ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021)

Preview (31 of 744 Pages)

100%

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 1 preview image

Loading page ...

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 2 preview image

Loading page ...

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 3 preview image

Loading page ...

Table of ContentsCoverTitle PageCopyrightAcknowledgmentsAbout the AuthorsAbout the Technical EditorsIntroductionCISSP CertificationTaking the CISSP ExamComputer-Based Testing EnvironmentExam Retake PolicyWork Experience RequirementRecertification RequirementsUsing This Book to PracticeUsing the Online Practice TestsChapter 1: Security and Risk Management (Domain 1)Chapter 2: Asset Security (Domain 2)Chapter 3: Security Architecture and Engineering (Domain 3)Chapter 4: Communication and Network Security (Domain 4)Chapter 5: Identity and Access Management (Domain 5)Chapter 6: Security Assessment and Testing (Domain 6)Chapter 7: Security Operations (Domain 7)Chapter 8: Software Development Security (Domain 8)Chapter 9: Practice Test 1Chapter 10: Practice Test 2Chapter 11: Practice Test 3Chapter 12: Practice Test 4

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 4 preview image

Loading page ...

Appendix AnswersChapter 1: Security and Risk Management (Domain 1)Chapter 2: Asset Security (Domain 2)Chapter 3: Security Architecture and Engineering (Domain 3)Chapter 4: Communication and Network Security (Domain 4)Chapter 5: Identity and Access Management (Domain 5)Chapter 6: Security Assessment and Testing (Domain 6)Chapter 7: Security Operations (Domain 7)Chapter 8: Software Development Security (Domain 8)Chapter 9: Practice Test 1Chapter 10: Practice Test 2Chapter 11: Practice Test 3Chapter 12: Practice Test 4IndexEnd User License Agreement

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 5 preview image

Loading page ...

(ISC)2®CISSP®Certified InformationSystems Security ProfessionalOfficial Practice TestsThird EditionMike Chapple, CISSPDavid Seidl, CISSP

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 6 preview image

Loading page ...

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 7 preview image

Loading page ...

Copyright © 2021 by John Wiley & Sons, Inc. All rights reservedPublished by John Wiley & Sons, Inc., Hoboken, New JerseyPublished simultaneously in Canada and the United KingdomISBN: 978-1-119-78763-1ISBN: 978-1-119-79315-1 (ebk.)ISBN: 978-1-119-78764-8 (ebk.)No part of this publication may be reproduced, stored in a retrieval system or transmitted inany form or by any means, electronic, mechanical, photocopying, recording, scanning orotherwise, except as permitted under Sections 107 or 108 of the 1976 United States CopyrightAct, without either the prior written permission of the Publisher, or authorization throughpayment of the appropriate per-copy fee to the Copyright Clearance Center, 222 RosewoodDrive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisherfor permission should be addressed to the Permissions Department, John Wiley & Sons, Inc.,111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online atwww.wiley.com/go/permissions.Limit of Liability/Disclaimer of Warranty: While the publisher and author have used theirbest efforts in preparing this book, they make no representations or warranties with respect tothe accuracy or completeness of the contents of this book and specifically disclaim any impliedwarranties of merchantability or fitness for a particular purpose. No warranty may be createdor extended by sales representatives or written sales materials. The advice and strategiescontained herein may not be suitable for your situation. You should consult with aprofessional where appropriate. Neither the publisher nor author shall be liable for any loss ofprofit or any other commercial damages, including but not limited to special, incidental,consequential, or other damages.For general information on our other products and services or to obtain technical support,please contact our Customer Care Department within the U.S. at (877) 762-2974, outside theU.S. at (317) 572-3993 or fax (317) 572-4002.Wiley also publishes its books in a variety of electronic formats. Some content that appears inprint may not be available in electronic formats. For more information about Wiley products,visit our web site atwww.wiley.com.Library of Congress Control Number: 2021935480TRADEMARKS: WILEY and the Wiley logo are trademarks or registered trademarks of JohnWiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may notbe used without written permission. (ISC)2 and CISSP are registered trademarks ofInternational Information Systems Security Certification Consortium, Inc. All othertrademarks are the property of their respective owners. John Wiley & Sons, Inc. is notassociated with any product or vendor mentioned in this book.Cover image(s): © Getty Images Inc./Jeremy WoodhouseCover design: Wiley

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 8 preview image

Loading page ...

