Exam (elaborations) CISSP CBK Review Final Exam solved (CISSP CBK)
1. A risk is the likelihood of a threat source taking advantage of a vulnerability to an information system. Risks left over after implementing safeguards is known as:
A. Leftover risks.
B. Residual risks.
C. Remaining risks.
...
CISSP CBK Review Final Exam
1. A risk is the likelihood of a threat source taking advantage of a vulnerability to an
information system. Risks left over after implementing safeguards is known as:
A. Leftover risks.
B. Residual risks.
C. Remaining risks.
D. Exposures.
2. Copyright provides what form of protection:
A. Protects an author’s right to distribute his/her works.
B. Protects information that provides a competitive advantage.
C. Protects the right of an author to prevent unauthorized use of his/her works.
D. Protects the right of an author to prevent viewing of his/her works.
3. As an information systems security professional, what is the highest amount would
you recommend to a corporation to invest annually on a countermeasure for
protecting their assets valued at $1 million from a potential threat that has an
annualized rate of occurrence (ARO) of once every five years and an exposure factor
(EF) of 10% :
A. $100,000.
B. $20,000.
C. $200,000.
D. $40,000.
4. Which of the following describes the first step in establishing an encrypted session
using a Data Encryption Standard (DES) key?
A. Key clustering
B. Key compression
C. Key signing
D. Key exchange
5. In a typical information security program, what is the primary responsibility
of information (data) owner?
A. Ensure the validity and accuracy of data.
B. Determine the information sensitivity or classification level.
CISSP CBK Review Page 1
, C. Monitor and audit system users.
D. Ensure availability of data.
6. Which of the following is not a component of “chain of evidence”:
A. Location evidence obtained.
B. Time evidence obtained.
C. Who discovered the evidence.
D. Identification of person who left the evidence.
7. When an employee transfers within an organization …
A. The employee must undergo a new security review.
B. The old system IDs must be disabled.
C. All access permission should be reviewed.
D. The employee must turn in all access devices.
8. A system security engineer is evaluation methods to store user passwords in an
information system, so what may be the best method to store user passwords
and meeting the confidentiality security objective?
A. Password-protected file
B. File restricted to one individual
C. One-way encrypted file
D. Two-way encrypted file
9. What is the inverse of confidentiality, integrity, and availability (C.I.A.) triad in risk
management?
A. misuse, exposure, destruction
B. authorization, non-repudiation, integrity
C. disclosure, alteration, destruction
D. confidentiality, integrity, availability
10. A CISSP may face with an ethical conflict between their company’s policies and the
(ISC)2 Code of Ethics. According to the (ISC)2 Code of Ethics, in which order of
priority should ethical conflicts be resolved?
A. Duty to principals, profession, public safety, and individuals.
CISSP CBK Review Page 2
, B. Duty to public safety, principals, individuals, and profession.
C. Duty to profession, public safety, individuals, and principals.
D. Duty to public safety, profession, individuals, and principals.
11. Company X is planning to implement rule based access control mechanism for
controlling access to its information assets, what type of access control is this usually
related to?
A. Discretionary Access Control
B. Task-initiated Access Control
C. Subject-dependent Access Control
D. Token-oriented Access Control
12. In the Common Criteria Evaluation and Validation Scheme (CCEVS), requirements
for future products are defined by:
A. Protection Profile.
B. Target of Evaluation.
C. Evaluation Assurance Level 3.
D. Evaluation Assurance Level 7.
13. As an information systems security manager (ISSM), how would you explain the
purpose for a system security policy?
A. A definition of the particular settings that have been determined to provide
optimum security
B. A brief, high-level statement defining what is and is not permitted during
the operation of the system
C. A definition of those items that must be excluded on the system
D. A listing of tools and applications that will be used to protect the system
14. Configuration management provides assurance that changes…?
A. to application software cannot bypass system security features.
B. do not adversely affect implementation of the security policy.
C. to the operating system are always subjected to independent validation and
verification.
D. in technical documentation maintain an accurate description of the Trusted
Computer Base.
CISSP CBK Review Page 3
, 15. Under what circumstance might a certification authority (CA) revoke a certificate?
A. The certificate owner has not utilized the certificate for an extended period.
B. The certificate owner public key has been compromised.
C. The certificate owner’ private key has been compromised.
D. The certificate owner has upgraded his/her web browser.
16. Which of the following entity is ultimately responsible for information security
within an organization?
A. IT Security Officer
B. Project Managers
C. Department Directors
D. Senior Management
17. What type of cryptanalytic attack where an adversary has the least amount of
information to work with?
A. Known-plaintext
B. Ciphertext-only
C. Plaintext-only
D. Chosen-ciphertext
18. In business continuity planning, which of the following is an advantage of a “hot site”
over a “cold site”
A. Air Conditioning
B. Cost
C. Short period to become operational
D. A & C
19. Which of the following is the most effective method for reducing security risks
associated with building entrances?
A. Minimize the number of entrances
B. Use solid metal doors and frames
C. Brightly illuminate the entrances
D. Install tamperproof hinges and glass
CISSP CBK Review Page 4
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller frackasaura. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.