bank 17
- Question Bank 18
- Question Bank 19