AcknowledgmentsThe authors would like to thank the many people who made this bookpossible. Jim Minatel at Wiley Publishing helped us extend the SybexCISSP franchise to include this title and has continued to championwith the International Information Systems Security CertificationConsortium (ISC)2. Carole Jelen, our agent, tackles all the back-endmagic for our writing efforts and worked on both the logistical detailsand the business side of the book with her usual grace andcommitment to excellence. Ben Malisow and Jerry Rayome, ourtechnical editors, pointed out many opportunities to improve our workand deliver a high-quality final product. Caroline Define served as ourproject manager and made sure everything fit together. Many otherpeople we'll never meet worked behind the scenes to make this book asuccess, and we really appreciate their time and talents to make thisnext edition come together.

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 9 preview image

Loading page ...

About the AuthorsMike Chapple, PhD, CISSP,is an author of the best-selling CISSP(ISC)2Certified Information Systems Security Professional OfficialStudy Guide (Sybex, 2021), now in its ninth edition. He is aninformation security professional with two decades of experience inhigher education, the private sector, and government.Mike currently serves as Teaching Professor of IT, Analytics, andOperations at the University of Notre Dame's Mendoza College ofBusiness. He previously served as Senior Director for IT ServiceDelivery at Notre Dame, where he oversaw the information security,data governance, IT architecture, project management, strategicplanning, and product management functions for the university.Before returning to Notre Dame, Mike served as Executive VicePresident and Chief Information Officer of the Brand Institute, aMiami-based marketing consultancy. Mike also spent four years in theinformation security research group at the National Security Agencyand served as an active duty intelligence officer in the U.S. Air Force.He is a technical editor forInformation Security Magazineand haswritten 20 books, includingCyberwarfare: Information Operationsin a Connected World(Jones & Bartlett, 2015),CompTIA Security+Training Kit(Microsoft Press, 2013), andCompTIA CybersecurityAnalyst+ (CySA+) Study Guide(Wiley, 2017) andPractice Tests(Wiley, 2018).Mike earned both his BS and PhD degrees from Notre Dame incomputer science and engineering. He also holds an MS in computerscience from the University of Idaho and an MBA from AuburnUniversity. His IT certifications include the CISSP, Security+, CySA+,CISA, PenTest+, CIPP/US, CISM, CCSP, and PMP credentials.Mike provides books, video-based training, and free study groups for awide variety of IT certifications at his website,CertMike.com.David Seidl, CISSP,is Vice President for Information Technology

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 10 preview image

Loading page ...

and CIO at Miami University. During his IT career, he has served in avariety of technical and information security roles including serving atthe Senior Director for Campus Technology Services at the Universityof Notre Dame where he co-led Notre Dame's move to the cloud, andoversaw cloud operations, ERP, databases, identity management, anda broad range of other technologies and service. He also served asNotre Dame's Director of Information Security and led Notre Dame'sinformation security program. He has taught information security andnetworking undergraduate courses as an instructor for Notre Dame'sMendoza College of Business and has written books on securitycertification and cyberwarfare, including co-authoring the previouseditions ofCISSP (ISC)2Official Practice Tests(Sybex 2018) as well asCompTIA CySA+ Study Guide: Exam CS0-002,CompTIA CySA+Practice Tests: Exam CS0-002,CompTIA Security+ Study Guide:Exam SY0-601, andCompTIA Security+ Practice Tests: Exam SY0-601as well as other certification guides and books on informationsecurity.David holds a bachelor's degree in communication technology and amaster's degree in information security from Eastern MichiganUniversity, as well as CISSP, CySA+, Pentest+, GPEN, and GCIHcertifications.

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 11 preview image

Loading page ...

About the Technical EditorsBen Malisowis a consultant and writer with more than 25 years ofexperience in the fields of information, security, and informationsecurity. He teaches SSCP, CISSP, and CCSP preparation courses for(ISC)2 and has written theOfficial (ISC)2 CCSP Study Guideand theOfficial (ISC)2 Practice Testsbooks, among other titles; his latestworks includeCCSK Practice TestsandExposed: How RevealingYour Data and Eliminating Privacy Increases Trust and LiberatesHumanity. He and his partner Robin Cabe host the weekly podcast,“The Sensuous Sounds of INFOSEC,” from his websitewww.securityzed.com.Jerry Rayome,BS/MS Computer Science, CISSP, employed as amember of the Cyber Security Program at Lawrence LivermoreNational Laboratory for over 20 years providing cyber securityservices that include software development, penetrative testing,incident response, firewall implementation/administration, firewallauditing, honey net deployment/monitoring, cyber forensicinvestigations, NIST 900-53 control implementation/assessment,cloud risk assessment, and cloud security auditing.

