CISSP : Certified Information Systems Security Professional : Part 01
-
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
- determine the risk of a business interruption occurring
- determine the technological dependence of the business processes
- Identify the operational impacts of a business interruption
- Identify the financial impacts of a business interruption
Explanation:
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjbktbTp-LaAhVIr48KHZuhB0UQFggmMAA&url=http%3A%2F%2Fwww.oregon.gov%2Fdas%2FProcurement%2FGuiddoc%2FBusImpAnalysQs.doc&usg=AOvVaw1wBxcnLP8ceI_yhv2rsI9h
-
Which of the following actions will reduce risk to a laptop before traveling to a high risk area?
- Examine the device for physical tampering
- Implement more stringent baseline configurations
- Purge or re-image the hard disk drive
- Change access codes
-
Which of the following represents the GREATEST risk to data confidentiality?
- Network redundancies are not implemented
- Security awareness training is not completed
- Backup tapes are generated unencrypted
- Users have administrative privileges
-
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
- Ensure the fire prevention and detection systems are sufficient to protect personnel
- Review the architectural plans to determine how many emergency exits are present
- Conduct a gap analysis of a new facilities against existing security requirements
- Revise the Disaster Recovery and Business Continuity (DR/BC) plan
-
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
- Application
- Storage
- Power
- Network
Explanation:Reference: https://www.colocationamerica.com/data-center/tier-standards-overview.htm -
When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?
- Only when assets are clearly defined
- Only when standards are defined
- Only when controls are put in place
- Only procedures are defined
-
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
- Install mantraps at the building entrances
- Enclose the personnel entry area with polycarbonate plastic
- Supply a duress alarm for personnel exposed to the public
- Hire a guard to protect the public area
-
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?
- Development, testing, and deployment
- Prevention, detection, and remediation
- People, technology, and operations
- Certification, accreditation, and monitoring
Explanation:Reference: https://www.giac.org/paper/gsec/3873/information-warfare-cyber-warfare-future-warfare/106165 (14) -
Intellectual property rights are PRIMARY concerned with which of the following?
- Owner’s ability to realize financial gain
- Owner’s ability to maintain copyright
- Right of the owner to enjoy their creation
- Right of the owner to control delivery method
-
A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?
- 25%
- 50%
- 75%
- 100%
-
In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
- Physical Layer
- Application Layer
- Data-Link Layer
- Network Layer
-
What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source?
- Smurfing
- Man-in-the-Middle (MITM) attack
- Session redirect
- Spoofing
-
Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?
- Security governance
- Risk management
- Security portfolio management
- Risk assessment
-
Which of the following mandates the amount and complexity of security controls applied to a security risk?
- Security vulnerabilities
- Risk tolerance
- Risk mitigation
- Security staff
-
When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?
- Countermeasure effectiveness
- Type of potential loss
- IncideDefine additional security controls directly after the merger nt likelihood
- Information ownership
-
A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?
- Define additional security controls directly after the merger
- Include a procurement officer in the merger team
- Verify all contracts before a merger occurs
- Assign a compliancy officer to review the merger conditions
-
Which of the following is a direct monetary cost of a security incident?
- Morale
- Reputation
- Equipment
- Information
-
Which of the following would MINIMIZE the ability of an attacker to exploit a buffer overflow?
- Memory review
- Code review
- Message division
- Buffer division
-
Which of the following mechanisms will BEST prevent a Cross-Site Request Forgery (CSRF) attack?
- parameterized database queries
- whitelist input values
- synchronized session tokens
- use strong ciphers
-
What is the PRIMARY purpose for an organization to conduct a security audit?
- To ensure the organization is adhering to a well-defined standard
- To ensure the organization is applying security controls to mitigate identified risks
- To ensure the organization is configuring information systems efficiently
- To ensure the organization is documenting findings
Subscribe
0 Comments
Newest