CISSP Practice Quiz

This practice exam is designed as a simple self-assessment of your current state as you prepare for the CISSP exam. The CISSP is one of the most respected industry certifications for cyber security

1 / 50

In addition to the Legal department, with what company function must the collection of physical evidence be coordinated if an employee is suspected?

2 / 50

If an employee's computer has been used to commit a crime, the hard disk may be seized as evidence. Once the investigation is complete, it would follow the normal steps of the evidence life cycle. In such a case, the evidence life cycle would not include which of the following steps listed below?

3 / 50

When a potential intrusion into your organization's information system has been detected, which of the following actions should you perform first?

4 / 50

Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?

5 / 50

Business continuity and disaster recovery (BCDR) planning primarily addresses the:

6 / 50

In a database management system (DBMS), what is the "cardinality"?

7 / 50

In order to successfully prosecute an intruder:

8 / 50

A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle?

9 / 50

To be admissible in court, computer evidence must be which of the following?

10 / 50

Covert channel analysis is first introduced at which level of the TCSEC rating?

11 / 50

The security of a computer application is most effective and economical in which of the following cases?

12 / 50

Which network address translation (NAT) is the most convenient and secure solution?

13 / 50

Secure HTTP (S-HTTP) and Secure Electronic Transaction (SET) operate at which layer of the OSI model?

14 / 50

Which of the following is not a countermeasure to traffic analysis?

15 / 50

A demilitarized zone (DMZ) is:

16 / 50

Proxies work by transferring a copy of each accepted data packet from one network to another, masking the:

17 / 50

At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed?

18 / 50

When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address thatmatches with a known Ethernet address?

19 / 50

Which of the following is the simplest type of firewall?

20 / 50

Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's public key in order to get confidentiality of the data being sent. The recipients use their own private key to decrypt the information. This methodology ensures that:

21 / 50

Which of the following terms best describes a weakness that could potentially be exploited?

22 / 50

Which algorithm was DES derived from?

23 / 50

What can be defined as a momentary low voltage?

24 / 50

Which of the following is most affected by denial-of-service (DoS) attacks?

25 / 50

Controlling access to information systems and associated networks is necessary for the preservation of their:

26 / 50

Which of the following access control models requires defining classification for objects?

27 / 50

What is a characteristic of using the Electronic Code Book mode of DES encryption?

28 / 50

What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?

29 / 50

Which of the following is the greatest concern with firewall security?

30 / 50

Which of the following disaster recovery options provides transaction-level redundancy with minimum recovery latency in the event of site outage?

31 / 50

A server farm consisting of multiple similar servers seen as a single IP address from users interacting with the group of servers is an example of which of thefollowing?

32 / 50

If an organization were to monitor their employees' e-mail, it should not:

33 / 50

Prior to a live disaster test also called a Full Interruption test, which of the following is most important?

34 / 50

When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems?

35 / 50

A persistent collection of interrelated data items can be defined as which of the following?

36 / 50

Which of the following answers best indicates the most important part of a data backup plan?

37 / 50

Which of the following can be defined as a unique identifier in the table that unambiguously points to an individual tuple or record in the table?

38 / 50

When considering all the reasons that buffer overflow vulnerabilities exist what is the real reason?

39 / 50

During the testing of the business continuity plan, which of the following methods of results analysis provides the best assurance that the plan is workable?

40 / 50

Which of the following defines the software that maintains and provides access to the database?

41 / 50

Which of the following computer recovery sites is the least expensive and the most difficult to test?

42 / 50

Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing?

43 / 50

Which of the following is an important part of database design that ensures that attributes in a table depend only on the primary key?

44 / 50

Which common backup method is the fastest on a daily basis?

45 / 50

Which of the following is used to create and modify the structure of your tables and other objects in the database?

46 / 50

Which of the following can be defined as the set of allowable values that an attribute can take?

47 / 50

Which backup method does not reset the archive bit on files that are backed up?

48 / 50

Which of the following backup methods is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets?

49 / 50

Which of the following can be defined as an attribute in one relation that has values matching the primary key in another relation?

50 / 50

What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?