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 12 preview image

Loading page ...

Introduction(ISC)2 ®CISSP®Certified Information Systems Security ProfessionalOfficial Practice Testsis a companion volume to(ISC)2CISSPCertified Information Systems Security Professional Official StudyGuide. It includes questions that cover content from the CISSPDetailed Content Outline and exam that became effective on May 1,2021. If you're looking to test your knowledge before you take theCISSP exam, this book will help you by providing more than 1,300questions that cover the CISSP Common Body of Knowledge and easy-to-understand explanations of both right and wrong answers.If you're just starting to prepare for the CISSP exam, we highlyrecommend that you use(ISC)2CISSP Certified Information SystemsSecurity Professional Official Study Guideto help you learn abouteach of the domains covered by the CISSP exam. Once you're ready totest your knowledge, use this book to help find places where you mayneed to study more or to practice for the exam itself.Since this is a companion toCISSP Study Guide, this book is designedto be similar to taking the CISSP exam. It contains multipart scenariosas well as standard multiple-choice and matching questions similar tothose you may encounter on the certification exam. The book is brokenup into 12 chapters: 8 domain-centric chapters with 100 or morequestions about each domain, and 4 chapters that contain 125-question practice tests to simulate taking the exam.CISSP CertificationThe CISSP certification is offered by the International InformationSystem Security Certification Consortium, or (ISC)2, a global nonprofitorganization. The mission of (ISC)2is to support and providemembers and constituents with credentials, resources, and leadershipto address cyber, information, software, and infrastructure security todeliver value to society. (ISC)2achieves this mission by delivering the

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 13 preview image

Loading page ...

world's leading information security certification program, the CISSP.(ISC)2 also offered five additional certifications including: (ISC)2 alsooffered five additional certifications including:Systems Security Certified Practitioner (SSCP)Certified Authorization Professional (CAP)Certified Secure Software Lifecycle Professional (CSSLP)HealthCare Information Security and Privacy Practitioner(HCISPP)Certified Cloud Security Professional (CSP)There are also three advanced CISSP certifications for those who wantto move on from the base credential to demonstrate advancedexpertise in a domain of information security.Information Systems Security Architecture Professional (CISSP-ISSAP)Information Systems Security Engineering Professional (CISSP-ISSEP)Information Systems Security Management Professional (CISSP-ISSMP)The CISSP certification covers eight domains of information securityknowledge. These domains are meant to serve as the broad knowledgefoundation required to succeed in the information security profession.Security and Risk ManagementAsset SecuritySecurity Architecture and EngineeringCommunication and Network SecurityIdentity and Access Management (IAM)Security Assessment and TestingSecurity OperationsSoftware Development Security

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 14 preview image

Loading page ...

The CISSP domains are periodically updated by (ISC)2. The mostrecent revision May 1, 2021 slightly modified the weighting forCommunication and Network security from 14 percent to 13 percentwhile increasing the focus on Software Development Security from 10percent to 11 percent. It also added or expanded coverage of topicssuch as the data management lifecycle, microservices,containerization, serverless computing, quantum computing, 5Gnetworking, and modern security controls.Complete details on the CISSP Common Body of Knowledge (CBK) arecontained in the Exam Outline. It includes a full outline of examtopics, can be found on the (ISC)2website atwww.isc2.org.Taking the CISSP ExamThe English version of the CISSP exam uses a technology calledcomputer adaptive testing(CAT). With this format, you will face anexam containing between 100 to 150 questions with a three-hour timelimit. You will not have the opportunity to skip back and forth becausethe computer selects the next questions that it asks you based uponyour answers to previous questions. If you're doing well on the exam,it will get more difficult as you progress. Don't let that unnerve you!Other versions of the exam in French, German, Brazilian Portuguese,Spanish, Japanese, Simplified Chinese, and Korean use a traditionallinear format. The linear format exam includes 250 questions with asix-hour time limit. For either version of the exam, passing requiresachieving a score of at least 700 out of 1,000 points. It's important tounderstand that this is a scaled score, meaning that not every questionis worth the same number of points. Questions of differing difficultymay factor into your score more or less heavily, and adaptive examsadjust to the test taker.That said, as you work through these practice exams, you might wantto use 70 percent as a goal to help you get a sense of whether you'reready to sit for the actual exam. When you're ready, you can schedulean exam at a location near you through the (ISC)2website.Questions on the CISSP exam are provided in both multiple-choice

