CISSP Questions || Correct Answers 100%.
In what phase of the Capability Maturity Model for Software (SW-CMM) are quantitative
measures utilized to gain a detailed understanding of the software development process?
A. Repeatable
B. Defined
C. Managed
D. Optimizing correct answers C
Which one of the following is a layer of the ring protection scheme that is not normally
implemented in practice?
A. Layer 0
B. Layer 1
C. Layer 3
D. Layer 4 correct answers B
What is the value of the logical operation shown here?
X: 0 1 1 0 1 0
Y: 0 0 1 1 0 1
X v Y: ?
A. 0 1 1 1 1 1
B. 0 1 1 0 1 0
C. 0 0 1 0 0 0
D. 0 0 1 1 0 1 correct answers X v Y, OR operation
A
In what type of cipher are the letters of the plain-text message rearranged to from the cipher text?
A. Substitution cipher
,B. Block cipher
C. Transposition cipher
D. One-time pad correct answers C
Which of the following is not a composition theory related to security models?
A. Cascading
B. Feedback
C. Iterative
D. Hookup correct answers C
The collection of the components in the TCB that work together to implement reference monitor
functions is called the
A. Security perimeter
B. Security kernel
C. Access matrix
D. Constrained interface correct answers B
What is the first step of the business impact assessment process?
A. Identification of priorities
B. Likelihood assessment
C. Risk identification
D. Resource prioritization correct answers A
What type of evidence refers to written documents that are brought into court to prove a fact?
A. Best evidence
B. Payroll evidence
C. Documentary evidence
,D. Testimonial evidence correct answers C
What is the point of a secondary verification system?
A. To verify the identity of a user
B. To verify the activities of a user
C. To verify the completeness of a system
D. To verify the correctness of a system correct answers D (CCTV)
What element of data categorization management can override all other forms of access control?
A. Classification
B. Physical access
C. Custodian responsibilities
D. Taking ownership correct answers D
Which of the following is the most important and distinctive concept in relation to layered
security?
A. Multiple
B. Series
C. Parallel
D. Filter correct answers B (security restrictions are deployed in a series, performed one after the
other in a linear fashion)
What is the primary goal of change management?
A. Maintaining documentation
B. Keeping users informed of changes
C. Allowing rollback of failed changes
D. Preventing security compromises correct answers D
, Which of the following is typically not a characteristic considered when classifying data?
A. Value
B. Size of object
C. Useful lifetime
D. National security implications correct answers B
Which of the following is the lowest military data classification for classified data?
A. Sensitive
B. Confidential
C. Proprietary
D. Private correct answers B (Top Secret, Secret, and Confidential are collectively known as
classified data)
Which commercial business/private sector data classification is used to control information about
individuals within an organization?
A. Confidential
B. Private
C. Sensitive
D. Proprietary correct answers B (the commercial business/private sector data classification of
private is used to protect information about individuals)
What is the first step that individuals responsible for the development of a business continuity
plan should perform?
A. BCP team selection
B. Business Organization analysis
C. Resource requirements analysis
D. Legal and regulatory assessment correct answers B
In what phase of the Capability Maturity Model for Software (SW-CMM) are quantitative
measures utilized to gain a detailed understanding of the software development process?
A. Repeatable
B. Defined
C. Managed
D. Optimizing correct answers C
Which one of the following is a layer of the ring protection scheme that is not normally
implemented in practice?
A. Layer 0
B. Layer 1
C. Layer 3
D. Layer 4 correct answers B
What is the value of the logical operation shown here?
X: 0 1 1 0 1 0
Y: 0 0 1 1 0 1
X v Y: ?
A. 0 1 1 1 1 1
B. 0 1 1 0 1 0
C. 0 0 1 0 0 0
D. 0 0 1 1 0 1 correct answers X v Y, OR operation
A
In what type of cipher are the letters of the plain-text message rearranged to from the cipher text?
A. Substitution cipher
,B. Block cipher
C. Transposition cipher
D. One-time pad correct answers C
Which of the following is not a composition theory related to security models?
A. Cascading
B. Feedback
C. Iterative
D. Hookup correct answers C
The collection of the components in the TCB that work together to implement reference monitor
functions is called the
A. Security perimeter
B. Security kernel
C. Access matrix
D. Constrained interface correct answers B
What is the first step of the business impact assessment process?
A. Identification of priorities
B. Likelihood assessment
C. Risk identification
D. Resource prioritization correct answers A
What type of evidence refers to written documents that are brought into court to prove a fact?
A. Best evidence
B. Payroll evidence
C. Documentary evidence
,D. Testimonial evidence correct answers C
What is the point of a secondary verification system?
A. To verify the identity of a user
B. To verify the activities of a user
C. To verify the completeness of a system
D. To verify the correctness of a system correct answers D (CCTV)
What element of data categorization management can override all other forms of access control?
A. Classification
B. Physical access
C. Custodian responsibilities
D. Taking ownership correct answers D
Which of the following is the most important and distinctive concept in relation to layered
security?
A. Multiple
B. Series
C. Parallel
D. Filter correct answers B (security restrictions are deployed in a series, performed one after the
other in a linear fashion)
What is the primary goal of change management?
A. Maintaining documentation
B. Keeping users informed of changes
C. Allowing rollback of failed changes
D. Preventing security compromises correct answers D
, Which of the following is typically not a characteristic considered when classifying data?
A. Value
B. Size of object
C. Useful lifetime
D. National security implications correct answers B
Which of the following is the lowest military data classification for classified data?
A. Sensitive
B. Confidential
C. Proprietary
D. Private correct answers B (Top Secret, Secret, and Confidential are collectively known as
classified data)
Which commercial business/private sector data classification is used to control information about
individuals within an organization?
A. Confidential
B. Private
C. Sensitive
D. Proprietary correct answers B (the commercial business/private sector data classification of
private is used to protect information about individuals)
What is the first step that individuals responsible for the development of a business continuity
plan should perform?
A. BCP team selection
B. Business Organization analysis
C. Resource requirements analysis
D. Legal and regulatory assessment correct answers B
