CISSP : Certified Information Systems Security Professional : Part 01

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
- determine the risk of a business interruption occurring
- determine the technological dependence of the business processes
- Identify the operational impacts of a business interruption
- Identify the financial impacts of a business interruption
Explanation:

Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjbktbTp-LaAhVIr48KHZuhB0UQFggmMAA&url=http%3A%2F%2Fwww.oregon.gov%2Fdas%2FProcurement%2FGuiddoc%2FBusImpAnalysQs.doc&usg=AOvVaw1wBxcnLP8ceI_yhv2rsI9h
Which of the following actions will reduce risk to a laptop before traveling to a high risk area?
- Examine the device for physical tampering
- Implement more stringent baseline configurations
- Purge or re-image the hard disk drive
- Change access codes
Which of the following represents the GREATEST risk to data confidentiality?
- Network redundancies are not implemented
- Security awareness training is not completed
- Backup tapes are generated unencrypted
- Users have administrative privileges
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
- Ensure the fire prevention and detection systems are sufficient to protect personnel
- Review the architectural plans to determine how many emergency exits are present
- Conduct a gap analysis of a new facilities against existing security requirements
- Revise the Disaster Recovery and Business Continuity (DR/BC) plan
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
- Application
- Storage
- Power
- Network
Explanation:

Reference: https://www.colocationamerica.com/data-center/tier-standards-overview.htm
When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?
- Only when assets are clearly defined
- Only when standards are defined
- Only when controls are put in place
- Only procedures are defined
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
- Install mantraps at the building entrances
- Enclose the personnel entry area with polycarbonate plastic
- Supply a duress alarm for personnel exposed to the public
- Hire a guard to protect the public area
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?
- Development, testing, and deployment
- Prevention, detection, and remediation
- People, technology, and operations
- Certification, accreditation, and monitoring
Explanation:

Reference: https://www.giac.org/paper/gsec/3873/information-warfare-cyber-warfare-future-warfare/106165 (14)
Intellectual property rights are PRIMARY concerned with which of the following?
- Owner’s ability to realize financial gain
- Owner’s ability to maintain copyright
- Right of the owner to enjoy their creation
- Right of the owner to control delivery method
A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?
- 25%
- 50%
- 75%
- 100%
In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
- Physical Layer
- Application Layer
- Data-Link Layer
- Network Layer
What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source?
- Smurfing
- Man-in-the-Middle (MITM) attack
- Session redirect
- Spoofing
Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?
- Security governance
- Risk management
- Security portfolio management
- Risk assessment
Which of the following mandates the amount and complexity of security controls applied to a security risk?
- Security vulnerabilities
- Risk tolerance
- Risk mitigation
- Security staff
When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?
- Countermeasure effectiveness
- Type of potential loss
- IncideDefine additional security controls directly after the merger nt likelihood
- Information ownership
A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?
- Define additional security controls directly after the merger
- Include a procurement officer in the merger team
- Verify all contracts before a merger occurs
- Assign a compliancy officer to review the merger conditions
Which of the following is a direct monetary cost of a security incident?
- Morale
- Reputation
- Equipment
- Information
Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow?
- Memory review
- Code review
- Message division
- Buffer division
Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?
- parameterized database queries
- whitelist input values
- synchronized session tokens
- use strong ciphers
What is the PRIMARY purpose for an organization to conduct a security audit?
- To ensure the organization is adhering to a well-defined standard
- To ensure the organization is applying security controls to mitigate identified risks
- To ensure the organization is configuring information systems efficiently
- To ensure the organization is documenting findings

CISSP : Certified Information Systems Security Professional : All Parts
CISSP Part 01	CISSP Part 08	CISSP Part 15	CISSP Part 22
CISSP Part 02	CISSP Part 09	CISSP Part 16	CISSP Part 23
CISSP Part 03	CISSP Part 10	CISSP Part 17	CISSP Part 24
CISSP Part 04	CISSP Part 11	CISSP Part 18	CISSP Part 25
CISSP Part 05	CISSP Part 12	CISSP Part 19	CISSP Part 26
CISSP Part 06	CISSP Part 13	CISSP Part 20	CISSP Part 27
CISSP Part 07	CISSP Part 14	CISSP Part 21	CISSP Part 28

CISSP : Certified Information Systems Security Professional : All Parts
CISSP Part 01	CISSP Part 08	CISSP Part 15	CISSP Part 22
CISSP Part 02	CISSP Part 09	CISSP Part 16	CISSP Part 23
CISSP Part 03	CISSP Part 10	CISSP Part 17	CISSP Part 24
CISSP Part 04	CISSP Part 11	CISSP Part 18	CISSP Part 25
CISSP Part 05	CISSP Part 12	CISSP Part 19	CISSP Part 26
CISSP Part 06	CISSP Part 13	CISSP Part 20	CISSP Part 27
CISSP Part 07	CISSP Part 14	CISSP Part 21	CISSP Part 28

CISSP : Certified Information Systems Security Professional : Part 01

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

Which of the following represents the GREATEST risk to data confidentiality?

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Intellectual property rights are PRIMARY concerned with which of the following?

A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?

What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source?

Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

Which of the following mandates the amount and complexity of security controls applied to a security risk?

When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?

A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?

Which of the following is a direct monetary cost of a security incident?

Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow?

Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?

What is the PRIMARY purpose for an organization to conduct a security audit?