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 15 preview image

Loading page ...

form and what (ISC)2callsadvanced innovativequestions, which aredrag-and-drop and hotspot questions, both of which are offered incomputer-based testing environments. Innovative questions arescored the same as traditional multiple-choice questions and have onlyone right answer.(ISC)² exam policies are subject to change. Please be sure to checkisc2.org for the current policies before you register and take theexam.Computer-Based Testing EnvironmentCISSP exams are now administered in a computer-based testing (CBT)format. You'll register for the exam through the Pearson Vue websiteand may take the exam in the language of your choice. It is offered inEnglish, French, German, Portuguese, Spanish, Japanese, SimplifiedChinese, Korean, and a visually impaired format.You'll take the exam in a computer-based testing center located nearyour home or office. The centers administer many different exams, soyou may find yourself sitting in the same room as a student taking aschool entrance examination and a healthcare professional earning amedical certification. If you'd like to become more familiar with thetesting environment, the Pearson Vue website offers a virtual tour of atesting center.home.pearsonvue.com/test-taker/Pearson-Professional-Center-Tour.aspxWhen you take the exam, you'll be seated at a computer that has theexam software already loaded and running. It's a prettystraightforward interface that allows you to navigate through theexam. You can download a practice exam and tutorial from thePearson Vue website.

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 16 preview image

Loading page ...

http://www.vue.com/athena/athena.aspAt the time this book went to press, (ISC)2was conducting a pilottest of at-home computer-based exams for CISSP candidates in theUnited States. It is possible that this pilot will be extended to apermanent product and may become available in additionalcountries. Check the (ISC)2website for more information.Exam Retake PolicyIf you don't pass the CISSP exam, you shouldn't panic. Manyindividuals don't reach the bar on their first attempt, but gain valuableexperience that helps them succeed the second time around. Whenyou retake the exam, you'll have the benefit of familiarity with the CBTenvironment and CISSP exam format. You'll also have time to studythe areas where you felt less confident.After your first exam attempt, you must wait 30 days before retakingthe computer-based exam. If you're not successful on that attempt,you may re-test after 60 days. If you don't pass after your thirdattempt, you can re-test after 90 days for that and any subsequentattempts. You can’t take the test more than 4 times within a singlecalendar year. You can obtain more information about (ISC)2 and itsother certifications from its website atwww.isc2.org.Work Experience RequirementCandidates who want to earn the CISSP credential must not only passthe exam but also demonstrate that they have at least five years ofwork experience in the information security field. Your workexperience must cover activities in at least two of the eight domains ofthe CISSP program and must be paid, full-time employment.Volunteer experiences or part-time duties are not acceptable to meet

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 17 preview image

Loading page ...

the CISSP experience requirement.You may be eligible to waive one of the five years of the workexperience requirement based upon your educational achievements. Ifyou hold a bachelor's degree or four-year equivalent, you may beeligible for a degree waiver that covers one of those years. Similarly, ifyou hold one of the information security certifications on the current(ISC)2credential waiver list(www.isc2.org/credential_waiver/default.aspx), you may also waive ayear of the experience requirement. You may not combine these twoprograms. Holders of both a certification and an undergraduate degreemust still demonstrate at least four years of experience.If you haven't yet completed your work experience requirement, youmay still attempt the CISSP exam. Individuals who pass the exam aredesignated Associates of (ISC)2and have six years to complete thework experience requirement.Recertification RequirementsOnce you've earned your CISSP credential, you'll need to maintainyour certification by paying maintenance fees and participating incontinuing professional education (CPE). As long as you maintainyour certification in good standing, you will not need to retake theCISSP exam.Currently, the annual maintenance fees for the CISSP credential are$125 per year. This fee covers the renewal for all (ISC)2certificationsheld by an individual.The CISSP CPE requirement mandates earning at least 120 CPEcredits during each three-year renewal cycle. Associates of (ISC)2mustearn at least 15 CPE credits each year. (ISC)2provides an online portalwhere certificate holders may submit CPE completion for review andapproval. The portal also tracks annual maintenance fee payments andprogress toward recertification.

