CramX Logo
RegisterLog in
CISSP Official Practice Tests (2021) - Document preview page 1

CISSP Official Practice Tests (2021) - Page 1

Document preview content for CISSP Official Practice Tests (2021)

CISSP Official Practice Tests (2021)

CISSP Official Practice Tests (2021) is your shortcut to certification success—start preparing today!

Emma Thompson
Contributor
4.1
109
over 1 year ago
Preview (31 of 499 Pages)
100%
Log in to unlock
Page 1 of 31
CISSP Official Practice Tests (2021) - Page 1 preview imageT=StudyX
Page 2 of 31
CISSP Official Practice Tests (2021) - Page 2 preview imageDownloadedfromStudyXY.com&+StudyXY~~as.aTBStudyaAnythingThisContentHasbeenPostedOnStudyXY.comassupplementarylearningmaterial.StudyXYdoesnotendroseanyuniversity,collegeorpublisher.Allmaterialspostedareundertheliabilityofthecontributors.wv6)www.studyxy.coimn
Page 3 of 31
CISSP Official Practice Tests (2021) - Page 3 preview imageT=StudyX
Page 4 of 31
CISSP Official Practice Tests (2021) - Page 4 preview imageCISSP®CertifiedInformationSystemsSecurityProfessionalThirdEdition
Page 5 of 31
CISSP Official Practice Tests (2021) - Page 5 preview imageT=StudyX
Page 6 of 31
CISSP Official Practice Tests (2021) - Page 6 preview imageCISSP®CertifiedInformationSystemsSecurityProfessionalThirdEditionMikeChapple,CISSPDavidSeidl,CISSP
Page 7 of 31
CISSP Official Practice Tests (2021) - Page 7 preview imageCopyright©2021byJohnWiley&Sons,Inc.AllrightsreservedPublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJerseyPublishedsimultaneouslyinCanadaandtheUnitedKingdomISBN:978-1-119-78763-1ISBN:978-1-119-79315-1(ebk.)ISBN:978-1-119-78764-8(ebk.)Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)646-8600.RequeststothePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201)748-6008,oronlineatwww.wiley.com/go/permissions.LimitofLiability/DisclaimerofWarranty:Whilethepublisherandauthorhaveusedtheirbesteffortsinpreparingthisbook,theymakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisbookandspecificallydisclaimanyimpliedwarrantiesofmerchantabilityorfitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesrepresentativesorwrittensalesmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforyoursituation.Youshouldconsultwithaprofessionalwhereappropriate.Neitherthepublishernorauthorshallbeliableforanylossofprofitoranyothercommercialdamages,includingbutnotlimitedtospecial,incidental,consequential,orotherdamages.Forgeneralinformationonourotherproductsandservicesortoobtaintechnicalsupport,pleasecontactourCustomerCareDepartmentwithintheU.S.at(877)762-2974,outsidetheU.S.at(317)572-3993orfax(317)572-4002.Wileyalsopublishesitsbooksinavarietyofelectronicformats.Somecontentthatappearsinprintmaynotbeavailableinelectronicformats.FormoreinformationaboutWileyproducts,visitourwebsiteatwww.wiley.com.LibraryofCongressControlNumber:2021935480TRADEMARKS:WILEYandtheWileylogoaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc.and/oritsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwrittenpermission.(ISC)*andCISSPareregisteredtrademarksofInternationalInformationSystemsSecurityCertificationConsortium,Inc.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnotassociatedwithanyproductorvendormentionedinthisbook.Coverimage(s):©GettyImagesInc./JeremyWoodhouseCoverdesign:WileyStudy
Page 8 of 31
CISSP Official Practice Tests (2021) - Page 8 preview imageAcknowledgmentsTheauthorswouldliketothankthemanypeoplewhomadethisbookpossible.JimMinatelatWileyPublishinghelpedusextendtheSybexCISSPfranchisetoincludethistitleandhascontinuedtochampionwiththeInternationalInformationSystemsSecurityCertificationConsortium(ISC)*.CaroleJelen,ouragent,tacklesalltheback-endmagicforourwritingeffortsandworkedonboththelogisticaldetailsandthebusinesssideofthebookwithherusualgraceandcommitmenttoexcellence.BenMalisowandJerryRayome,ourtechnicaleditors,pointedoutmanyopportunitiestoimproveourworkanddeliverahigh-qualityfinalproduct.CarolineDefineservedasourprojectmanagerandmadesureeverythingfittogether.Manyotherpeoplewe'llnevermeetworkedbehindthescenestomakethisbookasuccess,andwereallyappreciatetheirtimeandtalentstomakethisnexteditioncometogether.
