Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CISSP Exam Test 1 > CISSP Exam Test 1 > Flashcards

CISSP Exam Test 1 Flashcards

1
Q
  1. Which of the following forms the foundation for information systems security?

a. Procedure
b. Policy
c. Software
d. Hardware

A

b. Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. A security policy document usually does not contain which of the following?

a. Rights
b. Responsibilities
c. Authority
d. Requirements

A

d. Requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. A security policy can be violated in all of the following ways except:

a. Knowingly
b. By collusion
c. Unknowingly
d. By committee input

A

d. By committee input

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. An example of a security policy than can be legally monitored is:

a. Keystroke monitoring
b. E-mail monitoring
c. Web browser monitoring
d. Password monitoring

A

d. Password monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. All of the following are important elements of a good security policy except:

a. Communication
b. Implementation
c. Perception
d. Retraction

A

c. Perception

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which of the following is the largest security threat?

a. Internet
b. Users
c. Intranet
d. Extranet

A

b. Users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. All of the following provide a false sense of security except?

a. Security policy document
b. Password management
c. Policy enforcement
d. Access security rules

A

c. Policy enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which of the following has both advantages and disadvantages?

a. Connecting to the Internet
b. Planting viruses
c. Stealing corporate data
d. Tinkering with configuration settings

A

a. Connecting to the Internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which of the following is not a common method of attacking a computer system?

a. Password cracking
b. Packet sniffing
c. Encryption key breaking
d. Sendmail

A

c. Encryption key breaking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. An uncommon information systems security threat is directed at which of the following?

a. Hardware
b. Individuals
c. Software
d. Data

A

b. Individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. A major international threat to networks is:

a. Electrical interference
b. Employees
c. Hackers
d. Telephone line failures

A

b. Employees

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. A common security problem is:

a. Discarded storage media
b. Telephone wiretapping
c. Intelligence consultants
d. Electronic bugs

A

a. Discarded storage media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which of the following is a legal activity?

a. Competitive intelligence
b. Industrial espionage
c. Economic espionage
d. Corporate espionage

A

a. Competitive intelligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which of the following would not protect an organization from exposure to the Internet?

a. Firewall technology
b. Public networks
c. Passwords
d. Virtual private networks

A

b. Public networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. A macro virus is most difficult to:

a. Prevent
b. Detect
c. Correct
d. Attach

A

b. Detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which of the following is not an example of a first line of defense?

a. Physical security
b. Network monitors
c. Software testing
d. Quality assurance

A

c. Software testing

17
Q
  1. Which of the following is seldom considered by system users?

a. Internet security
b. Residual data security
c. Network security
d. Application system security

A

b. Residual data security

18
Q
  1. Which of the following U.S. legislation addresses privacy and security on the Internet?

a. The Encryption Communication Privacy Act
b. The Computer Security Act of 1987
c. The Privacy Act of 1974
d. The Economic Espionage and Protection of Proprietary Economic Information Act of 1996

A

a. The Encryption Communication Privacy Act

19
Q
  1. Limiting access to information systems should be based on which of the following?

a. Trustworthiness of employees
b. Access time frames
c. Level hierarchy
d. As requested

A

c. Level hierarchy

20
Q
  1. Which of the following is more risky?
    a. Permanent access
    b. Guest access
    c. Temporary access
    d. Contractor access
A

c. Temporary access

21
Q
  1. Which of the following provides the most valuable information about a network’s vulnerabilities?

a. Periodic drills
b. Periodic staged intrusions
c. Periodic policy updates
d. Periodic procedure updates

A

b. Periodic staged intrusions

22
Q
  1. The System Administrator’s Tool for Analyzing Networks (SATAN) is an example of:

a. A staged intrusion test
b. A computer virus test
c. A host firewall test
d. A Trojan horse test

A

a. A staged intrusion test

23
Q
  1. Which of the following is not a problem associated with bootleg (pirated) software?

a. It allows users to obtain software from unauthorized sources
b. It introduces viruses that may exist within the software
c. It can be downloaded from the Internet
d. It can be freeware but the owner retains the copyright

A

d. It can be freeware but the owner retains the copyright

24
Q
  1. Which of the following is not usually notified at all or notified last when a computer security incident has occurred?

a. System administrator
b. Legal counsel
c. Disaster recovery coordinator
d. Hardware and software vendors

A

b. Legal counsel

25
25. Who should be the single point of contact during a computer security incident? a. The same individual who is the first point of contact b. The same individual who is the last point of contact c. The individual who has both technical and management expertise d. The individual who has the technical expertise
c. The individual who has both technical and management expertise
26
26. A risk represented by a caller reporting a computer security incident is that he could be a: a. Hardware engineer b. Social engineer c. Software engineer d. Computer engineer
b. Social engineer
27
27. A major reason why computer security incidents go unreported is: a. To avoid negative publicity b. To fix system problems c. To learn from system attacks d. To take legal action against the attacker
a. To avoid negative publicity
28
28. The major purpose of conducting a post-incident analysis for a computer security incident is: a. To determine how security threats and vulnerabilities were addressed b. To learn how the attack was done c. To recreate the original attack d. To execute the response to an attack
a. To determine how security threats and vulnerabilities were addressed
29
29. The last step when an insider violates a security policy is: a. Verbal warning b. Dismissal c. Legal action d. Written warning
c. Legal action
30
30. A security policy does not usually provide information about: a. How to implement a protective system b. How to install monitoring software c. How to respond to security violations d. How to report security violations
c. How to respond to security violations
31
31. Dumpster diving is: a. Legal b. Illegal c. Legal if not caught d. Illegal if not caught
a. Legal
32
32. A firewall can become less effective for: a. Centralized and bounded networks b. Decentralized and bounded networks c. Distributed and unbounded networks d. Distributed and bounded networks
c. Distributed and unbounded networks

CISSP Exam Test 1 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions