1
CISp525
1. Whatpnamepispgivenptopapmethodpofpdevelopingpsoftwarepthatpispbasedponpsmallpprojectpit
erations,porpsprints,pinsteadpofplongpprojectpschedules?
baselinepwaterf
allpmodel
agilepdevelopment
sprint
2. Theptermpcloudpcomputingprefersptoptheppracticepofpusingpcomputingpservicespthatparepdeliveredpo
verpapnetwork.
True
p
False
3. Disasterprefersptopthepamountpofpharmpapthreatpcanpcausepbypexploitingpapvulnerability.p
True
False
4. Inpap
,pthepattackerpsendspaplargepnumberpofppacketsprequestingpconnectionsptopthepvictimpcompute
r.
brute-forceppasswordpattack
SYNflood
dictionaryppasswordpattackpmasqu
eradepattack
5. Whatpispmeantpbypapplicationpconvergence?
Apbasicpdigitalpsignalingpratepthatpcorrespondsptoponepvoice-frequency-
equivalentpchannel.pAlthoughptheptruepdatapratepforpDS0pisp64pkpbit/s,pthepeffectivepdatapratepforpapsin
glepvoicepchannelpwhenpusingpDS0pisp56pkpbit/s.
Thepintegrationpofpapplicationsptopenhancepproductivity.pUnifiedpcommunicationspispanp
examplepofpapplicationpconvergence.pUnifiedpcommunicationspintegratesrecordedpvoicep
messagespintope-mailpsopthatpvoicepmessagesparepretrievablepviape-mail.
AnpattackpthatpusesppingporpICMPpecho-request,pecho-
replypmessagesptopbringpdownpthepavailabilitypofpapserverporpsystem.pDDoSpattackspinitiatepfrompmo
repthanponephostpdevice.
Aptermpusedptopdescribepstreamliningpprocessespwithpautomationporpsimplifiedpsteps.
,2
CISp525
6. Thepworldpneedsppeoplepwhopunderstandpcomputer-systemsp
andpwhopcanpprotectpcomputerspandpnetworksfrompcriminalspandpterrorists.
applicationspco
nnectivitypsecu
ritypintegrity
7. SecuritypcontrolspdopnotpneedptopbepimplementedptopsecurepVoIPpandpSIPponpLANspandWANs.pT
rue
False
9. Whatpnamepispgivenptopapcomparisonpofpsecuritypcontrolspinpplacepandpthepcontrolspthatparepn
eededptopaddresspallpidentifiedpthreats?
riskpmethodologypga
ppanalysispexposurep
factorp(EF)
qualitativepriskpanalysis
10. Thepgoalpandpobjectivepofpap
isptopprovidepapconsistentpdefinitionforphowpanporganizationpshouldphandlepandpsecurepdif
ferentptypespofpdata.
businesspcontinuitypplanp(BCP)ppol
icy
businesspimpactpanalysisp(BIA)
datapclassificationpstandard
11. WhatpnamepispgivenptopanpattackpthatpusesppingporpICMPpecho-request,pecho-
replypmessagesptopbringpdownpthepavailabilitypofpapserverporpsystem?
denialpofpservicep(DoS)
12. Aptime-
basedpsynchronizationpsystempispapmechanismpthatplimitspaccessptopcomputerpsystemspandpnetwor
kpresources.
True
False
13. Manypjurisdictionsprequirepauditspbyplaw.
True
,3
CISp525
False
14. Whichpofpthepfollowingpispthepdefinitionpofpfalsepnegative?p
Thepprocesspofpgatheringpthepwrongpinformation.
Incorrectlypidentifyingpabnormalpactivitypaspnormal.
Analysispofpactivitypaspitpisphappening.
Apmethodpofpsecurityptestingpthatpisn’tpbasedpdirectlyponpknowledgepofpapprogram’sarchitecture.
15. Anporganizationpcanpchooseptopplanpforpanypinterruptionptimepframe,pbutpinpmanypBIAs,prestorat
ionpplanspassumepthatpaccessptopprimarypresourcespwillpnotpbeppossiblepforpatpleastp60pdays.
True
False
16. Whatptermpispusedptopdescribepapreconnaissanceptechniquepthatpenablespanpattackerptopusepportp
mappingptoplearnpwhichpoperatingpsystempandpversionparerunningponpapcomputer?
falsepnegative
operatingpsystempfingerprinting
SecuritypInformationpandpEventpManagementp(SIEM)psystempnetwor
kpmapping
17. WarpdialersparepbecomingpmorepfrequentlypusedpgivenptheprisepofpdigitaltelephonypandpnowpIPpt
elephonyporpVoicepoverpIPp(VoIP).
