CISSP Practice Exam
Certified Information Systems Security Professional
After you study your text books it is important to test your newly acquired knowledge and see just how well you have absorbed the material. Practice exams….
* Reinforces what you learnt – fill in the gaps of what you missed
* Gets you used to answering questions to build confidence and familiarity
Here are 10 Multiple choice exams questions for you to practice on:
Question 1# – Which risk management methodology uses the exposure factor multiplied by the asset value to determine its outcome?
A. Annualized Loss Expectancy
B. Single Loss Expectancy
C. Annualized Rate of Occurrence
D. Information Risk Management
Question 2# – Which of the following is *NOT* a symmetric key algorithm?
B.) Digital Signature Standard (DSS)
C.) Triple DES (3DES)
Question 3# – Related to information security, availability is the opposite of which of the following?
Question 4# – Why should organizations enforce separation of duties?
A. It ensures compliance with federal union rules
B. It helps verify that all employees know their job tasks
C. It provides for a better work environment
D. It encourages collusion
E. It is considered valuable in deterring fraud
Question 5# – Which of the following is most concerned with personnel security?
A. Management controls
B. Operational controls
C. Technical controls
D. Human resources controls.
Question 6# – Which one of the following devices might be used to commit telecommunications fraud using the “shoulder surfing” technique?
A. Magnetic stripe copier
B. Tone generator
C. Tone recorder
D. Video recorder
Question 7# – What are database views used for?
A. To ensure referential integrity.
B. To allow easier access to data in a database.
C. To restrict user access to data in a database.
D. To provide audit trails.
Question 8# – Which of the following services is not provided by the digital signature standard (DSS)?
C.) Digital signature
Question 9# – Which one of the following describes a covert timing channel?
A. Modulated to carry an unintended information signal that can only be detected by special, sensitive receivers.
B. Used by a supervisor to monitor the productivity of a user without their knowledge.
C. Provides the timing trigger to activate a malicious program disguised as a legitimate function.
D. Allows one process to signal information to another by modulating its own use of system resources.
Question 10# – Valuable paper insurance coverage does not cover damage to which of the following?
A.) Inscribed, printed and written documents
D.) Money and Securities
Question 1# – Correct Answers: B
Question 2# – Correct Answers: B
Question 3# – Correct Answers: D
Question 4# – Correct Answers: E
Question 5# – Correct Answers: B
Question 6# – Correct Answers: C
Question 7# – Correct Answers: C
Question 8# – Correct Answers: A
Question 9# – Correct Answers: D
Question 10# – Correct Answers: D