CISSP QUIZ 5+6 QUESTIONS AND
ANSWERS WITH COMPLETE
SOLUTIONS 100% CORRECT RATED
A+
Question 1: Within the Identity and Access Management (IAM) framework, what
is the primary purpose of the "authorization" phase?
Answer: ✔✔ Verifying an access request against a user's established access
permissions or rights.
Question 2: When conducting an IT audit, which specific type of evaluation is
designed to review the actual practices and operational procedures that employees
are trained to follow?
Answer: ✔✔ Personnel Testing
Question 3: What type of security vulnerability is located deep within the core
components of an operating system?
Answer: ✔✔ Kernel flaws
Question 4: Which of the following statements provides the best definition for
"access controls"?
Answer: ✔✔ Technical measures used to regulate and control how users and
systems interact with digital resources.
Question 5: To successfully prevent ransomware from silently corrupting or
encrypting an organization's historical archives without being noticed, which
security practice is required?
Answer: ✔✔ Verification of data backups
, Question 6: What is the very first step when initiating a comprehensive
Information Security Audit Process?
Answer: ✔✔ Determining the goals.
Determining the goals. -ANSWER ✔✔The Information Security Audit Process
starts with:
Authoritative source or location used to store and maintain identity information -
ANSWER ✔✔What is a "system of record?"
Authorization -ANSWER ✔✔____ is the process by which a system determines if
a subject is allowed to access a resource.
All of the listed choices are correct -ANSWER ✔✔Which of the following
countermeasures can be used to prevent tampering with log files?
Physical testing -ANSWER ✔✔Which type of testing is used to determine the
effectiveness of perimeter defenses such as door locks, guards,and fences?
All listed choices are correct. -ANSWER ✔✔Unsafe online behavior occurs when
_____.
Security Awareness Training -ANSWER ✔✔Which of the following types of
training is intended to help employees recognize and respond to security issues?
ANSWERS WITH COMPLETE
SOLUTIONS 100% CORRECT RATED
A+
Question 1: Within the Identity and Access Management (IAM) framework, what
is the primary purpose of the "authorization" phase?
Answer: ✔✔ Verifying an access request against a user's established access
permissions or rights.
Question 2: When conducting an IT audit, which specific type of evaluation is
designed to review the actual practices and operational procedures that employees
are trained to follow?
Answer: ✔✔ Personnel Testing
Question 3: What type of security vulnerability is located deep within the core
components of an operating system?
Answer: ✔✔ Kernel flaws
Question 4: Which of the following statements provides the best definition for
"access controls"?
Answer: ✔✔ Technical measures used to regulate and control how users and
systems interact with digital resources.
Question 5: To successfully prevent ransomware from silently corrupting or
encrypting an organization's historical archives without being noticed, which
security practice is required?
Answer: ✔✔ Verification of data backups
, Question 6: What is the very first step when initiating a comprehensive
Information Security Audit Process?
Answer: ✔✔ Determining the goals.
Determining the goals. -ANSWER ✔✔The Information Security Audit Process
starts with:
Authoritative source or location used to store and maintain identity information -
ANSWER ✔✔What is a "system of record?"
Authorization -ANSWER ✔✔____ is the process by which a system determines if
a subject is allowed to access a resource.
All of the listed choices are correct -ANSWER ✔✔Which of the following
countermeasures can be used to prevent tampering with log files?
Physical testing -ANSWER ✔✔Which type of testing is used to determine the
effectiveness of perimeter defenses such as door locks, guards,and fences?
All listed choices are correct. -ANSWER ✔✔Unsafe online behavior occurs when
_____.
Security Awareness Training -ANSWER ✔✔Which of the following types of
training is intended to help employees recognize and respond to security issues?
