CISSP 50 Question Quiz


CISSP 50 Question Quiz

CISSP 50 Question Quiz

1 / 50

Which of the following would security personnel do during the remediation stage of an incident response?

2 / 50

Which one of the following is not a principle of Agile development?

3 / 50

Which of the following types of access control uses fences, security policies, security awareness training, and antivirus software to stop an unwanted or unauthorised activity from occurring?

4 / 50

Which one of the following types of attacks relies on the difference between the timing of two events?

5 / 50

Which of the following best identifies the benefit of a passphrase?

6 / 50

A central authority determines which file a user can access based on the organisation's hierarchy. Which of the following best describes this?

7 / 50

What ensures that the subject of an activity or event cannot deny that the event occurred?

8 / 50

What form of access control is primarily concerned with the data stored by a field?

9 / 50

What HTML tag is often used as part of a cross-site scripting (XSS) attack?

10 / 50

What kind of attack makes the Caesar cipher virtually unusable?

11 / 50

Which federal government agency has responsibility for ensuring the security of government computer systems that are not used to process sensitive and/or classified information?

12 / 50

What type of electrical component serves as the primary building block for dynamic RAM chips?

13 / 50

What type of interface testing would identify flaws in a program's command-line interface?

14 / 50

If somebody has developed a company formula that they would like to keep secret for as long as possible. What type of intellectual property protection best suits their needs?

15 / 50

Which one of the following is not normally included in a security assessment?

16 / 50

Which one of the following tests provides the most accurate and detailed information about the security state of a server?

17 / 50

What type of reconnaissance attack provides attackers with useful information about the services running on a system?

18 / 50

Some cloud-based service models require an organisation to perform some maintenance and take responsibility for some security. Which of the following is a service model that places most of these responsibilities on the organisation leasing the cloud-based resources?

19 / 50

During what type of penetration test does the tester always have access to the system configuration?

20 / 50

Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won't spoil results throughout the communication?

21 / 50

Which one of the following storage devices is most likely to require encryption technology in order to maintain data security in a networked environment?

22 / 50

What portion of the change management process allows developers to prioritise tasks?

23 / 50

What approach to failure management places the system in a high level of security?

24 / 50

Which one of the following factors should not be taken into consideration when planning a security testing schedule for a particular system?

25 / 50

Which of the following is not a valid definition for risk?

26 / 50

Which of the following is a primary purpose of an exit interview?

27 / 50

What is both a benefit and a potentially harmful implication of multilayer protocols?

28 / 50

Which one of the following technologies is considered flawed and should no longer be used?

29 / 50

What database technology, if implemented for web forms, can limit the potential for SQL injection attacks?

30 / 50

What type of memory is directly available to the CPU and is often part of the CPU?

31 / 50

What is the main purpose of a military and intelligence attack?

32 / 50

Which of the following is not a security-focused design element of a facility or site?

33 / 50

What port is typically used to accept administrative connections using the SSH utility?

34 / 50

Which of the following is not a valid access control model?

35 / 50

Which one of the following risks is least likely to be adequately addressed by a quantitative risk assessment?

36 / 50

What is the typical time estimate to activate a warm site from the time a disaster is declared?

37 / 50

What is encapsulation?

38 / 50

If you were to build a databse table consisting of the names, telephone numbers, and customer IDs for a business and then insert information on 30 customers. What is the degree of this table?

39 / 50

What is the primary objective of data classification schemes?

40 / 50

In which of the following database recovery techniques is an exact, up-to-date copy of the database maintained at an alternative location?

41 / 50

What type of application vulnerability most directly allows an attacker to modify the content of a system's memory?

42 / 50

Which one of the following BIA terms identifies the amount of money a business expects to lose to a given risk each year?

43 / 50

An aircraft manufacturer expects that it would lose $10 million if a tornado struck its aircraft operations facility. It expects that a tornado might strike the facility once every 100 years. What is the annualised loss expectancy?

44 / 50

What type of disaster recovery plan test fully evaluates operations at the backup facility but does not shift primary operations responsibility from the main site?

45 / 50

Which criminal law first implemented penalties for the creators of viruses, worms, and other types of malware?

46 / 50

Which one of the following tools provides a solution to the problem of users forgetting complex passwords?

47 / 50

How does a SYN flood attack work?

48 / 50

What is the best type of water-based fire suppression system for a computer facility?

49 / 50

During an operational investigation, what type of analysis might an organisation undertake to prevent similar incidents in the future?

50 / 50

Which of the following is not a routing protocol?

Your score is

The average score is 84%