CISSP Practice Exam - 10 practical issues
Certified Information Systems Security Professional
After you study your text books it is important to test your newly acquired knowledge and see just how well you have absorbed the material. Practice exams....
* Reinforces what you learnt - fill in the gaps of what you missed
* Gets you used to answering questions to build confidence and familiarity
Here are 10 Multiple choice exams questions for you to practice on:
______________________________
Question 1# - Which element must computer evidence have to be admissible in court?
A.) It must be relevant
B.) It must be annotated
C.) It must be printed
D.) t must contain source code
_____________________
Question 2# - What principle requires that a user be given no more privilege then necessary to perform a job?
A. Principle of aggregate privilege.
B. Principle of most privilege.
C. Principle of effective privilege.
D. Principle of least privilege.
_____________________
Question 3# - One method to simplify the administration of access controls is to group
A. Capabilities and privileges
B. Objects and subjects
C. Programs and transactions
D. Administrators and managers
_____________________
Question 4# - What is the act of willfully changing data, using fraudulent input or removal of controls called?
A. Data diddling
B. Data contaminating
C. Data capturing
D. Data trashing
_____________________
Question 5# - What should be the size of a Trusted Computer Base?
A. Small - in order to permit it to be implemented in all critical system components without using excessive resources.
B. Small - in order to facilitate the detailed analysis necessary to prove that it meets design requirements.
C. Large - in order to accommodate the implementation of future updates without incurring the time and expense of recertification.
D. Large - in order to enable it to protect the potentially large number of resources in a typical commercial system environment.
_____________________
Question 6# - What is an error called that causes a system to be vulnerable because of the environment in which it is installed?
A.) Configuration error
B.) Environmental error
C.) Access validation error
D.) Exceptional condition handling error
_____________________
Question 7# - Which one of the following describes a reference monitor?
A. Access control concept that refers to an abstract machine that mediates all accesses to objects by subjects.
B. Audit concept that refers to monitoring and recording of all accesses to objects by subjects.
C. Identification concept that refers to the comparison of material
supplied by a user with its reference profile.
D. Network control concept that distributes the authorization of subject accesses to objects.
_____________________
Question 8# - Fault tolerance countermeasures are designed to combat threats to
A.) an uninterruptible power supply
B.) backup and retention capability
C.) design reliability
D.) data integrity
_____________________
Question 9# - The Common Criteria construct which allows prospective consumers or developers to create standardized sets of security requirements to meet there needs is
A. a Protection Profile (PP).
B. a Security Target (ST).
C. an evaluation Assurance Level (EAL).
D. a Security Functionality Component Catalog (SFCC).
_____________________
Question 10# - According to Common Criteria, what can be described as an intermediate combination of security requirement components?
A.) Protection profile (PP)
B.) Security target (ST)
C.) Package
D.) The Target of Evaluation (TOE)
_____________________
ANSWERS
Question 11# - Correct Answers: A
Question 12# - Correct Answers: D
Question 13# - Correct Answers: B
Question 14# - Correct Answers: A
Question 15# - Correct Answers: B
Question 16# - Correct Answers: B
Question 17# - Correct Answers: A
Question 18# - Correct Answers: C
Question 19# - Correct Answers: A
Question 20# - Correct Answers: C
Tag