Page 9 of 31
CISSP Official Practice Tests (2021) - Page 9 preview imageT=StudyX
Page 10 of 31
CISSP Official Practice Tests (2021) - Page 10 preview imageAbouttheAuthorsMikeChapple,PhD,CISSP,isanauthorofthebest-sellingCISSP(ISC)*CertifiedInformationSystemsSecurityProfessionalOfficialStudyGuide(Sybex,2021),nowinitsninthedition.Heisaninformationsecurityprofessionalwithtwodecadesofexperienceinhighereducation,theprivatesector,andgovernment.MikecurrentlyservesasTeachingProfessorofIT,Analytics,andOperationsattheUniversityofNotreDame’sMendozaCollegeofBusiness.HepreviouslyservedasSeniorDirectorforITServiceDeliveryatNotreDame,whereheoversawtheinformationsecu-rity,datagovernance,ITarchitecture,projectmanagement,strategicplanning,andproductmanagementfunctionsfortheuniversity.BeforereturningtoNotreDame,MikeservedasExecutiveVicePresidentandChiefInformationOfficeroftheBrandInstitute,aMiami-basedmarketingconsultancy.MikealsospentfouryearsintheinformationsecurityresearchgroupattheNationalSecurityAgencyandservedasanactivedutyintelligenceofficerintheU.S.AirForce.HeisatechnicaleditorforInformationSecurityMagazineandhaswritten20books,includingCyberwarfare:InformationOperationsinaConnectedWorld(Jones&Bartlett,2015),CompTIASecurity+TrainingKit(MicrosoftPress,2013),andCompTIACybersecu-rityAnalyst+(CySA+)StudyGuide(Wiley,2017)andPracticeTests(Wiley,2018).MikeearnedbothhisBSandPhDdegreesfromNotreDameincomputerscienceandengineering.HealsoholdsanMSincomputersciencefromtheUniversityofIdahoandanMBAfromAuburnUniversity.HisITcertificationsincludetheCISSP,Security+,CySA+,CISA,PenTest+,CIPP/US,CISM,CCSP,andPMPcredentials.Mikeprovidesbooks,video-basedtraining,andfreestudygroupsforawidevarietyofITcertificationsathiswebsite,CertMike.com.DavidSeidl,CISSP,isVicePresidentforInformationTechnologyandCIOatMiamiUni-versity.DuringhisITcareer,hehasservedinavarietyoftechnicalandinformationsecurityrolesincludingservingattheSeniorDirectorforCampusTechnologyServicesattheUni-versityofNotreDamewhereheco-ledNotreDame’smovetothecloud,andoversawcloudoperations,ERP,databases,identitymanagement,andabroadrangeofothertechnologiesandservice.HealsoservedasNotreDame’sDirectorofInformationSecurityandledNotreDame’sinformationsecurityprogram.HehastaughtinformationsecurityandnetworkingundergraduatecoursesasaninstructorforNotreDame’sMendozaCollegeofBusinessandhaswrittenbooksonsecuritycertificationandcyberwarfare,includingco-authoringthepreviouseditionsofCISSP(ISC)*OfficialPracticeTests(Sybex2018)aswellasCompTIACySA+StudyGuide:ExamCS0-002,CompTIACySA+PracticeTests:ExamCS0-002,CompTIASecurity+StudyGuide:Exam$Y0-601,andCompTIASecurity+PracticeTests:ExamSY0-601aswellasothercertificationguidesandbooksoninformationsecurity.Davidholdsabachelor’sdegreeincommunicationtechnologyandamaster’sdegreeininformationsecurityfromEasternMichiganUniversity,aswellasCISSP,CySA+,Pentest+,GPEN,andGCIHcertifications.
Page 11 of 31
CISSP Official Practice Tests (2021) - Page 11 preview imageT=StudyX
Page 12 of 31
CISSP Official Practice Tests (2021) - Page 12 preview imageAbouttheTechnicalEditorsBenMalisowisaconsultantandwriterwithmorethan25yearsofexperienceinthefieldsofinformation,security,andinformationsecurity.HeteachesSSCP,CISSP,andCCSPprepa-rationcoursesfor(ISC)?andhaswrittentheOfficial(ISC)*CCSPStudyGuideandtheOffi-cial(ISC)?PracticeTestsbooks,amongothertitles;hislatestworksincludeCCSKPracticeTestsandExposed:HowRevealingYourDataandEliminatingPrivacyIncreasesTrustandLiberatesHumanity.HeandhispartnerRobinCabehosttheweeklypodcast,“TheSensuousSoundsofINFOSEC,”fromhiswebsitewww.securityzed.com.JerryRayome,BS/MSComputerScience,CISSP,employedasamemberoftheCyberSecurityProgramatLawrenceLivermoreNationalLaboratoryforover20yearsprovidingcybersecurityservicesthatincludesoftwaredevelopment,penetrativetesting,incidentresponse,firewallimplementation/administration,firewallauditing,honeynetdeployment/monitoring,cyberforensicinvestigations,NIST900-53controlimplementation/assessment,cloudriskassessment,andcloudsecurityauditing.
Page 13 of 31
CISSP Official Practice Tests (2021) - Page 13 preview imageT=StudyX
Page 14 of 31
CISSP Official Practice Tests (2021) - Page 14 preview imageContentsataGlanceIntroductionxvChapter1SecurityandRiskManagement(Domain1)1Chapter2AssetSecurity(Domain2)25Chapter3SecurityArchitectureandEngineering(Domain3)49Chapter4CommunicationandNetworkSecurity(Domain4)73Chapter5IdentityandAccessManagement(Domain5)97Chapter6SecurityAssessmentandTesting(Domain6)121Chapter7SecurityOperations(Domain7)145Chapter8SoftwareDevelopmentSecurity(Domain8)169Chapter9PracticeTest1195Chapter10PracticeTest2225Chapter11PracticeTest3253Chapter12PracticeTest4283AppendixAnswers31Index457T=Study)
Page 15 of 31
CISSP Official Practice Tests (2021) - Page 15 preview imageT=StudyX
Page 16 of 31
CISSP Official Practice Tests (2021) - Page 16 preview imageContentsIntroductionxvChapter1SecurityandRiskManagement(Domain1)1Chapter2AssetSecurity(Domain2)25Chapter3SecurityArchitectureandEngineering(Domain3)49Chapter4CommunicationandNetworkSecurity(Domain4)73Chapter5IdentityandAccessManagement(Domain5)97Chapter6SecurityAssessmentandTesting(Domain6)121Chapter7SecurityOperations(Domain7)145Chapter8SoftwareDevelopmentSecurity(Domain8)169Chapter9PracticeTest1195Chapter10PracticeTest2225Chapter11PracticeTest3253Chapter12PracticeTest4283AppendixAnswers311Chapter1:SecurityandRiskManagement(Domain1)312Chapter2:AssetSecurity(Domain2)321Chapter3:SecurityArchitectureandEngineering(Domain3)333Chapter4:CommunicationandNetworkSecurity(Domain4)342Chapter5:IdentityandAccessManagement(Domain5)353Chapter6:SecurityAssessmentandTesting(Domain6)365Chapter7:SecurityOperations(Domain7)377Chapter8:SoftwareDevelopmentSecurity(Domain8)389Chapter9:PracticeTest1400Chapter10:PracticeTest2414Chapter11:PracticeTest3428Chapter12:PracticeTest4441Index457T=StudyX
Page 17 of 31
CISSP Official Practice Tests (2021) - Page 17 preview imageT=StudyX
Page 18 of 31
CISSP Official Practice Tests (2021) - Page 18 preview imageIntroduction(ISC)*®CISSP®CertifiedInformationSystemsSecurityProfessionalOfficialPracticeTestsisacompanionvolumeto(ISC)*CISSPCertifiedInformationSystemsSecurityProfessionalOfficialStudyGuide.ItincludesquestionsthatcovercontentfromtheCISSPDetailedContentOutlineandexamthatbecameeffectiveonMay1,2021.Ifyou'relookingtotestyourknowledgebeforeyoutaketheCISSPexam,thisbookwillhelpyoubyprovidingmorethan1,300questionsthatcovertheCISSPCommonBodyofKnowledgeandeasy-to-under-standexplanationsofbothrightandwronganswers.Ifyou'rejuststartingtopreparefortheCISSPexam,wehighlyrecommendthatyouuse(ISG)?CISSPCertifiedInformationSystemsSecurityProfessionalOfficialStudyGuidetohelpyoulearnabouteachofthedomainscoveredbytheCISSPexam.Onceyou'rereadytotestyourknowledge,usethisbooktohelpfindplaceswhereyoumayneedtostudymoreortopracticefortheexamitself.SincethisisacompaniontoCISSPStudyGuide,thisbookisdesignedtobesimilartotakingtheCISSPexam.Itcontainsmultipartscenariosaswellasstandardmultiple-choiceandmatchingquestionssimilartothoseyoumayencounteronthecertificationexam.Thebookisbrokenupinto12chapters:8domain-centricchapterswith100ormorequestionsabouteachdomain,and4chaptersthatcontain125-questionpracticeteststosimulatetak-ingtheexam.CISSPCertificationTheCISSPcertificationisofferedbytheInternationalInformationSystemSecurityCertificationConsortium,or(ISC)?,aglobalnonprofitorganization.Themissionof(ISC)*istosupportandprovidemembersandconstituentswithcredentials,resources,andleader-shiptoaddresscyber,information,software,andinfrastructuresecuritytodelivervaluetosociety.(ISC)*achievesthismissionbydeliveringtheworld’sleadinginformationsecuritycertificationprogram,theCISSP.(ISC)?*alsoofferedfiveadditionalcertificationsincluding:(ISC)*alsoofferedfiveadditionalcertificationsincluding:=SystemsSecurityCertifiedPractitioner(SSCP)=CertifiedAuthorizationProfessional(CAP)=CertifiedSecureSoftwareLifecycleProfessional(CSSLP)=HealthCareInformationSecurityandPrivacyPractitioner(HCISPP)=CertifiedCloudSecurityProfessional(CSP)Study
Page 19 of 31
CISSP Official Practice Tests (2021) - Page 19 preview imagexviIntroductionTherearealsothreeadvancedCISSPcertificationsforthosewhowanttomoveonfromthebasecredentialtodemonstrateadvancedexpertiseinadomainofinformationsecurity.=InformationSystemsSecurityArchitectureProfessional(CISSP-ISSAP)=InformationSystemsSecurityEngineeringProfessional(CISSP-ISSEP)=InformationSystemsSecurityManagementProfessional(CISSP-ISSMP)TheCISSPcertificationcoverseightdomainsofinformationsecurityknowledge.Thesedomainsaremeanttoserveasthebroadknowledgefoundationrequiredtosucceedintheinformationsecurityprofession.=SecurityandRiskManagement=AssetSecurity=SecurityArchitectureandEngineering=CommunicationandNetworkSecurity=IdentityandAccessManagement(IAM)=SecurityAssessmentandTesting=SecurityOperations=SoftwareDevelopmentSecurityTheCISSPdomainsareperiodicallyupdatedby(ISC)%.ThemostrecentrevisionMay1,2021slightlymodifiedtheweightingforCommunicationandNetworksecurityfrom14percentto13percentwhileincreasingthefocusonSoftwareDevelopmentSecurityfrom10percentto11percent.Italsoaddedorexpandedcoverageoftopicssuchasthedatamanagementlifecycle,microservices,containerization,serverlesscomputing,quantumcom-puting,5Gnetworking,andmodernsecuritycontrols.CompletedetailsontheCISSPCommonBodyofKnowledge(CBK)arecontainedintheExamOutline.Itincludesafulloutlineofexamtopics,canbefoundonthe(ISC)>websiteatwww.isc2.org.TakingtheCISSPExamTheEnglishversionoftheCISSPexamusesatechnologycalledcomputeradaptivetesting(CAT).Withthisformat,youwillfaceanexamcontainingbetween100to150questionswithathree-hourtimelimit.Youwillnothavetheopportunitytoskipbackandforthbecausethecomputerselectsthenextquestionsthatitasksyoubaseduponyouranswerstopreviousquestions.Ifyou'redoingwellontheexam,itwillgetmoredifficultasyouprogress.Don’tletthatunnerveyou!OtherversionsoftheexaminFrench,German,BrazilianPortuguese,Spanish,Japanese,SimplifiedChinese,andKoreanuseatraditionallinearformat.ThelinearformatexamStudy
Page 20 of 31
CISSP Official Practice Tests (2021) - Page 20 preview imageIntroductionxviiincludes250questionswithasix-hourtimelimit.Foreitherversionoftheexam,passingrequiresachievingascoreofatleast700outof1,000points.It’simportanttounderstandthatthisisascaledscore,meaningthatnoteveryquestionisworththesamenumberofpoints.Questionsofdifferingdifficultymayfactorintoyourscoremoreorlessheavily,andadaptiveexamsadjusttothetesttaker.Thatsaid,asyouworkthroughthesepracticeexams,youmightwanttouse70percentasagoaltohelpyougetasenseofwhetheryou’rereadytositfortheactualexam.Whenyou'reready,youcanscheduleanexamatalocationnearyouthroughthe(ISC)*website.QuestionsontheCISSPexamareprovidedinbothmultiple-choiceformandwhat(ISC)*callsadvancedinnovativequestions,whicharedrag-and-dropandhotspotquestions,bothofwhichareofferedincomputer-basedtestingenvironments.Innovativequestionsarescoredthesameastraditionalmultiple-choicequestionsandhaveonlyonerightanswer.-_(ISC)2exampoliciesaresubjecttochange.Pleasebesuretocheckisc2.orgJforthecurrentpoliciesbeforeyouregisterandtaketheexam.Computer-BasedTestingEnvironmentCISSPexamsarenowadministeredinacomputer-basedtesting(CBT)format.You'llregisterfortheexamthroughthePearsonVuewebsiteandmaytaketheexaminthelanguageofyourchoice.ItisofferedinEnglish,French,German,Portuguese,Spanish,Japanese,Simpli-fiedChinese,Korean,andavisuallyimpairedformat.You'lltaketheexaminacomputer-basedtestingcenterlocatednearyourhomeoroffice.Thecentersadministermanydifferentexams,soyoumayfindyourselfsittinginthesameroomasastudenttakingaschoolentranceexaminationandahealthcareprofessionalearn-ingamedicalcertification.Ifyou'dliketobecomemorefamiliarwiththetestingenviron-ment,thePearsonVuewebsiteoffersavirtualtourofatestingcenter.home.pearsonvue.com/test-taker/Pearson-Professional-Center-Tour.aspxWhenyoutaketheexam,you'llbeseatedatacomputerthathastheexamsoftwarealreadyloadedandrunning.It’saprettystraightforwardinterfacethatallowsyoutonav-igatethroughtheexam.YoucandownloadapracticeexamandtutorialfromthePearsonVuewebsite.http://www.vue.com/athena/athena.aspAtthetimethisbookwenttopress,(ISC)?wasconductingapilottestpsTEofat-homecomputer-basedexamsforCISSPcandidatesintheUnitedStates.Itispossiblethatthispilotwillbeextendedtoapermanentprod-uctandmaybecomeavailableinadditionalcountries.Checkthe(ISC)*websiteformoreinformation.