True
False
18. Thep
inpanalogpcommunicationspisponeperrorpforpeveryp1,000pbitspsent;pinpdigitalpcommunication
s,pthep isponeperrorpforpeveryp1,000,000pbitspsent.
bitperrorprate
19. Thepannualpprobabilitypthatpapstatedpthreatpwillpbeprealizedpispcalledpapsecuritypgap.p
True
False
20. Whatptermpispusedptopdescribepsomethingpbuiltinporpusedpinpapsystemptopaddresspgapsporp
weaknessespinpthepcontrolspthatpcouldpotherwisepleadptopanpexploit?
safeguard
, 4
CISp525
countermeasurept
echnicalpcontrolp
detectivepcontrol
21. Whatpispmeantpbypgray-boxptesting?
Anypactivitiespdesignedptopreducepthepseveritypofpapvulnerabilityporpremovepitpaltogether.
Securityptestingpthatpispbasedponplimitedpknowledgepofpanpapplication’spdesign.
Aptechniquepofpmatchingpnetworkptrafficpwithprulesporpsignaturespbasedponpthepappearancepofptheptraf
ficpandpitsprelationshipptopotherppackets.
Analysispofpactivitypaspitpisphappening.
22. Apcompliancepliaisonpworkspwithpeachpdepartmentptopensurepthatpitpunderstands,pimplements,pa
ndpmonitorspcompliancepinpaccordancepwithptheporganization’sppolicies.
True
False
23. AspuserspupgradepLANsptopGigEporp10GigE,pswitchespmustpsupportp
andpdatapIPptraffic.
voice
communicationsp multimoda
lpcommunicationspnetworks
24. Theptermpasynchronousptokenprefersptopanpauthenticationptokenpusedptopprocesspchallenge-
presponsepauthenticationpwithpapserver.pTheptokenptakespthepserver’spchallengepvaluepandpcalculatesp
apresponse.pThepuserpenterspthepresponseptopauthenticatepapconnection.
True
False
25. Whenpvoicepsignalspconvertedpfrompanalogptopdigital,pvoicepandpdatapcommunicationspcouldpt
ravelponpapdifferentpcircuit.
True
False
CISp525
1. Whatpnamepispgivenptopapmethodpofpdevelopingpsoftwarepthatpispbasedponpsmallpprojectpit
erations,porpsprints,pinsteadpofplongpprojectpschedules?
baselinepwaterf
allpmodel
agilepdevelopment
sprint
2. Theptermpcloudpcomputingprefersptoptheppracticepofpusingpcomputingpservicespthatparepdeliveredpo
verpapnetwork.
True
p
False
3. Disasterprefersptopthepamountpofpharmpapthreatpcanpcausepbypexploitingpapvulnerability.p
True
False
4. Inpap
,pthepattackerpsendspaplargepnumberpofppacketsprequestingpconnectionsptopthepvictimpcompute
r.
brute-forceppasswordpattack
SYNflood
dictionaryppasswordpattackpmasqu
eradepattack
5. Whatpispmeantpbypapplicationpconvergence?
Apbasicpdigitalpsignalingpratepthatpcorrespondsptoponepvoice-frequency-
equivalentpchannel.pAlthoughptheptruepdatapratepforpDS0pisp64pkpbit/s,pthepeffectivepdatapratepforpapsin
glepvoicepchannelpwhenpusingpDS0pisp56pkpbit/s.
Thepintegrationpofpapplicationsptopenhancepproductivity.pUnifiedpcommunicationspispanp
examplepofpapplicationpconvergence.pUnifiedpcommunicationspintegratesrecordedpvoicep
messagespintope-mailpsopthatpvoicepmessagesparepretrievablepviape-mail.
AnpattackpthatpusesppingporpICMPpecho-request,pecho-
replypmessagesptopbringpdownpthepavailabilitypofpapserverporpsystem.pDDoSpattackspinitiatepfrompmo
repthanponephostpdevice.
Aptermpusedptopdescribepstreamliningpprocessespwithpautomationporpsimplifiedpsteps.
