CISSP Questions - version 9


1.  Access control implemented by several categories and types.  The three types are Administrative, Technical, and:

A. Preventive

B. Deterrent

C. Physical

D.  Discretionary


2.  Databases are use to combine the data from many sources into one discred source.  What new risk does this introduce?

A. Databases reduce duplication, thus redundancy is lost.

B.  Databases can create new covert channels.

C.  Database lock controls and to the passwords burden for users.

D.  Databases may enable insider inference attacks.


3.  What process identifies business functions to be recovered during a disaster?

A.  Risk analysis 

B.  Business impact analysis

C.  Threat analysis

D. Cryptanalysis


4.  In which type of cryptanlitic attack is a cryptosystem's work factory MOST relevant?

A.  Differential Cryptanlysis

B.  Chosen Plaintext Attacks supported by the algorithm

C.  Linear-Differential Cryptanalysis

D.  Brute-Force Attacks


5.  Which of the following is a standard rather than a policy?

A.  Data Classification

B.  Access Control

C.  Privacy

D.  Ethernet


6.  Computer Forensics is primarily concerned with:

A.  Detecting a problem

B.  Determining its cause

C.  Resolving a problem

D.  Discovering Evidence


7.  What is the Most secure way to dispose of information on a CD-ROM?

A.  Sanitize the CD-ROM using multiple overwrites with a standarized, evaluated software utility.

B.  Format the CD-ROM

C. Degauss the surface of the CD-ROM

D.  Physically destroy the CD-ROM


8.  This is a natural occurance that happens when unwanted signals are generated in circuits that are in close proxmity?

A.  Noise

B.  Deterrence

C.  Power Sags

D.  Brownouts


9.  In order to create virtual memory on a computer two different types of memory must be combined, they are:

A. Primary storage and RAM

B.  Li cache and Secondary storage

C.  RAM and Secondary Storage

D. VRam and Secondary Storage


10.  What would be the best tool to deal with a distributed port scan

A.  Penetration Test

B.  Event Log

C. Network Intrusion Detection System

D.  Host Intrustion Detection System


11.  Which one of the following provides access control assurance?

A.  Incident Response Handling

B.  Due Diligence 

C.  The Reference Monitor

D.  Access Control Matrix


12.  Database design module have changed over the years.  Which of the following models places the data in tables where the rows represent records and the columns represent attributes?

A.  Hierarchical Database Management System

B.  Relational Database Management System

C.  Network Database Management System

D.  Divergent Database Management System


13.  A contingency plan should be written to 

A.  Address all possible risks

B.  Remediate all vulnerabilities

C.  Prepare fro all reasonable threats

D.  Recover all operations


14.  RC4 and RC5:

A.  Are related symmetric key cryptographic algorithms although RC5 was designed to accommodate larger key sizes.

B.  Both employ repeated subsitution and permutation transformations on each block

C.  Are unrelated symmetric key cryptographic algorithms although they were created by the same individual.

D.  Address the need for message integrity contorls that resist intentional changes.


15.  Best practices include:

A.  ISO 25999

B.  Talking candy from a baby

C.  ISO 27002

D.  Understanding that ethics are situational.


16.  Which of the following is true?

A.  Changed evidence is inadmissable, but when returned to its original form might be allowed by the judge.

B.  Documneting changes to evidence protects its admissibility.

C.  Uncontrolled, modified evidence is always inadmissable.

D.  A chain of custody that accounts for a change in evidence will preserve its admissability.