CISSP Prep Quiz: Domain 1
This quiz contains example questions for the CISSP certification exam. The questions in this quiz were taken from the:OFFICIAL (ISC)2® GUIDE TO THE CISSP® EXAM
- 1.
2. Masquerading is:
- A.
Attempting to hack a system through backdoors to an operating system or application
- B.
Pretending to be an authorized user
- C.
Always done through IP spoofing
- D.
Applying a subnet mask to an internal IP range
Correct Answer
B. Pretending to be an authorized userExplanation
Answer b:
Pretending to be the authorized user.Rate this question:
-
- 2.
3. Integrity is protection of data from all of the following EXCEPT:
- A.
Unauthorized changes
- B.
Accidental changes
- C.
Data analysis
- D.
Intentional manipulation
Correct Answer
C. Data analysisExplanation
Answer c:
Integrity is the protection of system information or processes from intentional or accidental unauthorized changes. Data analysis would usually be associated with confidentiality.Rate this question:
-
- 3.
4. A security program cannot address which of the following business goals?
- A.
Accuracy of information
- B.
Change control
- C.
User expectations
- D.
Prevention of fraud
Correct Answer
C. User expectationsExplanation
A security program focuses on protecting an organization's assets, information, and resources from unauthorized access, threats, and vulnerabilities. While user expectations are important for overall user satisfaction and experience, they are not directly addressed by a security program. The other options (A, B, and D) are all aspects that a security program can address to varying degrees.Rate this question:
-
- 4.
5. In most cases, integrity is enforced through:
- A.
Physical security
- B.
Logical security
- C.
Confidentiality
- D.
Access controls
Correct Answer
D. Access controlsExplanation
Answer d:
Integrity depends on access controls; therefore, it is necessary to positively and uniquely identify and authorize all persons who attempt access.
Answers a and b are good but not thorough enough on their own — they are portions of a complete access control system.Rate this question:
-
- 5.
7. In an accounting department, several people are required to complete a financial process. This is most likely an example of:
- A.
Segregation of duties
- B.
Rotation of duties
- C.
Need-to-know
- D.
Collusion
Correct Answer
A. Segregation of dutiesExplanation
Answer a:
No single employee has control of a transaction from beginning to end; two or more people should be responsible for performing it.Rate this question:
-
- 6.
8. Risk Management is commonly understood as all of the following EXCEPT:
- A.
Analyzing and assessing risk
- B.
Identifying risk
- C.
Accepting or mitigation of risk
- D.
Likelihood of a risk occurring
Correct Answer
D. Likelihood of a risk occurringExplanation
Answer d:
The processes of identifying, analyzing, and assessing, mitigating, or transferring risk is generally characterized as risk management.Rate this question:
-
- 7.
9. The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as:
- A.
Exposure Factor (EF)
- B.
Annualized Rate of Occurrence (ARO)
- C.
Vulnerability
- D.
Likelihood
Correct Answer
A. Exposure Factor (EF)Explanation
Answer a:
This factor represents a measure of the magnitude of loss or
impact on the value of an asset. It is expressed as a percent, ranging from 0% to 100%, of asset value loss arising from a threat event. This factor is used in the calculation of single loss expectancy (SLE).Rate this question:
-
- 8.
10. The absence of a fire-suppression system would be best characterized as a(n):
- A.
Exposure
- B.
Threat
- C.
Vulnerability
- D.
Risk
Correct Answer
C. VulnerabilityExplanation
Answer c:
This term characterizes the absence or weakness of a risk-reducing safeguard.Rate this question:
-
- 9.
11. Risk Assessment includes all of the following EXCEPT:
- A.
Implementation of effective countermeasures
- B.
Ensuring that risk is managed
- C.
Analysis of the current state of security in the target environment
- D.
Strategic analysis of risk
Correct Answer
A. Implementation of effective countermeasuresExplanation
Answer a:
Fundamental applications of risk assessment to be addressed
include (1) determining the current status of information security in the target environment(s) and ensuring that associated risk is managed (accepted, mitigated, or transferred) according to policy, and (2) assessing risk strategically.Rate this question:
-
- 10.
12. A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?
- A.
Automated tools
- B.
Adoption of qualitative risk assessment processes
- C.
Increased reliance on internal experts for risk assessment
- D.