,2
CISp525
6. Thepworldpneedsppeoplepwhopunderstandpcomputer-systemsp
andpwhopcanpprotectpcomputerspandpnetworksfrompcriminalspandpterrorists.
applicationspco
nnectivitypsecu
ritypintegrity
7. SecuritypcontrolspdopnotpneedptopbepimplementedptopsecurepVoIPpandpSIPponpLANspandWANs.pT
rue
False
9. Whatpnamepispgivenptopapcomparisonpofpsecuritypcontrolspinpplacepandpthepcontrolspthatparepn
eededptopaddresspallpidentifiedpthreats?
riskpmethodologypga
ppanalysispexposurep
factorp(EF)
qualitativepriskpanalysis
10. Thepgoalpandpobjectivepofpap
isptopprovidepapconsistentpdefinitionforphowpanporganizationpshouldphandlepandpsecurepdif
ferentptypespofpdata.
businesspcontinuitypplanp(BCP)ppol
icy
businesspimpactpanalysisp(BIA)
datapclassificationpstandard
11. WhatpnamepispgivenptopanpattackpthatpusesppingporpICMPpecho-request,pecho-
replypmessagesptopbringpdownpthepavailabilitypofpapserverporpsystem?
denialpofpservicep(DoS)
12. Aptime-
basedpsynchronizationpsystempispapmechanismpthatplimitspaccessptopcomputerpsystemspandpnetwor
kpresources.
True
False
13. Manypjurisdictionsprequirepauditspbyplaw.
True
,3
CISp525
False
14. Whichpofpthepfollowingpispthepdefinitionpofpfalsepnegative?p
Thepprocesspofpgatheringpthepwrongpinformation.
Incorrectlypidentifyingpabnormalpactivitypaspnormal.
Analysispofpactivitypaspitpisphappening.
Apmethodpofpsecurityptestingpthatpisn’tpbasedpdirectlyponpknowledgepofpapprogram’sarchitecture.
15. Anporganizationpcanpchooseptopplanpforpanypinterruptionptimepframe,pbutpinpmanypBIAs,prestorat
ionpplanspassumepthatpaccessptopprimarypresourcespwillpnotpbeppossiblepforpatpleastp60pdays.
True
False
16. Whatptermpispusedptopdescribepapreconnaissanceptechniquepthatpenablespanpattackerptopusepportp
mappingptoplearnpwhichpoperatingpsystempandpversionparerunningponpapcomputer?
falsepnegative
operatingpsystempfingerprinting
SecuritypInformationpandpEventpManagementp(SIEM)psystempnetwor
kpmapping
17. WarpdialersparepbecomingpmorepfrequentlypusedpgivenptheprisepofpdigitaltelephonypandpnowpIPpt
elephonyporpVoicepoverpIPp(VoIP).
True
False
18. Thep
inpanalogpcommunicationspisponeperrorpforpeveryp1,000pbitspsent;pinpdigitalpcommunication
s,pthep isponeperrorpforpeveryp1,000,000pbitspsent.
bitperrorprate
19. Thepannualpprobabilitypthatpapstatedpthreatpwillpbeprealizedpispcalledpapsecuritypgap.p
True
False
20. Whatptermpispusedptopdescribepsomethingpbuiltinporpusedpinpapsystemptopaddresspgapsporp
weaknessespinpthepcontrolspthatpcouldpotherwisepleadptopanpexploit?
safeguard
, 4
CISp525
countermeasurept
echnicalpcontrolp
detectivepcontrol
21. Whatpispmeantpbypgray-boxptesting?
Anypactivitiespdesignedptopreducepthepseveritypofpapvulnerabilityporpremovepitpaltogether.
Securityptestingpthatpispbasedponplimitedpknowledgepofpanpapplication’spdesign.
Aptechniquepofpmatchingpnetworkptrafficpwithprulesporpsignaturespbasedponpthepappearancepofptheptraf
ficpandpitsprelationshipptopotherppackets.
Analysispofpactivitypaspitpisphappening.
22. Apcompliancepliaisonpworkspwithpeachpdepartmentptopensurepthatpitpunderstands,pimplements,pa
ndpmonitorspcompliancepinpaccordancepwithptheporganization’sppolicies.
True
False
23. AspuserspupgradepLANsptopGigEporp10GigE,pswitchespmustpsupportp
andpdatapIPptraffic.
voice
communicationsp multimoda
lpcommunicationspnetworks
24. Theptermpasynchronousptokenprefersptopanpauthenticationptokenpusedptopprocesspchallenge-
presponsepauthenticationpwithpapserver.pTheptokenptakespthepserver’spchallengepvaluepandpcalculatesp
apresponse.pThepuserpenterspthepresponseptopauthenticatepapconnection.
True
False
25. Whenpvoicepsignalspconvertedpfrompanalogptopdigital,pvoicepandpdatapcommunicationspcouldpt
ravelponpapdifferentpcircuit.
True
False
