Question Bank 18 - CISSP | Multiple Choice Questions

CISSP - Question Bank 18

Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.

A key factor to keep in mind is that guessing is better than not answering a question.

Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.

Question Bank 18
Index

Q1. What is a computer crime?

A. Any attack specifically listed in your security policy
B. Any illegal attack that compromises a protected computer
C. Any violation of a law or regulation that involves a computer
D. Failure to practice due diligence in computer security

The Correct Answer is C.

Explanation: A crime is any violation of a law or regulation. The violation stipulation defines the action as a crime. It is a computer crime if the violation involves a computer either as the target or a tool.

Q2. What is the main purpose of a military and intelligence attack?

A. To attack the availability of military systems
B. To obtain secret and restricted information from military or law enforcement sources
C. To utilize military or intelligence agency systems to attack other nonmilitary sites

The Correct Answer is B.

Explanation: A military and intelligence attack is targeted at the classified data that resides on the system. To the attacker, the value of the information justifies the risk associated with such an attack. The information extracted from this type of attack is often used to plan subsequent attacks.

Q3. What type of attack targets trade secret information stored on a civilian organization's system?

A. Business attack
B. Denial of service attack
C. Financial attack
D. Military and intelligence attack

The Correct Answer is A.

Explanation: Confidential information that is not related to the military or intelligence agencies is the target of business attacks. The ultimate goal could be destruction, alteration, or disclosure of confidential information.

Q4. What goal is not a purpose of a financial attack?

A. Access services you have not purchased
B. Disclose confidential personal employee information
C. Transfer funds from an unapproved source into your account

The Correct Answer is B.

Explanation: A financial attack focuses primarily on obtaining services and funds illegally.

Q5. What is one possible goal of a terrorist attack?

A. Alter sensitive trade secret documents
B. Damage the ability to communicate and respond to a physical attack
C. Steal unclassified information
D. Transfer funds to other countries

The Correct Answer is B.

Explanation: A terrorist attack is launched to interfere with a way of life by creating an atmosphere of fear. A computer terrorist attack can reach this goal by reducing the ability to respond to a simultaneous physical attack.

Q6. Which of the following would not be a primary goal of a grudge attack?

A. Disclose embarrassing personal information
B. Launch a virus on an organization's system
C. Send inappropriate e-mail with a spoofed origination address of the victim organization
D. Use automated tools to scan the organization's systems for vulnerable ports

The Correct Answer is D.

Explanation: Any action that can harm a person or organization, either directly or through embarrassment, would be a valid goal of a grudge attack. The purpose of such an attack is to “get back” at someone.

Q7. What are the primary reasons attackers engage in "fun" attacks? (Choose all that apply.)

A. Bragging rights
B. Money from the sale of stolen documents
C. Pride of conquering a secure system
D. Retaliation against a person or organization

The Correct Answers are A and C .

Explanation: Fun attacks have no reward other than providing a boost to pride and ego. The thrill of launching a fun attack comes from the act of participating in the attack (and not getting caught).

Q8. What is the most important rule to follow when collecting evidence?

A. Do not turn off a computer until you photograph the screen.
B. List all people present while collecting evidence.
C. Never modify evidence during the collection process.
D. Transfer all equipment to a secure storage location.

The Correct Answer is C.

Explanation: Although the other options have some merit in individual cases, the most important rule is to never modify, or taint, evidence. If you modify evidence, it becomes inadmissible in court.

Q9. What would be a valid argument for not immediately removing power from a machine when an incident is discovered?

A. All of the damage has been done. Turning the machine off would not stop additional damage.
B. There is no other system that can replace this one if it is turned off.
C. Too many users are logged in and using the system.
D. Valuable evidence in memory will be lost.

The Correct Answer is D.

Explanation: The most compelling reason for not removing power from a machine is that you will lose the contents of memory. Carefully consider the pros and cons of removing power. After all is considered, it may be the best choice.

Q10. What is the reason many incidents are never reported?

A. It involves too much paperwork.
B. Reporting too many incidents could hurt an organization's reputation.
C. The incident is never discovered.
D. Too much time has passed and the evidence is gone.

The Correct Answer is C.

Explanation: Although an organization would not want to report a large number of incidents (unless reporting them is mandatory), the reality is that many incidents are never discovered. The lack of well-trained users results in many incidents that are never recognized.

Q11. What is an incident?