Recalculation of the work factor
Correct Answer
A. Automated toolsExplanation
Answer a:
The best automated tools currently available include a well researched threat population and associated statistics. Using one of these tools virtually assures that no relevant threat is overlooked.Rate this question:
-
- 11.
13. Data classification can assist an organization in:
- A.
Eliminating regulatory mandates
- B.
Lowering accountability of data classifiers
- C.
Reducing costs for protecting data
- D.
Normalization of databases
Correct Answer
C. Reducing costs for protecting dataExplanation
Answer c:
Data classification is intended to lower the cost of overprotecting all data.Rate this question:
-
- 12.
Who “owns” an organization’s data?
- A.
Information technology group
- B.
Users
- C.
Data custodians
- D.
Business units
Correct Answer
D. Business unitsExplanation
Answer d:
The business units, not IT (information technology), own the
data. Decisions regarding who has what access, what classification the data should be assigned, etc., are decisions that rest solely with the business data owner and based on organization policy.Rate this question:
-
- 13.
15. An information security policy does NOT usually include:
- A.
Authority for information security department
- B.
Guidelines for how to implement policy
- C.
Basis for data classification
- D.
Recognition of information as an asset of the organization
Correct Answer
B. Guidelines for how to implement policyExplanation
Answer b:
Policy is written at a very high level and is intended to describe the “whats” of information security. Procedures, standards, baselines, and guidelines are the “hows” for implementation of the policy.Rate this question:
-
- 14.
16. The role of an information custodian should NOT include:
- A.
Restoration of lost or corrupted data
- B.
Regular backups of data
- C.
Establishing retention periods for data
- D.
Ensuring the availability of data
Correct Answer
C. Establishing retention periods for dataExplanation
Answer c:
Ensure record retention requirements are met based on the information owner’s analysis.Rate this question:
-
- 15.
17. A main objective of awareness training is:
- A.
Provide understanding of responsibilities
- B.
Entertaining the users through creative programs
- C.
Overcoming all resistance to security procedures
- D.
To be repetitive to ensure accountability
Correct Answer
A. Provide understanding of responsibilitiesExplanation
Answer a:
All employees must understand their basic security responsibilities.Rate this question:
-
- 16.
18. What is a primary target of a person employing social engineering?
- A.
An individual
- B.
A policy
- C.
Government agencies
- D.
An information system
Correct Answer
A. An individualExplanation
Answer a:
Social engineering deals with individual dynamics as opposed to group dynamics, as the primary targets are help desks and/or administrative or technical support people.Rate this question:
-
- 17.
19. Social engineering can take many forms EXCEPT:
- A.
Dumpster diving
- B.
Coercion or intimidation
- C.
Sympathy
- D.
Eavesdropping
Correct Answer
D. EavesdroppingExplanation
Social engineering is a manipulation tactic used to deceive individuals into divulging confidential information or taking certain actions. While it can involve tactics like dumpster diving (searching through trash for information), coercion, or sympathy, eavesdropping typically refers to the act of secretly listening to conversations, which is a different method of information gathering rather than manipulation.Rate this question:
-
- 18.
20. Incident response planning can be instrumental in:
- A.
Meeting regulatory requirements
- B.
Creating customer loyalty
- C.
Reducing the impact of an adverse event on the organization
- D.
Ensuring management makes the correct decisions in a crisis
Correct Answer
C. Reducing the impact of an adverse event on the organizationExplanation
Answer c:
The goals of a well-prepared incident response team are to detect potential information security breaches and provide an effective and efficient means of dealing with the situation in a manner that reduces the potential impact to the corporation.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Sep 04, 2023Quiz Edited by
ProProfs Editorial Team -
Sep 12, 2018Quiz Created by
Andy
- ACA Quizzes
- ACCA Quizzes
- ACE Quizzes
- BCBA Quizzes
- CCP Quizzes
- CDC Quizzes
- CDCs Quizzes
- CEH Quizzes
- CISA Quizzes
- CISCO Quizzes
- CPT Quizzes
- CSA Quizzes
- CSET Quizzes
- CST Quizzes
- CSWIP Quizzes
- FTCE Quizzes
- HIPAA Quizzes
- IAHCSMM Quizzes
- ISTQB Quizzes
- LEED Ga Quizzes
- MBLEx Quizzes
- NCIDQ Quizzes
- PMP Quizzes
- PRAXIS Quizzes
- PTCB Quizzes
- Six Sigma Quizzes
- TEAS Quizzes
Back to top