CramX Logo
RegisterLog in

CISSP Official Practice Tests (2021)

CISSP Official Practice Tests (2021) is your shortcut to certification success—start preparing today!

Emma Thompson
Contributor
4.6
109
about 1 year ago
Preview (31 of 499 Pages)
100%
Log in to unlock

Page 1

CISSP Official Practice Tests (2021) - Page 1 preview image

Loading page ...

T=StudyX

Page 2

CISSP Official Practice Tests (2021) - Page 2 preview image

Loading page ...

DownloadedfromStudyXY.com&+StudyXY~~as.aTBStudyaAnythingThisContentHasbeenPostedOnStudyXY.comassupplementarylearningmaterial.StudyXYdoesnotendroseanyuniversity,collegeorpublisher.Allmaterialspostedareundertheliabilityofthecontributors.wv6)www.studyxy.coimn

Page 3

CISSP Official Practice Tests (2021) - Page 3 preview image

Loading page ...

T=StudyX

Page 4

CISSP Official Practice Tests (2021) - Page 4 preview image

Loading page ...

CISSP®CertifiedInformationSystemsSecurityProfessionalThirdEdition

Page 5

CISSP Official Practice Tests (2021) - Page 5 preview image

Loading page ...

T=StudyX

Page 6

CISSP Official Practice Tests (2021) - Page 6 preview image

Loading page ...

CISSP®CertifiedInformationSystemsSecurityProfessionalThirdEditionMikeChapple,CISSPDavidSeidl,CISSP

Page 7

CISSP Official Practice Tests (2021) - Page 7 preview image

Loading page ...

Copyright©2021byJohnWiley&Sons,Inc.AllrightsreservedPublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJerseyPublishedsimultaneouslyinCanadaandtheUnitedKingdomISBN:978-1-119-78763-1ISBN:978-1-119-79315-1(ebk.)ISBN:978-1-119-78764-8(ebk.)Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)646-8600.RequeststothePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201)748-6008,oronlineatwww.wiley.com/go/permissions.LimitofLiability/DisclaimerofWarranty:Whilethepublisherandauthorhaveusedtheirbesteffortsinpreparingthisbook,theymakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisbookandspecificallydisclaimanyimpliedwarrantiesofmerchantabilityorfitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesrepresentativesorwrittensalesmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforyoursituation.Youshouldconsultwithaprofessionalwhereappropriate.Neitherthepublishernorauthorshallbeliableforanylossofprofitoranyothercommercialdamages,includingbutnotlimitedtospecial,incidental,consequential,orotherdamages.Forgeneralinformationonourotherproductsandservicesortoobtaintechnicalsupport,pleasecontactourCustomerCareDepartmentwithintheU.S.at(877)762-2974,outsidetheU.S.at(317)572-3993orfax(317)572-4002.Wileyalsopublishesitsbooksinavarietyofelectronicformats.Somecontentthatappearsinprintmaynotbeavailableinelectronicformats.FormoreinformationaboutWileyproducts,visitourwebsiteatwww.wiley.com.LibraryofCongressControlNumber:2021935480TRADEMARKS:WILEYandtheWileylogoaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc.and/oritsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwrittenpermission.(ISC)*andCISSPareregisteredtrademarksofInternationalInformationSystemsSecurityCertificationConsortium,Inc.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnotassociatedwithanyproductorvendormentionedinthisbook.Coverimage(s):©GettyImagesInc./JeremyWoodhouseCoverdesign:WileyStudy

Page 8

CISSP Official Practice Tests (2021) - Page 8 preview image

Loading page ...

AcknowledgmentsTheauthorswouldliketothankthemanypeoplewhomadethisbookpossible.JimMinatelatWileyPublishinghelpedusextendtheSybexCISSPfranchisetoincludethistitleandhascontinuedtochampionwiththeInternationalInformationSystemsSecurityCertificationConsortium(ISC)*.CaroleJelen,ouragent,tacklesalltheback-endmagicforourwritingeffortsandworkedonboththelogisticaldetailsandthebusinesssideofthebookwithherusualgraceandcommitmenttoexcellence.BenMalisowandJerryRayome,ourtechnicaleditors,pointedoutmanyopportunitiestoimproveourworkanddeliverahigh-qualityfinalproduct.CarolineDefineservedasourprojectmanagerandmadesureeverythingfittogether.Manyotherpeoplewe'llnevermeetworkedbehindthescenestomakethisbookasuccess,andwereallyappreciatetheirtimeandtalentstomakethisnexteditioncometogether.

Page 9

CISSP Official Practice Tests (2021) - Page 9 preview image

Loading page ...

T=StudyX

Page 10

CISSP Official Practice Tests (2021) - Page 10 preview image

Loading page ...

AbouttheAuthorsMikeChapple,PhD,CISSP,isanauthorofthebest-sellingCISSP(ISC)*CertifiedInformationSystemsSecurityProfessionalOfficialStudyGuide(Sybex,2021),nowinitsninthedition.Heisaninformationsecurityprofessionalwithtwodecadesofexperienceinhighereducation,theprivatesector,andgovernment.MikecurrentlyservesasTeachingProfessorofIT,Analytics,andOperationsattheUniversityofNotreDame’sMendozaCollegeofBusiness.HepreviouslyservedasSeniorDirectorforITServiceDeliveryatNotreDame,whereheoversawtheinformationsecu-rity,datagovernance,ITarchitecture,projectmanagement,strategicplanning,andproductmanagementfunctionsfortheuniversity.BeforereturningtoNotreDame,MikeservedasExecutiveVicePresidentandChiefInformationOfficeroftheBrandInstitute,aMiami-basedmarketingconsultancy.MikealsospentfouryearsintheinformationsecurityresearchgroupattheNationalSecurityAgencyandservedasanactivedutyintelligenceofficerintheU.S.AirForce.HeisatechnicaleditorforInformationSecurityMagazineandhaswritten20books,includingCyberwarfare:InformationOperationsinaConnectedWorld(Jones&Bartlett,2015),CompTIASecurity+TrainingKit(MicrosoftPress,2013),andCompTIACybersecu-rityAnalyst+(CySA+)StudyGuide(Wiley,2017)andPracticeTests(Wiley,2018).MikeearnedbothhisBSandPhDdegreesfromNotreDameincomputerscienceandengineering.HealsoholdsanMSincomputersciencefromtheUniversityofIdahoandanMBAfromAuburnUniversity.HisITcertificationsincludetheCISSP,Security+,CySA+,CISA,PenTest+,CIPP/US,CISM,CCSP,andPMPcredentials.Mikeprovidesbooks,video-basedtraining,andfreestudygroupsforawidevarietyofITcertificationsathiswebsite,CertMike.com.DavidSeidl,CISSP,isVicePresidentforInformationTechnologyandCIOatMiamiUni-versity.DuringhisITcareer,hehasservedinavarietyoftechnicalandinformationsecurityrolesincludingservingattheSeniorDirectorforCampusTechnologyServicesattheUni-versityofNotreDamewhereheco-ledNotreDame’smovetothecloud,andoversawcloudoperations,ERP,databases,identitymanagement,andabroadrangeofothertechnologiesandservice.HealsoservedasNotreDame’sDirectorofInformationSecurityandledNotreDame’sinformationsecurityprogram.HehastaughtinformationsecurityandnetworkingundergraduatecoursesasaninstructorforNotreDame’sMendozaCollegeofBusinessandhaswrittenbooksonsecuritycertificationandcyberwarfare,includingco-authoringthepreviouseditionsofCISSP(ISC)*OfficialPracticeTests(Sybex2018)aswellasCompTIACySA+StudyGuide:ExamCS0-002,CompTIACySA+PracticeTests:ExamCS0-002,CompTIASecurity+StudyGuide:Exam$Y0-601,andCompTIASecurity+PracticeTests:ExamSY0-601aswellasothercertificationguidesandbooksoninformationsecurity.Davidholdsabachelor’sdegreeincommunicationtechnologyandamaster’sdegreeininformationsecurityfromEasternMichiganUniversity,aswellasCISSP,CySA+,Pentest+,GPEN,andGCIHcertifications.

Page 11

CISSP Official Practice Tests (2021) - Page 11 preview image

Loading page ...

T=StudyX

Page 12

CISSP Official Practice Tests (2021) - Page 12 preview image

Loading page ...

AbouttheTechnicalEditorsBenMalisowisaconsultantandwriterwithmorethan25yearsofexperienceinthefieldsofinformation,security,andinformationsecurity.HeteachesSSCP,CISSP,andCCSPprepa-rationcoursesfor(ISC)?andhaswrittentheOfficial(ISC)*CCSPStudyGuideandtheOffi-cial(ISC)?PracticeTestsbooks,amongothertitles;hislatestworksincludeCCSKPracticeTestsandExposed:HowRevealingYourDataandEliminatingPrivacyIncreasesTrustandLiberatesHumanity.HeandhispartnerRobinCabehosttheweeklypodcast,“TheSensuousSoundsofINFOSEC,”fromhiswebsitewww.securityzed.com.JerryRayome,BS/MSComputerScience,CISSP,employedasamemberoftheCyberSecurityProgramatLawrenceLivermoreNationalLaboratoryforover20yearsprovidingcybersecurityservicesthatincludesoftwaredevelopment,penetrativetesting,incidentresponse,firewallimplementation/administration,firewallauditing,honeynetdeployment/monitoring,cyberforensicinvestigations,NIST900-53controlimplementation/assessment,cloudriskassessment,andcloudsecurityauditing.

Page 13

CISSP Official Practice Tests (2021) - Page 13 preview image

Loading page ...

T=StudyX

Page 14

CISSP Official Practice Tests (2021) - Page 14 preview image

Loading page ...

