CISSP MULTIPLE CHOICE QUESTIONS
AND ANSWERS WITH COMPLETE
SOLUTIONS 100% CORRECT RATED A+
Question 1: A Business Impact Analysis (BIA) survey is designed to assess the
consequences of operational disruptions. All of the following inquiries are standard
components of a BIA questionnaire EXCEPT those that:
A. Determine the statistical likelihood of a business interruption occurring
B. Determine the technological dependence of specific business processes
C. Identify the operational impacts resulting from a business interruption
D. Identify the financial impacts resulting from a business interruption
Answer: ✔✔ B. Determine the technological dependence of specific business
processes
Question 2: Which of the following preventative security measures will most
effectively minimize data exposure and risk on a corporate laptop prior to traveling
to a high-risk international region?
A. Inspect the device chassis for signs of physical tampering
B. Enforce more stringent, hardened baseline configurations
C. Completely wipe or re-image the internal hard disk drive
D. Change the user's local account access codes
Answer: ✔✔ B. Enforce more stringent, hardened baseline configurations
Question 3: Which of the following vulnerabilities or security gaps introduces the
GREATEST and most direct threat to data confidentiality within an organization?
A. Network infrastructure redundancies are not fully implemented
B. Mandatory security awareness training has not been completed by staff
C. Physical backup tapes are generated and stored without encryption
,D. Local users are granted full administrative privileges on their workstations
Answer: ✔✔ C. Physical backup tapes are generated and stored without encryption
What is the MOST important consideration from a data security perspective when
an organization plans to relocate?
A. Ensure the fire prevention and detection systems are sufficient to protect
personnel
B. Review the architectural plans to determine how many emergency exits are
present
C. Conduct a gap analysis of a new facilities against existing security requirements
D. Revise the Disaster Recovery and Business Continuity (DR/BC) plan -
ANSWER ✔✔C. Conduct a gap analysis of a new facilities against existing
security requirements
A company whose Information Technology (IT) services are being delivered from a
Tier 4 data center, is preparing a companywide Business Continuity
Planning(BCP). Which of the following failures should the IT manager be
concerned with?
A. Application
B. Storage
C. Power
D. Network -ANSWER ✔✔A. Application ??
When assessing an organization's security policy according to standards established
by the International Organization for Standardization (ISO) 27001 and 27002, when
can management responsibilities be defined?
A. Only when assets are clearly defined
B. Only when standards are defined
C. Only when controls are put in place
,D. Only procedures are defined -ANSWER ✔✔A. Only when assets are clearly
defined
Which of the following types of technologies would be the MOST cost-effective
method to provide a reactive control for protecting personnel in public areas?
A. Install mantraps at the building entrances
B. Enclose the personnel entry area with polycarbonate plastic
C. Supply a duress alarm for personnel exposed to the public
D. Hire a guard to protect the public area -ANSWER ✔✔C. Supply a duress alarm
for personnel exposed to the public
An important principle of defense in depth is that achieving information security
requires a balanced focus on which PRIMARY elements?
A. Development, testing, and deployment
B. Prevention, detection, and remediation
C. People, technology, and operations
D. Certification, accreditation, and monitoring -ANSWER ✔✔C. People,
technology, and operations
Intellectual property rights are PRIMARY concerned with which of the following?
A. Owner's ability to realize financial gain
B. Owner's ability to maintain copyright
C. Right of the owner to enjoy their creation
D. Right of the owner to control delivery method -ANSWER ✔✔A. Owner's ability
to realize financial gain
, A control to protect from a Denial-of-Service (DoS) attach has been determined to
stop 50% of attacks, and additionally reduces the impact of an attack by 50%.
What is the residual risk?
A. 25%
B. 50%
C. 75%
D. 100% -ANSWER ✔✔A. 25%
In the Open System Interconnection (OSI) model, which layer is responsible for the
transmission of binary data over a communications network?
A. Physical Layer
B. Application Layer
C. Data-Link Layer
D. Network Layer -ANSWER ✔✔A. Physical Layer
What is the term commonly used to refer to a technique of authentication one
machine to another by forging packets from a trusted source?What is the term
commonly used to refer to a technique of authentication one machine to another by
forging packets from a trusted source?
A. Smurfing
B. Man-in-the-Middle (MITM) attack
C. Session redirect
D. Spoofing -ANSWER ✔✔D. Spoofing
Which of the following entails identification of data and links to business
processes, applications, and data stores as well as assignment of ownership
responsibilities?