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 18 preview image

Loading page ...

Using This Book to PracticeThis book is composed of 12 chapters. Each of the first eight chapterscovers a domain, with a variety of questions that can help you test yourknowledge of real-world, scenario, and best-practice securityknowledge. The final four chapters are complete practice exams thatcan serve as timed practice tests to help determine whether you'reready for the CISSP exam.We recommend taking the first practice exam to help identify whereyou may need to spend more study time and then using the domain-specific chapters to test your domain knowledge where it is weak.Once you're ready, take the other practice exams to make sure you'vecovered all the material and are ready to attempt the CISSP exam.Using the Online Practice TestsAll the questions in this book are also available in Sybex's onlinepractice test tool. To get access to this online format, go towww.wiley.com/go/sybextestprepand start by registering your book.You'll receive a PIN code and instructions on where to create an onlinetest bank account. Once you have access, you can use the onlineversion to create your own sets of practice tests from the bookquestions and practice in a timed and graded setting.

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 19 preview image

Loading page ...

Chapter 1Security and Risk Management (Domain 1)SUBDOMAINS1.1 Understand, adhere to, and promote professional ethics1.2 Understand and apply security concepts1.3 Evaluate and apply security governance principles1.4 Determine compliance and other requirements1.5 Understand legal and regulatory issues that pertain toinformation security in a holistic context1.6 Understand requirements for investigation types (i.e.,administrative, criminal, civil, regulatory, industry standards)1.7 Develop, document, and implement security policy,standards, procedures, and guidelines1.8 Identify, analyze, and prioritize Business Continuity (BC)requirements1.9 Contribute to and enforce personnel security policies andprocedures1.10 Understand and apply risk management concepts1.11 Understand and apply threat modeling concepts andmethodologies1.12 Apply Supply Chain Risk Management (SCRM) concepts1.13 Establish and maintain a security awareness, education,and training program1. Alyssa is responsible for her organization's security awarenessprogram. She is concerned that changes in technology may makethe content outdated. What control can she put in place to protect

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 20 preview image

Loading page ...

against this risk?A. GamificationB. Computer-based trainingC. Content reviewsD. Live training2. Gavin is creating a report to management on the results of hismost recent risk assessment. In his report, he would like toidentify the remaining level of risk to the organization afteradopting security controls. What term best describes this currentlevel of risk?A. Inherent riskB. Residual riskC. Control riskD. Mitigated risk3. Francine is a security specialist for an online service provider inthe United States. She recently received a claim from a copyrightholder that a user is storing information on her service thatviolates the third party's copyright. What law governs the actionsthat Francine must take?A. Copyright ActB. Lanham ActC. Digital Millennium Copyright ActD. Gramm Leach Bliley Act4. FlyAway Travel has offices in both the European Union (EU) andthe United States and transfers personal information betweenthose offices regularly. They have recently received a request froman EU customer requesting that their account be terminated.Under the General Data Protection Regulation (GDPR), whichrequirement for processing personal information states thatindividuals may request that their data no longer be disseminatedor processed?

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 21 preview image

Loading page ...

A. The right to accessB. Privacy by designC. The right to be forgottenD. The right of data portability5. After conducting a qualitative risk assessment of her organization,Sally recommends purchasing cybersecurity breach insurance.What type of risk response behavior is she recommending?A. AcceptB. TransferC. ReduceD. Reject6. Which one of the following elements of information is notconsidered personally identifiable information that would triggermost United States (U.S.) state data breach laws?A. Student identification numberB. Social Security numberC. Driver's license numberD. Credit card number7. Renee is speaking to her board of directors about theirresponsibilities to review cybersecurity controls. What rulerequires that senior executives take personal responsibility forinformation security matters?A. Due diligence ruleB. Personal liability ruleC. Prudent man ruleD. Due process rule8. Henry recently assisted one of his co-workers in preparing for theCISSP exam. During this process, Henry disclosed confidentialinformation about the content of the exam, in violation of Canon

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 22 preview image

Loading page ...

