CISSP Sybex Official Study Guide Chapter 20 Review Questions

Question 1

Which one of the following is not a component of the DevOps model?

A. Information security
B. Software development
C. Quality assurance
D. IT operations

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 911). Wiley. Kindle Edition.

Question 2

Bob is developing a software application and has a field where users may enter a date. He wants to ensure that the values provided by the users are accurate dates to prevent security issues. What technique should Bob use?

A. Polyinstantiation
B. Input validation
C. Contamination
D. Screening

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 911). Wiley. Kindle Edition.

Question 3

What portion of the change management process allows developers to prioritize tasks?

A. Release control
B. Configuration control
C. Request control
D. Change audit

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 911). Wiley. Kindle Edition.

Question 4

What approach to failure management places the system in a high level of security?

A. Fail-open
B. Fail mitigation
C. Fail-secure
D. Fail clear

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 911). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 911). Wiley. Kindle Edition.

Question 5

What software development model uses a seven-stage approach with a feedback loop that allows progress one step backward?

A. Boyce-Codd
B. Waterfall
C. Spiral
D. Agile

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 911). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 911). Wiley. Kindle Edition.

Question 6

What form of access control is concerned primarily with the data stored by a field?

A. Content-dependent
B. Context-dependent
C. Semantic integrity mechanisms
D. Perturbation

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 911). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 911). Wiley. Kindle Edition.

Question 7

Which one of the following key types is used to enforce referential integrity between database tables?

A. Candidate key
B. Primary key
C. Foreign key
D. Super key

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 912). Wiley. Kindle Edition.

Question 8

Richard believes that a database user is misusing his privileges to gain information about the company’s overall business trends by issuing queries that combine data from a large number of records. What process is the database user taking advantage of?

A. Inference
B. Contamination
C. Polyinstantiation
D. Aggregation

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 912). Wiley. Kindle Edition.

Question 9

What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them?

A. Inference
B. Manipulation
C. Polyinstantiation
D. Aggregation

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 912). Wiley. Kindle Edition.

Question 10

Which one of the following is not a principle of Agile development?

A. Satisfy the customer through early and continuous delivery.
B. Business people and developers work together.
C. Pay continuous attention to technical excellence.
D. Prioritize security over other requirements.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 912). Wiley. Kindle Edition.

Question 11

What type of information is used to form the basis of an expert system’s decision-making process?

A. A series of weighted layered computations
B. Combined input from a number of human experts, weighted according to past performance
C. A series of “if/then” rules codified in a knowledge base
D. A biological decision-making process that simulates the reasoning process used by the human mind

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 912). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 912). Wiley. Kindle Edition.