CISSP Practice Test Questions

1487 Questions


Topic 11: Exam Set C

Which of the following BEST describes a rogue Access Point (AP)?


A.

An AP that is not protected by a firewall


B.

An AP not configured to use Wired Equivalent Privacy (WEP) with Triple Data
Encryption Algorithm (3DES)


C.

An AP connected to the wired infrastructure but not under the management of
authorized network administrators


D.

An AP infected by any kind of Trojan or Malware





What is the PRIMARY difference between security policies and security procedures?


A.

Policies are used to enforce violations, and procedures create penalties


B.

Policies point to guidelines, and procedures are more contractual in nature


C.

Policies are included in awareness training, and procedures give guidance


D.

Policies are generic in nature, and procedures contain operational details





During the risk assessment phase of the project the CISO discovered that a college within
the University is collecting Protected Health Information (PHI) data via an application that
was developed in-house. The college collecting this data is fully aware of the regulations
for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
During the risk assessment phase of the project the CISO discovered that a college within
the University is collecting Protected Health Information (PHI) data via an application that
was developed in-house. The college collecting this data is fully aware of the regulations
for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?


A.

Document the system as high risk


B.

Perform a vulnerability assessment


C.

Perform a quantitative threat assessment


D.

Notate the information and move on





A software security engineer is developing a black box-based test plan that will measure
the system's reaction to incorrect or illegal inputs or unexpected operational errors and
situations. Match the functional testing techniques on the left with the correct input
parameters on the right.





While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following is the correct procedure for handling such equipment?


A.

They should be recycled to save energy.


B.

They should be recycled according to NIST SP 800-88.


C.

They should be inspected and sanitized following the organizational policy.


D.

They should be inspected and categorized properly to sell them for reuse.





A security professional has been asked to evaluate the options for the location of a new
data center within a multifloor building. Concerns for the data center include emanations
and physical access controls.
Which of the following is the BEST location?


A.

On the top floor


B.

In the basement


C.

In the core of the building


D.

In an exterior room with windows





What type of test assesses a Disaster Recovery (DR) plan using realistic disaster
scenarios while maintaining minimal impact to business operations?


A.

Parallel


B.

Walkthrough


C.

Simulation


D.

Tabletop





Which of the following BEST describes a Protection Profile (PP)?


A.

A document that expresses an implementation independent set of security requirements for an IT product that meets specific consumer needs.


B.

A document that is used to develop an IT security product from its security requirements definition.


C.

A document that expresses an implementation dependent set of security requirements which contains only the security functional requirements.


D.

A document that represents evaluated products where there is a one-to-one
correspondence between a PP and a Security Target (ST).





After acquiring the latest security updates, what must be done before deploying to
production systems?


A.

Use tools to detect missing system patches


B.

Install the patches on a test system


C.

Subscribe to notifications for vulnerabilities


D.

Assess the severity of the situation





Which of the following is a reason to use manual patch installation instead of automated patch management?


A.

The cost required to install patches will be reduced.


B.

The time during which systems will remain vulnerable to an exploit will be decreased.


C.

The likelihood of system or application incompatibilities will be decreased.


D.

The ability to cover large geographic areas is increased.





Which of the following is the BEST example of weak management commitment to the protection of security assets and resources?


A.

poor governance over security processes and procedures


B.

immature security controls and procedures


C.

variances against regulatory requirements


D.

unanticipated increases in security incidents and threats





Which of the following is the PRIMARY benefit of implementing data-in-use controls?


A.

If the data is lost, it must be decrypted to be opened.


B.

If the data is lost, it will not be accessible to unauthorized users.


C.

When the data is being viewed, it can only be printed by authorized users.


D.

When the data is being viewed, it must be accessed using secure protocols






Page 35 out of 124 Pages
Previous