Page 21 of 31
CISSP Official Practice Tests (2021) - Page 21 preview imagexviiiIntroductionExamRetakePolicyIfyoudon’tpasstheCISSPexam,youshouldn’tpanic.Manyindividualsdon’treachthebarontheirfirstattempt,butgainvaluableexperiencethathelpsthemsucceedthesecondtimearound.Whenyouretaketheexam,you'llhavethebenefitoffamiliaritywiththeCBTenvi-ronmentandCISSPexamformat.You’llalsohavetimetostudytheareaswhereyoufeltlessconfident.Afteryourfirstexamattempt,youmustwait30daysbeforeretakingthecomputer-basedexam.Ifyou'renotsuccessfulonthatattempt,youmayre-testafter60days.Ifyoudon'tpassafteryourthirdattempt,youcanre-testafter90daysforthatandanysubsequentattempts.Youcan’ttakethetestmorethan4timeswithinasinglecalendaryear.Youcanobtainmoreinformationabout(ISC)*anditsothercertificationsfromitswebsiteatwww.isc2.org.WorkExperienceRequirementCandidateswhowanttoearntheCISSPcredentialmustnotonlypasstheexambutalsodemonstratethattheyhaveatleastfiveyearsofworkexperienceintheinformationsecurityfield.YourworkexperiencemustcoveractivitiesinatleasttwooftheeightdomainsoftheCISSPprogramandmustbepaid,full-timeemployment.Volunteerexperiencesorpart-timedutiesarenotacceptabletomeettheCISSPexperiencerequirement.Youmaybeeligibletowaiveoneofthefiveyearsoftheworkexperiencerequirementbaseduponyoureducationalachievements.Ifyouholdabachelor’sdegreeorfour-yearequivalent,youmaybeeligibleforadegreewaiverthatcoversoneofthoseyears.Similarly,ifyouholdoneoftheinformationsecuritycertificationsonthecurrent(ISC)?credentialwaiverlist(www.isc2.org/credential_waiver/default.aspx),youmayalsowaiveayearoftheexperiencerequirement.Youmaynotcombinethesetwoprograms.Holdersofbothacertificationandanundergraduatedegreemuststilldemonstrateatleastfouryearsofexperience.Ifyouhaven'tyetcompletedyourworkexperiencerequirement,youmaystillattempttheCISSPexam.IndividualswhopasstheexamaredesignatedAssociatesof(ISC)*andhavesixyearstocompletetheworkexperiencerequirement.RecertificationRequirementsOnceyou'veearnedyourCISSPcredential,you'llneedtomaintainyourcertificationbypayingmaintenancefeesandparticipatingincontinuingprofessionaleducation(CPE).Aslongasyoumaintainyourcertificationingoodstanding,youwillnotneedtoretaketheCISSPexam.
Page 22 of 31
CISSP Official Practice Tests (2021) - Page 22 preview imageIntroductionxixCurrently,theannualmaintenancefeesfortheCISSPcredentialare$125peryear.Thisfeecoverstherenewalforall(ISC)*certificationsheldbyanindividual.TheCISSPCPErequirementmandatesearningatleast120CPEcreditsduringeachthree-yearrenewalcycle.Associatesof(ISC)*mustearnatleast15CPEcreditseachyear.(ISC)*providesanonlineportalwherecertificateholdersmaysubmitCPEcompletionforreviewandapproval.Theportalalsotracksannualmaintenancefeepaymentsandprogresstowardrecertification.UsingThisBooktoPracticeThisbookiscomposedof12chapters.Eachofthefirsteightchapterscoversadomain,withavarietyofquestionsthatcanhelpyoutestyourknowledgeofreal-world,scenario,andbest-practicesecurityknowledge.Thefinalfourchaptersarecompletepracticeexamsthatcanserveastimedpracticeteststohelpdeterminewhetheryou'rereadyfortheCISSPexam.Werecommendtakingthefirstpracticeexamtohelpidentifywhereyoumayneedtospendmorestudytimeandthenusingthedomain-specificchapterstotestyourdomainknowledgewhereitisweak.Onceyou'reready,taketheotherpracticeexamstomakesureyou'vecoveredallthematerialandarereadytoattempttheCISSPexam.UsingtheOnlinePracticeTestsAllthequestionsinthisbookarealsoavailableinSybex’sonlinepracticetesttool.Togetaccesstothisonlineformat,gotowww.wiley.com/go/sybextestprepandstartbyregisteringyourbook.You'llreceiveaPINcodeandinstructionsonwheretocreateanonlinetestbankaccount.Onceyouhaveaccess,youcanusetheonlineversiontocreateyourownsetsofpracticetestsfromthebookquestionsandpracticeinatimedandgradedsetting.Study
Page 23 of 31
CISSP Official Practice Tests (2021) - Page 23 preview imageT=StudyX
Page 24 of 31
CISSP Official Practice Tests (2021) - Page 24 preview imageChapterSecurityandRiskl(Domain1)SUBDOMAINS1.1Understand,adhereto,andpromoteprofessionalethics12Understandandapplysecurityconcepts1.3Evaluateandapplysecuritygovernanceprinciples1.4Determinecomplianceandotherrequirements1.5Understandlegalandregulatoryissuesthatpertaintoinformationsecurityinaholisticcontext1.6Understandrequirementsforinvestigationtypes(i.e.,administrative,criminal,civil,regulatory,industrystandards)1.7Develop,document,andimplementsecuritypolicy,standards,procedures,andguidelines1.8Identify,analyze,andprioritizeBusinessContinuity(BC)requirements1.9Contributetoandenforcepersonnelsecuritypoliciesandprocedures110Understandandapplyriskmanagementconcepts1.11Understandandapplythreatmodelingconceptsandmethodologies1.12ApplySupplyChainRiskManagement(SCRM)concepts1.13Establishandmaintainasecurityawareness,education,andtrainingprogram1StudyX
Page 25 of 31
CISSP Official Practice Tests (2021) - Page 25 preview image2Chapter1=SecurityandRiskManagement(Domain1)1.Alyssaisresponsibleforherorganization’ssecurityawarenessprogram.Sheisconcernedthatchangesintechnologymaymakethecontentoutdated.Whatcontrolcansheputinplacetoprotectagainstthisrisk?A.GamificationB.Computer-basedtrainingC.ContentreviewsD.Livetraining2.Gaviniscreatingareporttomanagementontheresultsofhismostrecentriskassessment.Inhisreport,hewouldliketoidentifytheremaininglevelofrisktotheorganizationafteradoptingsecuritycontrols.Whattermbestdescribesthiscurrentlevelofrisk?A.InherentriskB.ResidualriskC.ControlriskD.Mitigatedrisk3.FrancineisasecurityspecialistforanonlineserviceproviderintheUnitedStates.Sherecentlyreceivedaclaimfromacopyrightholderthatauserisstoringinformationonherservicethatviolatesthethirdparty’scopyright.WhatlawgovernstheactionsthatFrancinemusttake?A.CopyrightActB.LanhamActC.DigitalMillenniumCopyrightActD.GrammLeachBlileyAct4.FlyAwayTravelhasofficesinboththeEuropeanUnion(EU)andtheUnitedStatesandtransferspersonalinformationbetweenthoseofficesregularly.TheyhaverecentlyreceivedarequestfromanEUcustomerrequestingthattheiraccountbeterminated.UndertheGeneralDataProtectionRegulation(GDPR),whichrequirementforprocessingpersonalinformationstatesthatindividualsmayrequestthattheirdatanolongerbedisseminatedorprocessed?A.TherighttoaccessB.PrivacybydesignC.TherighttobeforgottenD.Therightofdataportability5.Afterconductingaqualitativeriskassessmentofherorganization,Sallyrecommendspurchasingcybersecuritybreachinsurance.Whattypeofriskresponsebehaviorissherecommending?A.AcceptB.TransferC.ReduceD.RejectStudy
Page 26 of 31
CISSP Official Practice Tests (2021) - Page 26 preview imageChapter1=SecurityandRiskManagement(Domain1)36.WhichoneofthefollowingelementsofinformationisnotconsideredpersonallyidentifiableinformationthatwouldtriggermostUnitedStates(U.S.)statedatabreachlaws?A.StudentidentificationnumberB.SocialSecuritynumberC.Driver'slicensenumberD.Creditcardnumber7.Reneeisspeakingtoherboardofdirectorsabouttheirresponsibilitiestoreviewcyberse-curitycontrols.Whatrulerequiresthatseniorexecutivestakepersonalresponsibilityforinformationsecuritymatters?A.DuediligenceruleB.PersonalliabilityruleC.PrudentmanruleD.Dueprocessrule8.Henryrecentlyassistedoneofhisco-workersinpreparingfortheCISSPexam.Duringthisprocess,Henrydisclosedconfidentialinformationaboutthecontentoftheexam,inviolationofCanonIVoftheCodeofEthics:“Advanceandprotecttheprofession.”WhomaybringethicschargesagainstHenryforthisviolation?A.Anyonemaybringcharges.B.Anycertifiedorlicensedprofessionalmaybringcharges.C.OnlyHenry'semployermaybringcharges.D.Onlytheaffectedemployeemaybringcharges.9.WandaisworkingwithoneofherorganizationsEuropeanUnionbusinesspartnerstofacil-itatetheexchangeofcustomerinformation.Wanda’sorganizationislocatedintheUnitedStates.WhatwouldbethebestmethodforWandatousetoensureGDPRcompliance?A.BindingcorporaterulesB.PrivacyShieldC.StandardcontractualclausesD.Safeharbor10.Yolandaisthechiefprivacyofficerforafinancialinstitutionandisresearchingprivacyrequirementsrelatedtocustomercheckingaccounts.Whichoneofthefollowinglawsismostlikelytoapplytothissituation?A.GLBAB.SOXC.HIPAAD.FERPAStudy