IV of the Code of Ethics: “Advance and protect the profession.”Who may bring ethics charges against Henry for this violation?A. Anyone may bring charges.B. Any certified or licensed professional may bring charges.C. Only Henry's employer may bring charges.D. Only the affected employee may bring charges.9. Wanda is working with one of her organization's European Unionbusiness partners to facilitate the exchange of customerinformation. Wanda's organization is located in the United States.What would be the best method for Wanda to use to ensure GDPRcompliance?A. Binding corporate rulesB. Privacy ShieldC. Standard contractual clausesD. Safe harbor10. Yolanda is the chief privacy officer for a financial institution andis researching privacy requirements related to customer checkingaccounts. Which one of the following laws is most likely to applyto this situation?A. GLBAB. SOXC. HIPAAD. FERPA11. Tim's organization recently received a contract to conductsponsored research as a government contractor. What law nowlikely applies to the information systems involved in this contract?A. FISMAB. PCI DSSC. HIPAA

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 23 preview image

Loading page ...

D. GISRA12. Chris is advising travelers from his organization who will bevisiting many different countries overseas. He is concerned aboutcompliance with export control laws. Which of the followingtechnologies is most likely to trigger these regulations?A. Memory chipsB. Office productivity applicationsC. Hard drivesD. Encryption software13. Bobbi is investigating a security incident and discovers that anattacker began with a normal user account but managed to exploita system vulnerability to provide that account with administrativerights. What type of attack took place under the STRIDE threatmodel?A. SpoofingB. RepudiationC. TamperingD. Elevation of privilege14. You are completing your business continuity planning effort andhave decided that you want to accept one of the risks. Whatshould you do next?A. Implement new security controls to reduce the risk level.B. Design a disaster recovery plan.C. Repeat the business impact assessment.D. Document your decision-making process.15. You are completing a review of the controls used to protect amedia storage facility in your organization and would like toproperly categorize each control that is currently in place. Whichof the following control categories accurately describe a fencearound a facility? (Select all that apply.)

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 24 preview image

Loading page ...

A. PhysicalB. DetectiveC. DeterrentD. Preventive16. Tony is developing a business continuity plan and is havingdifficulty prioritizing resources because of the difficulty ofcombining information about tangible and intangible assets.What would be the most effective risk assessment approach forhim to use?A. Quantitative risk assessmentB. Qualitative risk assessmentC. Neither quantitative nor qualitative risk assessmentD. Combination of quantitative and qualitative risk assessment17. Vincent believes that a former employee took trade secretinformation from his firm and brought it with him to acompetitor. He wants to pursue legal action. Under what lawcould he pursue charges?A. Copyright lawB. Lanham ActC. Glass-Steagall ActD. Economic Espionage Act18. Which one of the following principles imposes a standard of careupon an individual that is broad and equivalent to what onewould expect from a reasonable person under the circumstances?A. Due diligenceB. Separation of dutiesC. Due careD. Least privilege19. Brenda's organization recently completed the acquisition of a

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 25 preview image

Loading page ...

competitor firm. Which one of the following tasks would beLEAST likely to be part of the organizational processes addressedduring the acquisition?A. Consolidation of security functionsB. Integration of security toolsC. Protection of intellectual propertyD. Documentation of security policies20. Kelly believes that an employee engaged in the unauthorized useof computing resources for a side business. After consulting withmanagement, she decides to launch an administrativeinvestigation. What is the burden of proof that she must meet inthis investigation?A. Preponderance of the evidenceB. Beyond a reasonable doubtC. Beyond the shadow of a doubtD. There is no standard21. Keenan Systems recently developed a new manufacturing processfor microprocessors. The company wants to license the technologyto other companies for use but wants to prevent unauthorized useof the technology. What type of intellectual property protection isbest suited for this situation?A. PatentB. Trade secretC. CopyrightD. Trademark22. Which one of the following actions might be taken as part of abusiness continuity plan?A. Restoring from backup tapesB. Implementing RAID

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 26 preview image

Loading page ...

C. Relocating to a cold siteD. Restarting business operations23. When developing a business impact analysis, the team should firstcreate a list of assets. What should happen next?A. Identify vulnerabilities in each asset.B. Determine the risks facing the asset.C. Develop a value for each asset.D. Identify threats facing each asset.24. Mike recently implemented an intrusion prevention systemdesigned to block common network attacks from affecting hisorganization. What type of risk management strategy is Mikepursuing?A. Risk acceptanceB. Risk avoidanceC. Risk mitigationD. Risk transference25. Laura has been asked to perform an SCA. What type oforganization is she most likely in?A. Higher educationB. BankingC. GovernmentD. Healthcare26. Carl is a federal agent investigating a computer crime case. Heidentified an attacker who engaged in illegal conduct and wants topursue a case against that individual that will lead toimprisonment. What standard of proof must Carl meet?A. Beyond the shadow of a doubtB. Preponderance of the evidence

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 27 preview image

Loading page ...