ContentsataGlanceIntroductionxvChapter1SecurityandRiskManagement(Domain1)1Chapter2AssetSecurity(Domain2)25Chapter3SecurityArchitectureandEngineering(Domain3)49Chapter4CommunicationandNetworkSecurity(Domain4)73Chapter5IdentityandAccessManagement(Domain5)97Chapter6SecurityAssessmentandTesting(Domain6)121Chapter7SecurityOperations(Domain7)145Chapter8SoftwareDevelopmentSecurity(Domain8)169Chapter9PracticeTest1195Chapter10PracticeTest2225Chapter11PracticeTest3253Chapter12PracticeTest4283AppendixAnswers31Index457T=Study)

Page 15

CISSP Official Practice Tests (2021) - Page 15 preview image

Loading page ...

T=StudyX

Page 16

CISSP Official Practice Tests (2021) - Page 16 preview image

Loading page ...

ContentsIntroductionxvChapter1SecurityandRiskManagement(Domain1)1Chapter2AssetSecurity(Domain2)25Chapter3SecurityArchitectureandEngineering(Domain3)49Chapter4CommunicationandNetworkSecurity(Domain4)73Chapter5IdentityandAccessManagement(Domain5)97Chapter6SecurityAssessmentandTesting(Domain6)121Chapter7SecurityOperations(Domain7)145Chapter8SoftwareDevelopmentSecurity(Domain8)169Chapter9PracticeTest1195Chapter10PracticeTest2225Chapter11PracticeTest3253Chapter12PracticeTest4283AppendixAnswers311Chapter1:SecurityandRiskManagement(Domain1)312Chapter2:AssetSecurity(Domain2)321Chapter3:SecurityArchitectureandEngineering(Domain3)333Chapter4:CommunicationandNetworkSecurity(Domain4)342Chapter5:IdentityandAccessManagement(Domain5)353Chapter6:SecurityAssessmentandTesting(Domain6)365Chapter7:SecurityOperations(Domain7)377Chapter8:SoftwareDevelopmentSecurity(Domain8)389Chapter9:PracticeTest1400Chapter10:PracticeTest2414Chapter11:PracticeTest3428Chapter12:PracticeTest4441Index457T=StudyX

Page 17

CISSP Official Practice Tests (2021) - Page 17 preview image

Loading page ...

T=StudyX

Page 18

CISSP Official Practice Tests (2021) - Page 18 preview image

Loading page ...

Introduction(ISC)*®CISSP®CertifiedInformationSystemsSecurityProfessionalOfficialPracticeTestsisacompanionvolumeto(ISC)*CISSPCertifiedInformationSystemsSecurityProfessionalOfficialStudyGuide.ItincludesquestionsthatcovercontentfromtheCISSPDetailedContentOutlineandexamthatbecameeffectiveonMay1,2021.Ifyou'relookingtotestyourknowledgebeforeyoutaketheCISSPexam,thisbookwillhelpyoubyprovidingmorethan1,300questionsthatcovertheCISSPCommonBodyofKnowledgeandeasy-to-under-standexplanationsofbothrightandwronganswers.Ifyou'rejuststartingtopreparefortheCISSPexam,wehighlyrecommendthatyouuse(ISG)?CISSPCertifiedInformationSystemsSecurityProfessionalOfficialStudyGuidetohelpyoulearnabouteachofthedomainscoveredbytheCISSPexam.Onceyou'rereadytotestyourknowledge,usethisbooktohelpfindplaceswhereyoumayneedtostudymoreortopracticefortheexamitself.SincethisisacompaniontoCISSPStudyGuide,thisbookisdesignedtobesimilartotakingtheCISSPexam.Itcontainsmultipartscenariosaswellasstandardmultiple-choiceandmatchingquestionssimilartothoseyoumayencounteronthecertificationexam.Thebookisbrokenupinto12chapters:8domain-centricchapterswith100ormorequestionsabouteachdomain,and4chaptersthatcontain125-questionpracticeteststosimulatetak-ingtheexam.CISSPCertificationTheCISSPcertificationisofferedbytheInternationalInformationSystemSecurityCertificationConsortium,or(ISC)?,aglobalnonprofitorganization.Themissionof(ISC)*istosupportandprovidemembersandconstituentswithcredentials,resources,andleader-shiptoaddresscyber,information,software,andinfrastructuresecuritytodelivervaluetosociety.(ISC)*achievesthismissionbydeliveringtheworld’sleadinginformationsecuritycertificationprogram,theCISSP.(ISC)?*alsoofferedfiveadditionalcertificationsincluding:(ISC)*alsoofferedfiveadditionalcertificationsincluding:=SystemsSecurityCertifiedPractitioner(SSCP)=CertifiedAuthorizationProfessional(CAP)=CertifiedSecureSoftwareLifecycleProfessional(CSSLP)=HealthCareInformationSecurityandPrivacyPractitioner(HCISPP)=CertifiedCloudSecurityProfessional(CSP)Study

Page 19

CISSP Official Practice Tests (2021) - Page 19 preview image

Loading page ...

xviIntroductionTherearealsothreeadvancedCISSPcertificationsforthosewhowanttomoveonfromthebasecredentialtodemonstrateadvancedexpertiseinadomainofinformationsecurity.=InformationSystemsSecurityArchitectureProfessional(CISSP-ISSAP)=InformationSystemsSecurityEngineeringProfessional(CISSP-ISSEP)=InformationSystemsSecurityManagementProfessional(CISSP-ISSMP)TheCISSPcertificationcoverseightdomainsofinformationsecurityknowledge.Thesedomainsaremeanttoserveasthebroadknowledgefoundationrequiredtosucceedintheinformationsecurityprofession.=SecurityandRiskManagement=AssetSecurity=SecurityArchitectureandEngineering=CommunicationandNetworkSecurity=IdentityandAccessManagement(IAM)=SecurityAssessmentandTesting=SecurityOperations=SoftwareDevelopmentSecurityTheCISSPdomainsareperiodicallyupdatedby(ISC)%.ThemostrecentrevisionMay1,2021slightlymodifiedtheweightingforCommunicationandNetworksecurityfrom14percentto13percentwhileincreasingthefocusonSoftwareDevelopmentSecurityfrom10percentto11percent.Italsoaddedorexpandedcoverageoftopicssuchasthedatamanagementlifecycle,microservices,containerization,serverlesscomputing,quantumcom-puting,5Gnetworking,andmodernsecuritycontrols.CompletedetailsontheCISSPCommonBodyofKnowledge(CBK)arecontainedintheExamOutline.Itincludesafulloutlineofexamtopics,canbefoundonthe(ISC)>websiteatwww.isc2.org.TakingtheCISSPExamTheEnglishversionoftheCISSPexamusesatechnologycalledcomputeradaptivetesting(CAT).Withthisformat,youwillfaceanexamcontainingbetween100to150questionswithathree-hourtimelimit.Youwillnothavetheopportunitytoskipbackandforthbecausethecomputerselectsthenextquestionsthatitasksyoubaseduponyouranswerstopreviousquestions.Ifyou'redoingwellontheexam,itwillgetmoredifficultasyouprogress.Don’tletthatunnerveyou!OtherversionsoftheexaminFrench,German,BrazilianPortuguese,Spanish,Japanese,SimplifiedChinese,andKoreanuseatraditionallinearformat.ThelinearformatexamStudy

Page 20

CISSP Official Practice Tests (2021) - Page 20 preview image

Loading page ...

Introductionxviiincludes250questionswithasix-hourtimelimit.Foreitherversionoftheexam,passingrequiresachievingascoreofatleast700outof1,000points.It’simportanttounderstandthatthisisascaledscore,meaningthatnoteveryquestionisworththesamenumberofpoints.Questionsofdifferingdifficultymayfactorintoyourscoremoreorlessheavily,andadaptiveexamsadjusttothetesttaker.Thatsaid,asyouworkthroughthesepracticeexams,youmightwanttouse70percentasagoaltohelpyougetasenseofwhetheryou’rereadytositfortheactualexam.Whenyou'reready,youcanscheduleanexamatalocationnearyouthroughthe(ISC)*website.QuestionsontheCISSPexamareprovidedinbothmultiple-choiceformandwhat(ISC)*callsadvancedinnovativequestions,whicharedrag-and-dropandhotspotquestions,bothofwhichareofferedincomputer-basedtestingenvironments.Innovativequestionsarescoredthesameastraditionalmultiple-choicequestionsandhaveonlyonerightanswer.-_(ISC)2exampoliciesaresubjecttochange.Pleasebesuretocheckisc2.orgJforthecurrentpoliciesbeforeyouregisterandtaketheexam.Computer-BasedTestingEnvironmentCISSPexamsarenowadministeredinacomputer-basedtesting(CBT)format.You'llregisterfortheexamthroughthePearsonVuewebsiteandmaytaketheexaminthelanguageofyourchoice.ItisofferedinEnglish,French,German,Portuguese,Spanish,Japanese,Simpli-fiedChinese,Korean,andavisuallyimpairedformat.You'lltaketheexaminacomputer-basedtestingcenterlocatednearyourhomeoroffice.Thecentersadministermanydifferentexams,soyoumayfindyourselfsittinginthesameroomasastudenttakingaschoolentranceexaminationandahealthcareprofessionalearn-ingamedicalcertification.Ifyou'dliketobecomemorefamiliarwiththetestingenviron-ment,thePearsonVuewebsiteoffersavirtualtourofatestingcenter.home.pearsonvue.com/test-taker/Pearson-Professional-Center-Tour.aspxWhenyoutaketheexam,you'llbeseatedatacomputerthathastheexamsoftwarealreadyloadedandrunning.It’saprettystraightforwardinterfacethatallowsyoutonav-igatethroughtheexam.YoucandownloadapracticeexamandtutorialfromthePearsonVuewebsite.http://www.vue.com/athena/athena.aspAtthetimethisbookwenttopress,(ISC)?wasconductingapilottestpsTEofat-homecomputer-basedexamsforCISSPcandidatesintheUnitedStates.Itispossiblethatthispilotwillbeextendedtoapermanentprod-uctandmaybecomeavailableinadditionalcountries.Checkthe(ISC)*websiteformoreinformation.

