Welcome to a 100 question CISSP mock exam. This exam is used for yourself to see where your strengths and weaknesses lie. After you have completed the online exam, your results will be calculated and each domain will be marked and tallied separately. Also consider that many of the domains overlap as the questions may cover more than one domain but weight more in one than the other.
Quiz Summary
0 of 100 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 100 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 100
1. Question
A corporation is considering the best authentication method for access control, which of the following method has the best authentication strength?
CorrectIncorrect -
Question 2 of 100
2. Question
A security engineer is evaluating methods to store user passwords in an information system. What may be the best method for storing user passwords and meeting the confidentiality security objective?
CorrectIncorrect -
Question 3 of 100
3. Question
What is the minimum and customary practice that constitutes “responsible protection of information assets that affect a community or societal norm”?
CorrectIncorrect -
Question 4 of 100
4. Question
A timely review of system access records would be an example of what type of basic security function?
CorrectIncorrect -
Question 5 of 100
5. Question
What type of access control is implemented where a database administrator can grant “Update” privilege in a database to specific users or group?
CorrectIncorrect -
Question 6 of 100
6. Question
A practicing CISSP may face an ethical conflict between his/her company’s interests and the (ISC)2 Code of Ethics. According to the (ISC)2 Code of Ethics in which order of priority should ethical conflicts be resolved?
CorrectIncorrect -
Question 7 of 100
7. Question
What is the purpose of biometrics in access control?
CorrectIncorrect -
Question 8 of 100
8. Question
Company X is planning to implement rule-based access control mechanism for controlling access to its information assets. What type of access control is this usually related to?
CorrectIncorrect -
Question 9 of 100
9. Question
What security implementation principle is used for granting users only the rights that are necessary for them to perform their work?
CorrectIncorrect -
Question 10 of 100
10. Question
As an information systems security manager (ISSM), how would you explain the purpose a system security policy?
CorrectIncorrect -
Question 11 of 100
11. Question
In addition, to ensure changes to the computer system taking place in an identifiable and controlled manner; configuration management provides assurance that changes…
CorrectIncorrect -
Question 12 of 100
12. Question
In addition to performing cryptographic operation, what is another reason for using asymmetric key cryptography?
CorrectIncorrect -
Question 13 of 100
13. Question
Under what circumstance might a Certification Authority (CA) revokes a certificate?
CorrectIncorrect -
Question 14 of 100
14. Question
In the Rivest-Shamir-Adleman (RSA) algorithm, a modulus is derived by…
CorrectIncorrect -
Question 15 of 100
15. Question
What type of crypto-analytical attack where an adversary has least amount of information to work with?
CorrectIncorrect -
Question 16 of 100
16. Question
Company X is building a data center, what may be the most effective method for reducing security risks associated with building entrances?
CorrectIncorrect -
Question 17 of 100
17. Question
When disposing magnetic storage media, all of the following methods ensure that data is unreadable except …
CorrectIncorrect -
Question 18 of 100
18. Question
Prior to installation of an intrusion prevention system (IPS), a network engineer usually place packet sniffers on the network, what is the purpose for using a packet sniffer?
CorrectIncorrect -
Question 19 of 100
19. Question
In mandatory access control, what determines the assignment of data classifications?
CorrectIncorrect -
Question 20 of 100
20. Question
Granularity defines the level of detail to which…
CorrectIncorrect -
Question 21 of 100
21. Question
An advantage of asymmetric key cryptography is that…
CorrectIncorrect -
Question 22 of 100
22. Question
What is the proper way to dispose confidential computer printouts?
CorrectIncorrect -
Question 23 of 100
23. Question
Which of the following is a reasonable response from an intrusion detection system (IDS) when it detects Internet Protocol (IP) packets where the source address is the same as the destination address?
CorrectIncorrect -
Question 24 of 100
24. Question
As a security manager, how would you explain the primary goal of a security awareness program to senior management?
CorrectIncorrect -
Question 25 of 100
25. Question
Which of the following refers to a series of characters used to verify a user’s identity?
CorrectIncorrect -
Question 26 of 100
26. Question
Which of the following is not a valid X.509 V.3 certificate field?
CorrectIncorrect -
Question 27 of 100
27. Question
Security should first become involved in what stage of application development life cycle?
CorrectIncorrect -
Question 28 of 100
28. Question
Which of the following evidence collection method is most acceptable in a court case?
CorrectIncorrect -
Question 29 of 100
29. Question
When engaging an external contractor for a software development project, source
code escrow can be used to protect against…
CorrectIncorrect -
Question 30 of 100
30. Question
All of the followings are goals for change control management process except ensuring the changes are…
CorrectIncorrect -
Question 31 of 100
31. Question
What type of access control where the security clearance of a subject must match the security classification of an object?