Page 27 of 31
CISSP Official Practice Tests (2021) - Page 27 preview image4Chapter1=SecurityandRiskManagement(Domain1)11.Tim’sorganizationrecentlyreceivedacontracttoconductsponsoredresearchasagovernmentcontractor.Whatlawnowlikelyappliestotheinformationsystemsinvolvedinthiscontract?A.FISMAB.PCIDSSC.HIPAAD.GISRA12.Chrisisadvisingtravelersfromhisorganizationwhowillbevisitingmanydifferentcountriesoverseas.Heisconcernedaboutcompliancewithexportcontrollaws.Whichofthefollow-ingtechnologiesismostlikelytotriggertheseregulations?A.MemorychipsB.OfficeproductivityapplicationsC.HarddrivesD.Encryptionsoftware13.Bobbiisinvestigatingasecurityincidentanddiscoversthatanattackerbeganwithanormaluseraccountbutmanagedtoexploitasystemvulnerabilitytoprovidethataccountwithadministrativerights.WhattypeofattacktookplaceundertheSTRIDEthreatmodel?A.SpoofingB.RepudiationC.TamperingD.Elevationofprivilege14.Youarecompletingyourbusinesscontinuityplanningeffortandhavedecidedthatyouwanttoacceptoneoftherisks.Whatshouldyoudonext?A.Implementnewsecuritycontrolstoreducetherisklevel.B.Designadisasterrecoveryplan.C.Repeatthebusinessimpactassessment.D.Documentyourdecision-makingprocess.15.Youarecompletingareviewofthecontrolsusedtoprotectamediastoragefacilityinyourorganizationandwouldliketoproperlycategorizeeachcontrolthatiscurrentlyinplace.Whichofthefollowingcontrolcategoriesaccuratelydescribeafencearoundafacility?(Selectallthatapply.)A.PhysicalB.DetectiveC.DeterrentD.PreventiveStudy
Page 28 of 31
CISSP Official Practice Tests (2021) - Page 28 preview imageChapter1=SecurityandRiskManagement(Domain1)516.Tonyisdevelopingabusinesscontinuityplanandishavingdifficultyprioritizingresourcesbecauseofthedifficultyofcombininginformationabouttangibleandintangibleassets.Whatwouldbethemosteffectiveriskassessmentapproachforhimtouse?A.QuantitativeriskassessmentB.QualitativeriskassessmentC.NeitherquantitativenorqualitativeriskassessmentD.Combinationofquantitativeandqualitativeriskassessment17.Vincentbelievesthataformeremployeetooktradesecretinformationfromhisfirmandbroughtitwithhimtoacompetitor.Hewantstopursuelegalaction.Underwhatlawcouldhepursuecharges?A.CopyrightlawB.LanhamActC.Glass-SteagallActD.EconomicEspionageAct18.Whichoneofthefollowingprinciplesimposesastandardofcareuponanindividualthatisbroadandequivalenttowhatonewouldexpectfromareasonablepersonunderthecir-cumstances?A.DuediligenceB.SeparationofdutiesC.DuecareD.Leastprivilege19.Brenda'sorganizationrecentlycompletedtheacquisitionofacompetitorfirm.WhichoneofthefollowingtaskswouldbeLEASTlikelytobepartoftheorganizationalprocessesaddressedduringtheacquisition?A.ConsolidationofsecurityfunctionsB.IntegrationofsecuritytoolsC.ProtectionofintellectualpropertyD.Documentationofsecuritypolicies20.Kellybelievesthatanemployeeengagedintheunauthorizeduseofcomputingresourcesforasidebusiness.Afterconsultingwithmanagement,shedecidestolaunchanadministrativeinvestigation.Whatistheburdenofproofthatshemustmeetinthisinvestigation?A.PreponderanceoftheevidenceB.BeyondareasonabledoubtC.BeyondtheshadowofadoubtD.ThereisnostandardStudy
Page 29 of 31
