CISSP PRACTICE TEST (DOMAIN 1)
QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS (GRADED A+)
Question 1 Alyssa is responsible for her organization's security awareness
program. She is concerned that rapid advancements and changes in
technology may make the current training content outdated. What specific
control should she put in place to protect against this risk?
ANSWER: Content Reviews (Regular, scheduled review and update cycles
for training materials) ✔✔
Question 2 Gavin is creating a executive report for management on the results
of his most recent risk assessment. In his report, he would like to identify the
remaining level of risk to the organization after security controls have been
formally adopted and implemented. What security term best describes this
current level of risk?
ANSWER: Residual Risk ✔✔
Note: This is calculated as the baseline risk remaining after controls are applied:
$$\text{Residual Risk} = \text{Inherent Risk} - \text{Impact of Controls}$$
Question 3 FlyAway Travel has offices in both the EU and the US and
transfers personal information between those offices regularly. They have
recently received a request from an EU customer requesting that their account
be terminated entirely. Under the General Data Protection Regulation
(GDPR), which specific requirement states that individuals may request that
their personal data be permanently erased and no longer disseminated or
processed?
ANSWER: The right to be forgotten (also formally known as the Right to
Erasure under GDPR Article 17) ✔✔
, Transfer -ANSWER ✔✔After conducting a qualitative risk assessment of her
organization, Sally recommends purchasing cybersecurity breach insurance. What
type of risk response behavior is she recommending?
Student ID number -ANSWER ✔✔Which of the following elements of info is not
considered personally identifiable info that would trigger most US stat data breach
laws?
Prudent man rule -ANSWER ✔✔Renee is speaking to her board of directors about
their responsibilities to review cybersecurity controls. What rule requires that senior
executives take personal responsibility for info sec matters?
Any certified or licensed professional may bring charges -ANSWER ✔✔Henry
recently assisted one of his co-workers in preparing fo the CISSP exam. During this
process, Henry disclosed confidential info about the content of the exam, in
violation of Canon IV of the Code of Ethics: "Advance and protect the profession,"
Who may bring ethics charges against Henry for this violation?
Standard contractual clauses -ANSWER ✔✔Wanda is working with one of her
organizations EU business partners to facilitate the exchange of customer info.
Wanda's organization is located in the US. What would be the best method for
Wanda to use to ensure GDPR?
GLBA -ANSWER ✔✔Yolanda is the chief privacy officer for a financial
institution and is researching privacy requirements related to customer checking
accounts. Which one of the following laws is most likely to apply to this situation?
QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS (GRADED A+)
Question 1 Alyssa is responsible for her organization's security awareness
program. She is concerned that rapid advancements and changes in
technology may make the current training content outdated. What specific
control should she put in place to protect against this risk?
ANSWER: Content Reviews (Regular, scheduled review and update cycles
for training materials) ✔✔
Question 2 Gavin is creating a executive report for management on the results
of his most recent risk assessment. In his report, he would like to identify the
remaining level of risk to the organization after security controls have been
formally adopted and implemented. What security term best describes this
current level of risk?
ANSWER: Residual Risk ✔✔
Note: This is calculated as the baseline risk remaining after controls are applied:
$$\text{Residual Risk} = \text{Inherent Risk} - \text{Impact of Controls}$$
Question 3 FlyAway Travel has offices in both the EU and the US and
transfers personal information between those offices regularly. They have
recently received a request from an EU customer requesting that their account
be terminated entirely. Under the General Data Protection Regulation
(GDPR), which specific requirement states that individuals may request that
their personal data be permanently erased and no longer disseminated or
processed?
ANSWER: The right to be forgotten (also formally known as the Right to
Erasure under GDPR Article 17) ✔✔
, Transfer -ANSWER ✔✔After conducting a qualitative risk assessment of her
organization, Sally recommends purchasing cybersecurity breach insurance. What
type of risk response behavior is she recommending?
Student ID number -ANSWER ✔✔Which of the following elements of info is not
considered personally identifiable info that would trigger most US stat data breach
laws?
Prudent man rule -ANSWER ✔✔Renee is speaking to her board of directors about
their responsibilities to review cybersecurity controls. What rule requires that senior
executives take personal responsibility for info sec matters?
Any certified or licensed professional may bring charges -ANSWER ✔✔Henry
recently assisted one of his co-workers in preparing fo the CISSP exam. During this
process, Henry disclosed confidential info about the content of the exam, in
violation of Canon IV of the Code of Ethics: "Advance and protect the profession,"
Who may bring ethics charges against Henry for this violation?
Standard contractual clauses -ANSWER ✔✔Wanda is working with one of her
organizations EU business partners to facilitate the exchange of customer info.
Wanda's organization is located in the US. What would be the best method for
Wanda to use to ensure GDPR?
GLBA -ANSWER ✔✔Yolanda is the chief privacy officer for a financial
institution and is researching privacy requirements related to customer checking
accounts. Which one of the following laws is most likely to apply to this situation?