CorrectIncorrect -
Question 32 of 100
32. Question
Which of the following connection-oriented protocol is an OSI Transport Layer protocol?
CorrectIncorrect -
Question 33 of 100
33. Question
Which of the following fire suppression system suppresses a Class C fire without harming the earth’s ozone?
CorrectIncorrect -
Question 34 of 100
34. Question
When a communication link is subjected to monitoring, what is the advantage for using an end-to-end encryption solution over link encryption solution?
CorrectIncorrect -
Question 35 of 100
35. Question
What classic cipher uses simple substitution algorithm
CorrectIncorrect -
Question 36 of 100
36. Question
An information security program should include the following elements:
CorrectIncorrect -
Question 37 of 100
37. Question
What are the objectives of emergency actions taken at the beginning stage of a disaster? Preventing injuries, loss of life, and …
CorrectIncorrect -
Question 38 of 100
38. Question
When handling electronic evidence, what is the implementation principle for chain of custody that documents the evidence life cycle?
CorrectIncorrect -
Question 39 of 100
39. Question
Security of an automated information system is most effective and economical if the system is…
CorrectIncorrect -
Question 40 of 100
40. Question
It is important that information about an ongoing computer crime investigation be…
CorrectIncorrect -
Question 41 of 100
41. Question
After signing out a laptop computer from the company loaner pool, you discovered there is a memorandum stored in the loaner laptop written to a competitor containing sensitive information about a new product your company is about to release. What is the ethical action you should take?
CorrectIncorrect -
Question 42 of 100
42. Question
What is the purpose of a firewall?
CorrectIncorrect -
Question 43 of 100
43. Question
Which of the following is the least important information to record when logging a security violation?
CorrectIncorrect -
Question 44 of 100
44. Question
Which of the following device might be used to commit telecommunications fraud using the “shoulder surfing” technique?
CorrectIncorrect -
Question 45 of 100
45. Question
Spoofing can be defined as…
CorrectIncorrect -
Question 46 of 100
46. Question
Which of the following is a feature of a hot site?
CorrectIncorrect -
Question 47 of 100
47. Question
Which of the following shall be used to achieve non-repudiation of delivery?
CorrectIncorrect -
Question 48 of 100
48. Question
The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called…
CorrectIncorrect -
Question 49 of 100
49. Question
What is the trusted registry that guarantees the authenticity of client and server public keys?
CorrectIncorrect -
Question 50 of 100
50. Question
The concept that all accesses must be mediated, protected from unauthorised modification, and verifiable as correct is implemented through what?
CorrectIncorrect -
Question 51 of 100
51. Question
Programmed procedure that ensures valid transactions are processed accurately and
only once in the current timescale, are referred to as…CorrectIncorrect -
Question 52 of 100
52. Question
Eavesdropping is what type of attack?
CorrectIncorrect -
Question 53 of 100
53. Question
For what reason would a network administrator leverage the promiscuous mode on a network interface?
CorrectIncorrect -
Question 54 of 100
54. Question
Which of the following is an example of hyperlink spoofing?
CorrectIncorrect -
Question 55 of 100
55. Question
During a disaster, how does a closed-circuit television (CCTV) help management and security to minimize loss?
CorrectIncorrect -
Question 56 of 100
56. Question
What is the first step in establishing a disaster recovery plan (DRP)?
CorrectIncorrect -
Question 57 of 100
57. Question
The guiding principle of ethics is to do nothing…
CorrectIncorrect -
Question 58 of 100
58. Question
Which of the following distinguishes misuse detection from intrusion detection?
CorrectIncorrect -
Question 59 of 100
59. Question
A goal of cryptanalysis is to…
CorrectIncorrect -
Question 60 of 100
60. Question
Which of the following is not identified by a business impact analysis (BIA)?
CorrectIncorrect -
Question 61 of 100
61. Question
The three primary methods for authenticating a user to a system or network are…
CorrectIncorrect -
Question 62 of 100
62. Question
Pretty Good Privacy (PGP) provides…
CorrectIncorrect -
Question 63 of 100
63. Question
Which of the following can be identified when exceptions occur using operations
security detective controls?CorrectIncorrect -
Question 64 of 100
64. Question
When downloading software from Internet, why do vendors publish MD5 hash values when they provide software to customers?
CorrectIncorrect -
Question 65 of 100
65. Question
The three principal schemes that provide a framework for managing access control are…
CorrectIncorrect -
Question 66 of 100
66. Question
From a legal perspective, which of the following rules must be addressed when investigating a computer crime?
CorrectIncorrect -
Question 67 of 100
67. Question
Before powering off a computer system, the computer crime investigator should record the contents of the monitor and…
CorrectIncorrect -
Question 68 of 100
68. Question
The growth of Internet e-mail has contributed to the widespread propagation of which of the following?