Page 21

CISSP Official Practice Tests (2021) - Page 21 preview image

Loading page ...

xviiiIntroductionExamRetakePolicyIfyoudon’tpasstheCISSPexam,youshouldn’tpanic.Manyindividualsdon’treachthebarontheirfirstattempt,butgainvaluableexperiencethathelpsthemsucceedthesecondtimearound.Whenyouretaketheexam,you'llhavethebenefitoffamiliaritywiththeCBTenvi-ronmentandCISSPexamformat.You’llalsohavetimetostudytheareaswhereyoufeltlessconfident.Afteryourfirstexamattempt,youmustwait30daysbeforeretakingthecomputer-basedexam.Ifyou'renotsuccessfulonthatattempt,youmayre-testafter60days.Ifyoudon'tpassafteryourthirdattempt,youcanre-testafter90daysforthatandanysubsequentattempts.Youcan’ttakethetestmorethan4timeswithinasinglecalendaryear.Youcanobtainmoreinformationabout(ISC)*anditsothercertificationsfromitswebsiteatwww.isc2.org.WorkExperienceRequirementCandidateswhowanttoearntheCISSPcredentialmustnotonlypasstheexambutalsodemonstratethattheyhaveatleastfiveyearsofworkexperienceintheinformationsecurityfield.YourworkexperiencemustcoveractivitiesinatleasttwooftheeightdomainsoftheCISSPprogramandmustbepaid,full-timeemployment.Volunteerexperiencesorpart-timedutiesarenotacceptabletomeettheCISSPexperiencerequirement.Youmaybeeligibletowaiveoneofthefiveyearsoftheworkexperiencerequirementbaseduponyoureducationalachievements.Ifyouholdabachelor’sdegreeorfour-yearequivalent,youmaybeeligibleforadegreewaiverthatcoversoneofthoseyears.Similarly,ifyouholdoneoftheinformationsecuritycertificationsonthecurrent(ISC)?credentialwaiverlist(www.isc2.org/credential_waiver/default.aspx),youmayalsowaiveayearoftheexperiencerequirement.Youmaynotcombinethesetwoprograms.Holdersofbothacertificationandanundergraduatedegreemuststilldemonstrateatleastfouryearsofexperience.Ifyouhaven'tyetcompletedyourworkexperiencerequirement,youmaystillattempttheCISSPexam.IndividualswhopasstheexamaredesignatedAssociatesof(ISC)*andhavesixyearstocompletetheworkexperiencerequirement.RecertificationRequirementsOnceyou'veearnedyourCISSPcredential,you'llneedtomaintainyourcertificationbypayingmaintenancefeesandparticipatingincontinuingprofessionaleducation(CPE).Aslongasyoumaintainyourcertificationingoodstanding,youwillnotneedtoretaketheCISSPexam.

Page 22

CISSP Official Practice Tests (2021) - Page 22 preview image

Loading page ...

IntroductionxixCurrently,theannualmaintenancefeesfortheCISSPcredentialare$125peryear.Thisfeecoverstherenewalforall(ISC)*certificationsheldbyanindividual.TheCISSPCPErequirementmandatesearningatleast120CPEcreditsduringeachthree-yearrenewalcycle.Associatesof(ISC)*mustearnatleast15CPEcreditseachyear.(ISC)*providesanonlineportalwherecertificateholdersmaysubmitCPEcompletionforreviewandapproval.Theportalalsotracksannualmaintenancefeepaymentsandprogresstowardrecertification.UsingThisBooktoPracticeThisbookiscomposedof12chapters.Eachofthefirsteightchapterscoversadomain,withavarietyofquestionsthatcanhelpyoutestyourknowledgeofreal-world,scenario,andbest-practicesecurityknowledge.Thefinalfourchaptersarecompletepracticeexamsthatcanserveastimedpracticeteststohelpdeterminewhetheryou'rereadyfortheCISSPexam.Werecommendtakingthefirstpracticeexamtohelpidentifywhereyoumayneedtospendmorestudytimeandthenusingthedomain-specificchapterstotestyourdomainknowledgewhereitisweak.Onceyou'reready,taketheotherpracticeexamstomakesureyou'vecoveredallthematerialandarereadytoattempttheCISSPexam.UsingtheOnlinePracticeTestsAllthequestionsinthisbookarealsoavailableinSybex’sonlinepracticetesttool.Togetaccesstothisonlineformat,gotowww.wiley.com/go/sybextestprepandstartbyregisteringyourbook.You'llreceiveaPINcodeandinstructionsonwheretocreateanonlinetestbankaccount.Onceyouhaveaccess,youcanusetheonlineversiontocreateyourownsetsofpracticetestsfromthebookquestionsandpracticeinatimedandgradedsetting.Study

Page 23

CISSP Official Practice Tests (2021) - Page 23 preview image

Loading page ...

T=StudyX

Page 24

CISSP Official Practice Tests (2021) - Page 24 preview image

Loading page ...