C. Beyond a reasonable doubtD. Majority of the evidence27. The International Information Systems Security CertificationConsortium uses the logo shown here to represent itself onlineand in a variety of forums. What type of intellectual propertyprotection may it use to protect its rights in this logo?A. CopyrightB. PatentC. Trade secretD. Trademark28. Mary is helping a computer user who sees the following messageappear on his computer screen. What type of attack has occurred?

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 28 preview image

Loading page ...

A. AvailabilityB. ConfidentialityC. DisclosureD. Distributed29. Which one of the following organizations would not beautomatically subject to the privacy and security requirements ofHIPAA if they engage in electronic transactions?A. Healthcare providerB. Health and fitness application developerC. Health information clearinghouseD. Health insurance plan30. John's network begins to experience symptoms of slowness. Uponinvestigation, he realizes that the network is being bombarded

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 29 preview image

Loading page ...

with TCP SYN packets and believes that his organization is thevictim of a denial-of-service attack. What principle of informationsecurity is being violated?A. AvailabilityB. IntegrityC. ConfidentialityD. Denial31. Renee is designing the long-term security plan for herorganization and has a three- to five-year planning horizon. Herprimary goal is to align the security function with the broaderplans and objectives of the business. What type of plan is shedeveloping?A. OperationalB. TacticalC. SummaryD. Strategic32. Gina is working to protect a logo that her company will use for anew product they are launching. She has questions about theintellectual property protection process for this logo. What U.S.government agency would be best able to answer her questions?A. USPTOB. Library of CongressC. NSAD. NIST33. The Acme Widgets Company is putting new controls in place forits accounting department. Management is concerned that arogue accountant may be able to create a new false vendor andthen issue checks to that vendor as payment for services that werenever rendered. What security control can best help prevent thissituation?

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 30 preview image

Loading page ...

A. Mandatory vacationB. Separation of dutiesC. Defense in depthD. Job rotation34. Which one of the following categories of organizations is mostlikely to be covered by the provisions of FISMA?A. BanksB. Defense contractorsC. School districtsD. Hospitals35. Robert is responsible for securing systems used to process creditcard information. What security control framework should guidehis actions?A. HIPAAB. PCI DSSC. SOXD. GLBA36. Which one of the following individuals is normally responsible forfulfilling the operational data protection responsibilities delegatedby senior management, such as validating data integrity, testingbackups, and managing security policies?A. Data custodianB. Data ownerC. UserD. Auditor37. Alan works for an e-commerce company that recently had somecontent stolen by another website and republished withoutpermission. What type of intellectual property protection wouldbest preserve Alan's company's rights?

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021) - Page 31 preview image

Loading page ...

A. Trade secretB. CopyrightC. TrademarkD. Patent38. Florian receives a flyer from a U.S. federal government agencyannouncing that a new administrative law will affect his businessoperations. Where should he go to find the text of the law?A. United States CodeB. Supreme Court rulingsC. Code of Federal RegulationsD. Compendium of Laws39. Tom enables an application firewall provided by his cloudinfrastructure as a service provider that is designed to block manytypes of application attacks. When viewed from a riskmanagement perspective, what metric is Tom attempting to lowerby implementing this countermeasure?A. ImpactB. RPOC. MTOD. Likelihood40. Which one of the following individuals would be the mosteffective organizational owner for an information securityprogram?A. CISSP-certified analystB. Chief information officer (CIO)C. Manager of network securityD. President and CEO41. What important function do senior managers normally fill on abusiness continuity planning team?

Preview Mode

This document has 744 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

ISC2 CISSP Certified Information Systems Security Professional Official Practice Tests, 4th Edition (2024)

ISC2� CISSP� Certified Information Systems Security Professional Official Study Guide, 10th Edition (2024)

ISC2 CISSP Certified Information Systems Security Professional Official Study Guide and Practice Tests (2024)

Official ISC2 Guide to the CISSP CBK (2019)

The Official ISC2 CISSP CBK Reference (2021)

CISSP Official Practice Tests (2021)

CISSP All-in-One Exam Guide (2021)

All in One CISSP Exam Guide (2022)

CISSP Official Study Guide (2021)

CISSP Cert Guide (2022)

Company

Explore

Study Tools