CISSP Official Practice Tests (2021) - Page 29 preview image6Chapter1=SecurityandRiskManagement(Domain1)21.KeenanSystemsrecentlydevelopedanewmanufacturingprocessformicroprocessors.Thecompanywantstolicensethetechnologytoothercompaniesforusebutwantstopreventunauthorizeduseofthetechnology.Whattypeofintellectualpropertyprotectionisbestsuitedforthissituation?A.PatentB.TradesecretC.CopyrightD.Trademark22.Whichoneofthefollowingactionsmightbetakenaspartofabusinesscontinuityplan?A.RestoringfrombackuptapesB.ImplementingRAIDC.RelocatingtoacoldsiteD.Restartingbusinessoperations23.Whendevelopingabusinessimpactanalysis,theteamshouldfirstcreatealistofassets.Whatshouldhappennext?A.Identifyvulnerabilitiesineachasset.B.Determinetherisksfacingtheasset.C.Developavalueforeachasset.D.Identifythreatsfacingeachasset.24.Mikerecentlyimplementedanintrusionpreventionsystemdesignedtoblockcommonnetworkattacksfromaffectinghisorganization.WhattypeofriskmanagementstrategyisMikepursuing?A.RiskacceptanceB.RiskavoidanceC.RiskmitigationD.Risktransference25.LaurahasbeenaskedtoperformanSCA.Whattypeoforganizationisshemostlikelyin?A.HighereducationB.BankingC.GovernmentD.Healthcare26.Carlisafederalagentinvestigatingacomputercrimecase.Heidentifiedanattackerwhoengagedinillegalconductandwantstopursueacaseagainstthatindividualthatwillleadtoimprisonment.WhatstandardofproofmustCarlmeet?A.BeyondtheshadowofadoubtB.Preponderanceoftheevidence
Page 30 of 31
CISSP Official Practice Tests (2021) - Page 30 preview imageChapter1=SecurityandRiskManagement(Domain1)7C.BeyondareasonabledoubtD.Majorityoftheevidence27.TheInternationalInformationSystemsSecurityCertificationConsortiumusesthelogoshownheretorepresentitselfonlineandinavarietyofforums.Whattypeofintellectualpropertyprotectionmayitusetoprotectitsrightsinthislogo?A.CopyrightB.PatentC.TradesecretD.Trademark28.Maryishelpingacomputeruserwhoseesthefollowingmessageappearonhiscomputerscreen.Whattypeofattackhasoccurred?Study
Page 31 of 31
CISSP Official Practice Tests (2021) - Page 31 preview image8Chapter1=SecurityandRiskManagement(Domain1)A.AvailabilityB.ConfidentialityC.DisclosureD.Distributed29.WhichoneofthefollowingorganizationswouldnotbeautomaticallysubjecttotheprivacyandsecurityrequirementsofHIPAAiftheyengageinelectronictransactions?A.HealthcareproviderB.HealthandfitnessapplicationdeveloperC.HealthinformationclearinghouseD.Healthinsuranceplan30.John’snetworkbeginstoexperiencesymptomsofslowness.Uponinvestigation,herealizesthatthenetworkisbeingbombardedwithTCPSYNpacketsandbelievesthathisorgani-zationisthevictimofadenial-of-serviceattack.Whatprincipleofinformationsecurityisbeingviolated?A.AvailabilityB.IntegrityC.ConfidentialityD.Denial31.Reneeisdesigningthelong-termsecurityplanforherorganizationandhasathree-tofive-yearplanninghorizon.Herprimarygoalistoalignthesecurityfunctionwiththebroaderplansandobjectivesofthebusiness.Whattypeofplanisshedeveloping?A.OperationalB.TacticalC.SummaryD.Strategic32.Ginaisworkingtoprotectalogothathercompanywilluseforanewproducttheyarelaunching.Shehasquestionsabouttheintellectualpropertyprotectionprocessforthislogo.WhatU.S.governmentagencywouldbebestabletoanswerherquestions?A.USPTOB.LibraryofCongressC.NSAD.NIST33.TheAcmeWidgetsCompanyisputtingnewcontrolsinplaceforitsaccountingdepartment.Managementisconcernedthatarogueaccountantmaybeabletocreateanewfalsevendorandthenissuecheckstothatvendoraspaymentforservicesthatwereneverrendered.Whatsecuritycontrolcanbesthelppreventthissituation?A.MandatoryvacationB.SeparationofdutiesC.DefenseindepthD.JobrotationStudy
Preview Mode

This document has 499 pages. Sign in to access the full document!

Study Now!

X-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

Subject
Certified Information Systems Security Professional

Related Documents

View all
Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition (2024)

4.2
00
Certification Guides

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024)

4.4
00
Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide and Practice Tests (2024)

4.2
00
Certification Guides

Official ISC2 Guide to the CISSP CBK (2019)

4.5
40
Certification Guides

The Official ISC2 CISSP CBK Reference (2021)

4.7
53
Certification Guides

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021)

4.1
109
Certification Guides

CISSP All-in-One Exam Guide (2021)

4.6
145
Certification Guides

All in One CISSP Exam Guide (2022)

5.0
143
Certification Guides

CISSP Official Study Guide (2021)

4.7
143
Certification Guides

CISSP Cert Guide (2022)

4.6
148