ChapterSecurityandRiskl(Domain1)SUBDOMAINS1.1Understand,adhereto,andpromoteprofessionalethics12Understandandapplysecurityconcepts1.3Evaluateandapplysecuritygovernanceprinciples1.4Determinecomplianceandotherrequirements1.5Understandlegalandregulatoryissuesthatpertaintoinformationsecurityinaholisticcontext1.6Understandrequirementsforinvestigationtypes(i.e.,administrative,criminal,civil,regulatory,industrystandards)1.7Develop,document,andimplementsecuritypolicy,standards,procedures,andguidelines1.8Identify,analyze,andprioritizeBusinessContinuity(BC)requirements1.9Contributetoandenforcepersonnelsecuritypoliciesandprocedures110Understandandapplyriskmanagementconcepts1.11Understandandapplythreatmodelingconceptsandmethodologies1.12ApplySupplyChainRiskManagement(SCRM)concepts1.13Establishandmaintainasecurityawareness,education,andtrainingprogram1StudyX

Page 25

CISSP Official Practice Tests (2021) - Page 25 preview image

Loading page ...

2Chapter1=SecurityandRiskManagement(Domain1)1.Alyssaisresponsibleforherorganization’ssecurityawarenessprogram.Sheisconcernedthatchangesintechnologymaymakethecontentoutdated.Whatcontrolcansheputinplacetoprotectagainstthisrisk?A.GamificationB.Computer-basedtrainingC.ContentreviewsD.Livetraining2.Gaviniscreatingareporttomanagementontheresultsofhismostrecentriskassessment.Inhisreport,hewouldliketoidentifytheremaininglevelofrisktotheorganizationafteradoptingsecuritycontrols.Whattermbestdescribesthiscurrentlevelofrisk?A.InherentriskB.ResidualriskC.ControlriskD.Mitigatedrisk3.FrancineisasecurityspecialistforanonlineserviceproviderintheUnitedStates.Sherecentlyreceivedaclaimfromacopyrightholderthatauserisstoringinformationonherservicethatviolatesthethirdparty’scopyright.WhatlawgovernstheactionsthatFrancinemusttake?A.CopyrightActB.LanhamActC.DigitalMillenniumCopyrightActD.GrammLeachBlileyAct4.FlyAwayTravelhasofficesinboththeEuropeanUnion(EU)andtheUnitedStatesandtransferspersonalinformationbetweenthoseofficesregularly.TheyhaverecentlyreceivedarequestfromanEUcustomerrequestingthattheiraccountbeterminated.UndertheGeneralDataProtectionRegulation(GDPR),whichrequirementforprocessingpersonalinformationstatesthatindividualsmayrequestthattheirdatanolongerbedisseminatedorprocessed?A.TherighttoaccessB.PrivacybydesignC.TherighttobeforgottenD.Therightofdataportability5.Afterconductingaqualitativeriskassessmentofherorganization,Sallyrecommendspurchasingcybersecuritybreachinsurance.Whattypeofriskresponsebehaviorissherecommending?A.AcceptB.TransferC.ReduceD.RejectStudy

Page 26

CISSP Official Practice Tests (2021) - Page 26 preview image

Loading page ...

Chapter1=SecurityandRiskManagement(Domain1)36.WhichoneofthefollowingelementsofinformationisnotconsideredpersonallyidentifiableinformationthatwouldtriggermostUnitedStates(U.S.)statedatabreachlaws?A.StudentidentificationnumberB.SocialSecuritynumberC.Driver'slicensenumberD.Creditcardnumber7.Reneeisspeakingtoherboardofdirectorsabouttheirresponsibilitiestoreviewcyberse-curitycontrols.Whatrulerequiresthatseniorexecutivestakepersonalresponsibilityforinformationsecuritymatters?A.DuediligenceruleB.PersonalliabilityruleC.PrudentmanruleD.Dueprocessrule8.Henryrecentlyassistedoneofhisco-workersinpreparingfortheCISSPexam.Duringthisprocess,Henrydisclosedconfidentialinformationaboutthecontentoftheexam,inviolationofCanonIVoftheCodeofEthics:“Advanceandprotecttheprofession.”WhomaybringethicschargesagainstHenryforthisviolation?A.Anyonemaybringcharges.B.Anycertifiedorlicensedprofessionalmaybringcharges.C.OnlyHenry'semployermaybringcharges.D.Onlytheaffectedemployeemaybringcharges.9.WandaisworkingwithoneofherorganizationsEuropeanUnionbusinesspartnerstofacil-itatetheexchangeofcustomerinformation.Wanda’sorganizationislocatedintheUnitedStates.WhatwouldbethebestmethodforWandatousetoensureGDPRcompliance?A.BindingcorporaterulesB.PrivacyShieldC.StandardcontractualclausesD.Safeharbor10.Yolandaisthechiefprivacyofficerforafinancialinstitutionandisresearchingprivacyrequirementsrelatedtocustomercheckingaccounts.Whichoneofthefollowinglawsismostlikelytoapplytothissituation?A.GLBAB.SOXC.HIPAAD.FERPAStudy

Page 27

CISSP Official Practice Tests (2021) - Page 27 preview image

Loading page ...