A. Any active attack that causes damage to your system
B. Any violation of a code of ethics
C. Any crime (or violation of a law or regulation) that involves a computer
D. Any violation of your security policy

The Correct Answer is D.

Explanation: An incident is defined by your security policy. Actions that you define as an incident may not be considered an incident in another organization. For example, your organization may prohibit Internet access while another organization encourages it. Accessing the Internet would be an incident in your organization.

Q12. If port scanning does no damage to a system, why is it generally considered an incident?

A. All port scans indicate adversarial behavior.
B. Port scans can precede attacks that cause damage and can indicate a future attack.
C. Scanning a port damages the port.

The Correct Answer is B.

Explanation: Some port scans are normal. An unusually high volume of port scan activity can be a reconnaissance activity preceding a more dangerous attack. When you see unusual port scanning, you should always investigate.

Q13. What type of incident is characterized by obtaining an increased level of privilege?

A. Compromise
B. Denial of service
C. Malicious code
D. Scanning

The Correct Answer is A.

Explanation: Any time an attacker exceeds their authority, the incident is classified as a system compromise. This includes valid users who exceed their authority as well as invalid users who gain access through the use of a valid user ID.

Q14. What is the best way to recognize abnormal and suspicious behavior on your system?

A. Be aware of the newest attacks.
B. Configure your IDS to detect and report all abnormal traffic.
C. Know what your normal system activity looks like.
D. Study the activity signatures of the main types of attacks.

The Correct Answer is C.

Explanation: Although options A, B, and D are actions that can make you aware of what attacks look like and how to detect them, you will never successfully detect most attacks until you know your system. When you know what the activity on your system looks like on a normal day, you can immediately detect any abnormal activity.

Q15. If you need to confiscate a PC from a suspected attacker who does not work for your organization, what legal avenue should you pursue?

A. Consent agreement signed by employees
B. Search warrant
C. Subpoena
D. Voluntary consent

The Correct Answer is B.

Explanation: In this case, you need a search warrant to confiscate equipment without giving the suspect time to destroy evidence. If the suspect worked for your organization and you had all employees sign consent agreements, you could simply confiscate the equipment.

Q16. Why should you avoid deleting log files on a daily basis?

A. An incident may not be discovered for several days and valuable evidence could be lost.
B. Disk space is cheap and log files are used frequently.
C. Log files are protected and cannot be altered.
D. Any information in a log file is useless after it is several hours old.

The Correct Answer is A.

Explanation: Log files contain a large volume of generally useless information. However, when you are trying to track down a problem or an incident, they can be invaluable. Even if an incident is discovered as it is happening, it may have been preceded by other incidents. Log files provide valuable clues and should be protected and archived.

Q17. Which of the following conditions indicate that you must report an incident? (Choose all that apply.)

A. Confidential information protected by government regulation was possibly disclosed.
B. Damages exceeded $1,500.
C. The incident has occurred before.
D. The incident resulted in a violation of a law.

The Correct Answers are A and D .

Explanation: You must report an incident when the incident resulted in the violation of a law or regulation. This includes any damage (or potential damage) to or disclosure of protected information.

Q18. What are ethics?

A. Mandatory actions required to fulfill job requirements
B. Professional standards of regulations
C. Regulations set forth by a professional organization
D. Rules of personal behavior

The Correct Answer is D.

Explanation: Ethics are simply rules of personal behavior. Many professional organizations establish formal codes of ethics to govern their members, but ethics are personal rules individuals use to guide their lives.

Q19. According to the (ISC)² Code of Ethics, how are CISSPs expected to act?

A. Honestly, diligently, responsibly, and legally
B. Honorably, honestly, justly, responsibly, and legally
C. Upholding the security policy and protecting the organization
D. Trustworthy, loyally, friendly, courteously

The Correct Answer is B.

Explanation: The second canon of the (ISC)² Code of Ethics states how a CISSP should act, which is honorably, honestly, justly, responsibly, and legally.

Q20. Which of the following actions are considered unacceptable and unethical according to RFC 1087, “Ethics and the Internet?”

A. Actions that compromise the privacy of classified information
B. Actions that compromise the privacy of users
C. Actions that disrupt organizational activities
D. Actions in which a computer is used in a manner inconsistent with a stated security policy

The Correct Answer is B.

Explanation: RFC 1087 does not specifically address the statements in A, C, or D. Although each type of activity listed is unacceptable, only the activity identified in option B is identified in RFC 1087.

Copyright © 2018 | All Rights Reserved | Designed & Developed by Yeahhub.com