Question Bank 13 - CISSP | Multiple Choice Questions

CISSP - Question Bank 13

Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.

A key factor to keep in mind is that guessing is better than not answering a question.

Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.

Question Bank 13
Index

Q1. Personnel management is a form of what type of control?

A. Administrative
B. Technical
C. Logical
D. Physical

The Correct Answer is A.

Explanation: Personnel management is a form of administrative control. Administrative controls also include separation of duties and responsibilities, rotation of duties, least privilege, and so on.

Q2. What is the most common means of distribution for viruses?

A. Unapproved software
B. E-mail
C. Websites
D. Commercial software

The Correct Answer is B.

Explanation: E-mail is the most common distribution method for viruses.

Q3. Which of the following causes the vulnerability of being affected by viruses to increase?

A. Length of time the system is operating
B. The classification level of the primary user
C. Installation of software
D. Use of roaming profiles

The Correct Answer is C.

Explanation: As more software is installed, more vulnerabilities are added to the system, thus adding more avenues of attack for viruses.

Q4. In areas where technical controls cannot be used to prevent virus infections, what should be used to prevent them?

A. Security baselines
B. Awareness training
C. Traffic filtering
D. Network design

The Correct Answer is B.

Explanation: In areas where technical controls cannot prevent virus infections, users should be trained on how to prevent them.

Q5. Which of the following is not true?

A. Complying with all applicable legal requirements is a key part of sustaining security.
B. It is often possible to disregard legal requirements if complying with regulations would cause a reduction in security.
C. The legal requirements of an industry and of a country should be considered the baseline or foundation upon which the remainder of the security infrastructure must be built.
D. Industry and governments impose legal requirements, restrictions, and regulations on the practices of an organization.

The Correct Answer is B.

Explanation: Laws and regulations must be obeyed and security concerns must be adjusted accordingly.

Q6. Which of the following is not an illegal activity that can be performed over a computer network?

A. Theft
B. Destruction of assets
C. Waste of resources
D. Espionage

The Correct Answer is C.

Explanation: Although wasting resources is considered inappropriate activity, it is not actually a crime in most cases.

Q7. Who does not need to be informed when records about their activities on a network are being recorded and retained?

A. Administrators
B. Normal users
C. Temporary guest visitors
D. No one

The Correct Answer is D.

Explanation: Everyone should be informed when records about their activities on a network are being recorded and retained.

Q8. What is the best form of antivirus protection?

A. Multiple solutions on each system
B. A single solution throughout the organization
C. Concentric circles of different solutions
D. One-hundred-percent content filtering at all border gateways

The Correct Answer is C.

Explanation: Concentric circles of different solutions is the best form of antivirus protection.

Q9. Which of the following is an effective means of preventing and detecting the installation of unapproved software?

A. Workstation change
B. Separation of duties
C. Discretionary access control
D. Job responsibility restrictions

The Correct Answer is A.

Explanation: Workstation change is an effective means of preventing and detecting the presence of unapproved software.

Q10. What is the requirement to have access to, knowledge about, or possession of data or a resource to perform specific work tasks commonly known as?

A. Principle of least privilege
B. Prudent man theory
C. Need-to-know
D. Role-based access control

The Correct Answer is C.

Explanation: Need-to-know is the requirement to have access to, knowledge about, or possession of data or a resource to perform specific work tasks.

Q11. Which are activities that require special access to be performed within a secured IT environment?

A. Privileged operations functions
B. Logging and auditing
C. Maintenance responsibilities
D. User account management

The Correct Answer is A.

Explanation: Privileged operations functions are activities that require special access to perform within a secured IT environment. They may include auditing, maintenance, and user account management.

Q12. Which of the following requires that archives of audit logs be kept for long periods of time?

A. Data remanence
B. Record retention
C. Data diddling
D. Data mining

The Correct Answer is B.

Explanation: To use record retention properly, archives of audit logs must be kept for long periods of time.

Q13. What is the most important aspect of marking media?

A. Date labeling
B. Content description
C. Electronic labeling
D. Classification

The Correct Answer is D.

Explanation: Classification is the most important aspect of marking media because it determines the precautions necessary to ensure the security of the hosted content.

Q14. Which operation is performed on media so it can be reused in a less-secure environment?

A. Erasing
B. Clearing
C. Purging
D. Overwriting

The Correct Answer is C.

Explanation: Purging of media is erasing media so it can be reused in a less-secure environment. The purging process may need to be repeated numerous times depending on the classification of the data and the security of the environment.

Q15. Sanitization can be unreliable due to which of the following?

A. No media can be fully swept clean of all data remnants.
B. Even fully incinerated media can offer extractable data.
C. The process can be performed improperly.
D. Stored data is physically etched into the media.

The Correct Answer is C.

Explanation: Sanitization can be unreliable because the purging, degaussing, or other processes can be performed improperly.

Q16. Which security tool is used to guide the security implementation of an organization?

A. Directive control
B. Preventive control
C. Detective control
D. Corrective control

The Correct Answer is A.

Explanation: A directive control is a security tool used to guide the security implementation of an organization.

Q17. Which security mechanism is used to verify whether the directive and preventative controls have been successful?

A. Directive control
B. Preventive control
C. Detective control
D. Corrective control

The Correct Answer is C.

Explanation: A detective control is a security mechanism used to verify whether the directive and preventative controls have been successful.

Q18. When possible, operations controls should be ________________ .

A. Simple
B. Administrative
C. Preventative
D. Transparent

The Correct Answer is D.

Explanation: When possible, operations controls should be invisible, or transparent, to users. This keeps users from feeling hampered by security and reduces their knowledge of the overall security scheme, thus further restricting the likelihood that users will violate system security deliberately.

Q19. What is the primary goal of change management?

A. Personnel safety
B. Allowing rollback of changes
C. Ensuring that changes do not reduce security
D. Auditing privilege access

The Correct Answer is C.

Explanation: The goal of change management is to ensure that any change does not lead to reduced or compromised security.

Q20. What type of trusted recovery process requires the intervention of an administrator?

A. Restricted
B. Manual
C. Automated
D. Controlled

The Correct Answer is B.

Explanation: A manual recovery type of trusted recovery process requires the intervention of an administrator.

Copyright © 2018 | All Rights Reserved | Designed & Developed by Yeahhub.com