4Chapter1=SecurityandRiskManagement(Domain1)11.Tim’sorganizationrecentlyreceivedacontracttoconductsponsoredresearchasagovernmentcontractor.Whatlawnowlikelyappliestotheinformationsystemsinvolvedinthiscontract?A.FISMAB.PCIDSSC.HIPAAD.GISRA12.Chrisisadvisingtravelersfromhisorganizationwhowillbevisitingmanydifferentcountriesoverseas.Heisconcernedaboutcompliancewithexportcontrollaws.Whichofthefollow-ingtechnologiesismostlikelytotriggertheseregulations?A.MemorychipsB.OfficeproductivityapplicationsC.HarddrivesD.Encryptionsoftware13.Bobbiisinvestigatingasecurityincidentanddiscoversthatanattackerbeganwithanormaluseraccountbutmanagedtoexploitasystemvulnerabilitytoprovidethataccountwithadministrativerights.WhattypeofattacktookplaceundertheSTRIDEthreatmodel?A.SpoofingB.RepudiationC.TamperingD.Elevationofprivilege14.Youarecompletingyourbusinesscontinuityplanningeffortandhavedecidedthatyouwanttoacceptoneoftherisks.Whatshouldyoudonext?A.Implementnewsecuritycontrolstoreducetherisklevel.B.Designadisasterrecoveryplan.C.Repeatthebusinessimpactassessment.D.Documentyourdecision-makingprocess.15.Youarecompletingareviewofthecontrolsusedtoprotectamediastoragefacilityinyourorganizationandwouldliketoproperlycategorizeeachcontrolthatiscurrentlyinplace.Whichofthefollowingcontrolcategoriesaccuratelydescribeafencearoundafacility?(Selectallthatapply.)A.PhysicalB.DetectiveC.DeterrentD.PreventiveStudy

Page 28

CISSP Official Practice Tests (2021) - Page 28 preview image

Loading page ...

Chapter1=SecurityandRiskManagement(Domain1)516.Tonyisdevelopingabusinesscontinuityplanandishavingdifficultyprioritizingresourcesbecauseofthedifficultyofcombininginformationabouttangibleandintangibleassets.Whatwouldbethemosteffectiveriskassessmentapproachforhimtouse?A.QuantitativeriskassessmentB.QualitativeriskassessmentC.NeitherquantitativenorqualitativeriskassessmentD.Combinationofquantitativeandqualitativeriskassessment17.Vincentbelievesthataformeremployeetooktradesecretinformationfromhisfirmandbroughtitwithhimtoacompetitor.Hewantstopursuelegalaction.Underwhatlawcouldhepursuecharges?A.CopyrightlawB.LanhamActC.Glass-SteagallActD.EconomicEspionageAct18.Whichoneofthefollowingprinciplesimposesastandardofcareuponanindividualthatisbroadandequivalenttowhatonewouldexpectfromareasonablepersonunderthecir-cumstances?A.DuediligenceB.SeparationofdutiesC.DuecareD.Leastprivilege19.Brenda'sorganizationrecentlycompletedtheacquisitionofacompetitorfirm.WhichoneofthefollowingtaskswouldbeLEASTlikelytobepartoftheorganizationalprocessesaddressedduringtheacquisition?A.ConsolidationofsecurityfunctionsB.IntegrationofsecuritytoolsC.ProtectionofintellectualpropertyD.Documentationofsecuritypolicies20.Kellybelievesthatanemployeeengagedintheunauthorizeduseofcomputingresourcesforasidebusiness.Afterconsultingwithmanagement,shedecidestolaunchanadministrativeinvestigation.Whatistheburdenofproofthatshemustmeetinthisinvestigation?A.PreponderanceoftheevidenceB.BeyondareasonabledoubtC.BeyondtheshadowofadoubtD.ThereisnostandardStudy

Page 29

CISSP Official Practice Tests (2021) - Page 29 preview image

Loading page ...

6Chapter1=SecurityandRiskManagement(Domain1)21.KeenanSystemsrecentlydevelopedanewmanufacturingprocessformicroprocessors.Thecompanywantstolicensethetechnologytoothercompaniesforusebutwantstopreventunauthorizeduseofthetechnology.Whattypeofintellectualpropertyprotectionisbestsuitedforthissituation?A.PatentB.TradesecretC.CopyrightD.Trademark22.Whichoneofthefollowingactionsmightbetakenaspartofabusinesscontinuityplan?A.RestoringfrombackuptapesB.ImplementingRAIDC.RelocatingtoacoldsiteD.Restartingbusinessoperations23.Whendevelopingabusinessimpactanalysis,theteamshouldfirstcreatealistofassets.Whatshouldhappennext?A.Identifyvulnerabilitiesineachasset.B.Determinetherisksfacingtheasset.C.Developavalueforeachasset.D.Identifythreatsfacingeachasset.24.Mikerecentlyimplementedanintrusionpreventionsystemdesignedtoblockcommonnetworkattacksfromaffectinghisorganization.WhattypeofriskmanagementstrategyisMikepursuing?A.RiskacceptanceB.RiskavoidanceC.RiskmitigationD.Risktransference25.LaurahasbeenaskedtoperformanSCA.Whattypeoforganizationisshemostlikelyin?A.HighereducationB.BankingC.GovernmentD.Healthcare26.Carlisafederalagentinvestigatingacomputercrimecase.Heidentifiedanattackerwhoengagedinillegalconductandwantstopursueacaseagainstthatindividualthatwillleadtoimprisonment.WhatstandardofproofmustCarlmeet?A.BeyondtheshadowofadoubtB.Preponderanceoftheevidence