CorrectIncorrect -
Question 69 of 100
69. Question
Which of the following transaction processing properties ensures once a transaction completes successfully (commits), the updates survive even if there is a system failure?
CorrectIncorrect -
Question 70 of 100
70. Question
Which of the following is the best-known example of a symmetric key cipher system?
CorrectIncorrect -
Question 71 of 100
71. Question
Which of the following equates to annualized loss expectancy (ALE) ?
CorrectIncorrect -
Question 72 of 100
72. Question
Which of the following describes the step prior to an encrypted session using Data Encryption Standard (DES)?
CorrectIncorrect -
Question 73 of 100
73. Question
The security planning process must define: how security will be managed, who will be responsible, and…
CorrectIncorrect -
Question 74 of 100
74. Question
A security policy provides a way to…
CorrectIncorrect -
Question 75 of 100
75. Question
Another name for a Virtual Private Network (VPN) is a…
CorrectIncorrect -
Question 76 of 100
76. Question
What security feature does a digital signature provide?
CorrectIncorrect -
Question 77 of 100
77. Question
Monitoring of electromagnetic pulse emanations from personal computers (PCs) and cathode ray televisions (CRTs) provides a hacker with what significant advantage?
CorrectIncorrect -
Question 78 of 100
78. Question
Computer security is generally considered to be the responsibility of…
CorrectIncorrect -
Question 79 of 100
79. Question
A set of step-by-step instructions used to satisfy control requirements is called …
CorrectIncorrect -
Question 80 of 100
80. Question
A set of step-by-step instructions used to satisfy control requirements is called …
CorrectIncorrect -
Question 81 of 100
81. Question
Which of the following can assist in preventing denial of service attacks?
CorrectIncorrect -
Question 82 of 100
82. Question
What characteristic of Digital Encryption Standard (DES) used in Electronic Code Book (ECB) mode makes it unsuitable for long messages?
CorrectIncorrect -
Question 83 of 100
83. Question
Separation of duties should be…
CorrectIncorrect -
Question 84 of 100
84. Question
Which of the following is an advantage of the Rivest, Shamir, Adelman (RSA) public key system over the Digital Signature Algorithm (DSA)?
CorrectIncorrect -
Question 85 of 100
85. Question
What common attack can be used against a system that stores one-way encrypted passwords if a copy of the password file can be obtained?
CorrectIncorrect -
Question 86 of 100
86. Question
When securing Internet connections, which of the following should be used to protect internal routing and labeling schemes?
CorrectIncorrect -
Question 87 of 100
87. Question
When establishing a violation tracking and analysis process, which of the following parameter is used to keep the quantity of data to manageable levels?
CorrectIncorrect -
Question 88 of 100
88. Question
The Initial phase of the system development life cycle would normally include…
CorrectIncorrect -
Question 89 of 100
89. Question
Which of the following security model is used for enforcing data confidentiality only?
CorrectIncorrect -
Question 90 of 100
90. Question
The accounting branch of a large organisation requires an application to process expense vouchers. Each voucher must be input by one of many accounting clerks, verified by the clerk’s applicable supervisor then reconciled by an auditor before the reimbursement check is produced. What access control technique should be built into the application to meet the information protection needs?
CorrectIncorrect -
Question 91 of 100
91. Question
What security implementation principle recommends division of responsibilities so that one person cannot commit an undetected fraud?
CorrectIncorrect -
Question 92 of 100
92. Question
Which type of communication should an investigator use so the hacker is not aware of an ongoing investigation?
CorrectIncorrect -
Question 93 of 100
93. Question
Looting of computing assets in a data center after Hurricane Katrina is considered as what type of physical security threat?
CorrectIncorrect -
Question 94 of 100
94. Question
What technique can be used to defeat a callback security system?
CorrectIncorrect -
Question 95 of 100
95. Question
Why does fiber optic communication technology have a significant security advantage over other transmission technology?
CorrectIncorrect -
Question 96 of 100
96. Question
Trusted computing base (TCB) is comprised of what combination of system components?
1. Hardware.
2. Firmware.
3. Software.CorrectIncorrect -
Question 97 of 100
97. Question
When verifying security controls in a system design, the security specialist should ensure that the…
CorrectIncorrect -
Question 98 of 100
98. Question
Which of the following protocol is commonly used to verify dial-up connections
between hosts?CorrectIncorrect -
Question 99 of 100
99. Question
What type of cryptographic attack enables an attacker to discover the cryptographic key by selecting a series of plaintext and corresponding ciphertext?
CorrectIncorrect -
Question 100 of 100
100. Question
Which statement below most accurately reflects the goal of risk mitigation?
CorrectIncorrect