AND ANSWERS WITH COMPLETE
SOLUTIONS 100% CORRECT RATED A+
Question 1: A Business Impact Analysis (BIA) survey is designed to assess the
consequences of operational disruptions. All of the following inquiries are standard
components of a BIA questionnaire EXCEPT those that:
A. Determine the statistical likelihood of a business interruption occurring
B. Determine the technological dependence of specific business processes
C. Identify the operational impacts resulting from a business interruption
D. Identify the financial impacts resulting from a business interruption
Answer: ✔✔ B. Determine the technological dependence of specific business
processes
Question 2: Which of the following preventative security measures will most
effectively minimize data exposure and risk on a corporate laptop prior to traveling
to a high-risk international region?
A. Inspect the device chassis for signs of physical tampering
B. Enforce more stringent, hardened baseline configurations
C. Completely wipe or re-image the internal hard disk drive
D. Change the user's local account access codes
Answer: ✔✔ B. Enforce more stringent, hardened baseline configurations
Question 3: Which of the following vulnerabilities or security gaps introduces the
GREATEST and most direct threat to data confidentiality within an organization?
A. Network infrastructure redundancies are not fully implemented
B. Mandatory security awareness training has not been completed by staff
C. Physical backup tapes are generated and stored without encryption
,D. Local users are granted full administrative privileges on their workstations
Answer: ✔✔ C. Physical backup tapes are generated and stored without encryption
What is the MOST important consideration from a data security perspective when
an organization plans to relocate?
A. Ensure the fire prevention and detection systems are sufficient to protect
personnel
B. Review the architectural plans to determine how many emergency exits are
present
C. Conduct a gap analysis of a new facilities against existing security requirements
D. Revise the Disaster Recovery and Business Continuity (DR/BC) plan -
ANSWER ✔✔C. Conduct a gap analysis of a new facilities against existing
security requirements
A company whose Information Technology (IT) services are being delivered from a
Tier 4 data center, is preparing a companywide Business Continuity
Planning(BCP). Which of the following failures should the IT manager be
concerned with?
A. Application
B. Storage
C. Power
D. Network -ANSWER ✔✔A. Application ??
When assessing an organization's security policy according to standards established
by the International Organization for Standardization (ISO) 27001 and 27002, when
can management responsibilities be defined?
A. Only when assets are clearly defined
B. Only when standards are defined
C. Only when controls are put in place
,D. Only procedures are defined -ANSWER ✔✔A. Only when assets are clearly
defined
Which of the following types of technologies would be the MOST cost-effective
method to provide a reactive control for protecting personnel in public areas?
A. Install mantraps at the building entrances
B. Enclose the personnel entry area with polycarbonate plastic
C. Supply a duress alarm for personnel exposed to the public
D. Hire a guard to protect the public area -ANSWER ✔✔C. Supply a duress alarm
for personnel exposed to the public
An important principle of defense in depth is that achieving information security
requires a balanced focus on which PRIMARY elements?
A. Development, testing, and deployment
B. Prevention, detection, and remediation
C. People, technology, and operations
D. Certification, accreditation, and monitoring -ANSWER ✔✔C. People,
technology, and operations
Intellectual property rights are PRIMARY concerned with which of the following?
A. Owner's ability to realize financial gain
B. Owner's ability to maintain copyright
C. Right of the owner to enjoy their creation
D. Right of the owner to control delivery method -ANSWER ✔✔A. Owner's ability
to realize financial gain
, A control to protect from a Denial-of-Service (DoS) attach has been determined to
stop 50% of attacks, and additionally reduces the impact of an attack by 50%.
What is the residual risk?
A. 25%
B. 50%
C. 75%
D. 100% -ANSWER ✔✔A. 25%
In the Open System Interconnection (OSI) model, which layer is responsible for the
transmission of binary data over a communications network?
A. Physical Layer
B. Application Layer
C. Data-Link Layer
D. Network Layer -ANSWER ✔✔A. Physical Layer
What is the term commonly used to refer to a technique of authentication one
machine to another by forging packets from a trusted source?What is the term
commonly used to refer to a technique of authentication one machine to another by
forging packets from a trusted source?
A. Smurfing
B. Man-in-the-Middle (MITM) attack
C. Session redirect
D. Spoofing -ANSWER ✔✔D. Spoofing
Which of the following entails identification of data and links to business
processes, applications, and data stores as well as assignment of ownership
responsibilities?