Page 30

CISSP Official Practice Tests (2021) - Page 30 preview image

Loading page ...

Chapter1=SecurityandRiskManagement(Domain1)7C.BeyondareasonabledoubtD.Majorityoftheevidence27.TheInternationalInformationSystemsSecurityCertificationConsortiumusesthelogoshownheretorepresentitselfonlineandinavarietyofforums.Whattypeofintellectualpropertyprotectionmayitusetoprotectitsrightsinthislogo?A.CopyrightB.PatentC.TradesecretD.Trademark28.Maryishelpingacomputeruserwhoseesthefollowingmessageappearonhiscomputerscreen.Whattypeofattackhasoccurred?Study

Page 31

CISSP Official Practice Tests (2021) - Page 31 preview image

Loading page ...

8Chapter1=SecurityandRiskManagement(Domain1)A.AvailabilityB.ConfidentialityC.DisclosureD.Distributed29.WhichoneofthefollowingorganizationswouldnotbeautomaticallysubjecttotheprivacyandsecurityrequirementsofHIPAAiftheyengageinelectronictransactions?A.HealthcareproviderB.HealthandfitnessapplicationdeveloperC.HealthinformationclearinghouseD.Healthinsuranceplan30.John’snetworkbeginstoexperiencesymptomsofslowness.Uponinvestigation,herealizesthatthenetworkisbeingbombardedwithTCPSYNpacketsandbelievesthathisorgani-zationisthevictimofadenial-of-serviceattack.Whatprincipleofinformationsecurityisbeingviolated?A.AvailabilityB.IntegrityC.ConfidentialityD.Denial31.Reneeisdesigningthelong-termsecurityplanforherorganizationandhasathree-tofive-yearplanninghorizon.Herprimarygoalistoalignthesecurityfunctionwiththebroaderplansandobjectivesofthebusiness.Whattypeofplanisshedeveloping?A.OperationalB.TacticalC.SummaryD.Strategic32.Ginaisworkingtoprotectalogothathercompanywilluseforanewproducttheyarelaunching.Shehasquestionsabouttheintellectualpropertyprotectionprocessforthislogo.WhatU.S.governmentagencywouldbebestabletoanswerherquestions?A.USPTOB.LibraryofCongressC.NSAD.NIST33.TheAcmeWidgetsCompanyisputtingnewcontrolsinplaceforitsaccountingdepartment.Managementisconcernedthatarogueaccountantmaybeabletocreateanewfalsevendorandthenissuecheckstothatvendoraspaymentforservicesthatwereneverrendered.Whatsecuritycontrolcanbesthelppreventthissituation?A.MandatoryvacationB.SeparationofdutiesC.DefenseindepthD.JobrotationStudy
Preview Mode

This document has 499 pages. Sign in to access the full document!

Study Now!

X-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

Subject
Certified Information Systems Security Professional

Related Documents

View all
Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition (2024)

ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition (2024) is your go-to practice exam, covering essential topics needed for your certification success.

Certification Guides

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024)

Boost your confidence with ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024), a collection of solved certification exam papers for thorough preparation.

Certification Guides

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide and Practice Tests (2024)

Prepare confidently with ISC2 CISSP Certified Information Systems Security Professional Official Study Guide and Practice Tests (2024), offering structured revision tests to reinforce key concepts.

Certification Guides

Official ISC2 Guide to the CISSP CBK (2019)

Official ISC2 Guide to the CISSP CBK (2019) provides detailed explanations to help you understand key concepts.

Certification Guides

The Official ISC2 CISSP CBK Reference (2021)

The Official ISC2 CISSP CBK Reference (2021) helps you master complex topics with simplified explanations.

Certification Guides

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021)

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) makes exam prep stress-free with structured learning.

Certification Guides

CISSP All-in-One Exam Guide (2021)

CISSP All-in-One Exam Guide (2021) ensures you are exam-ready with expert-curated content.

Certification Guides

All in One CISSP Exam Guide (2022)

All in One CISSP Exam Guide (2022) is designed to make certification prep easy and effective.

Certification Guides

CISSP Official Study Guide (2021)

CISSP Official Study Guide (2021) provides detailed explanations to help you understand key concepts.

Certification Guides

CISSP Cert Guide (2022)

CISSP Cert Guide (2022) is your essential resource for acing certification exams with confidence.