Quiz-summary
0 of 30 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
Information
Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 30 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- Answered
- Review
-
Question 1 of 30
1. Question
International Information Systems Security Certification Consortium or (ISC)2 represents what?
Correct
(ISC)2 is a global not-for-profit organization. It is called the International Information Systems Security Certification Consortium.
Incorrect
(ISC)2 is a short term that is used for International Information Systems Security Certification Consortium. So with common logic by knowing this full-term you can easily decide which answer is right.
-
Question 2 of 30
2. Question
From the long numbers of missions (ISC)2 has which one represents the primary mission in this organization?
Correct
This answer represents one from four (ISC)2 primary missions. The other three answers are topical domains that CISSP certification covers.
Incorrect
This is a topical domain of CISSP certification cover and it is a wrong answer because it covers a different topic that is not relatable whit this question.
-
Question 3 of 30
3. Question
How many times are you allowed to retake the CISSP exam in the 12-month period after failing to do it the first time?
Correct
If you do not pass the CISSP exam on your first attempt, you are allowed to retake the CISSP exam a maximum of 3 times per 12-month period. Besides this one there are three more conditions for retaking the exam.
Incorrect
You are allowed to retake the exam three times in a 12-month period and that is the maximum number available to retake the test.
-
Question 4 of 30
4. Question
What is the name of the final step after completing the certification process?
Correct
That is the final step after you successfully pass the CISSP certification and you will be awarded after that step with CISSP certification.
Incorrect
Once you have been informed that you successfully passed the CISSP certification, there is one final step before you are actually awarded the CISSP certification. That final step is
known as an endorsement. -
Question 5 of 30
5. Question
What is the aim focus of ISSMP or Information Systems Security Management Professional?
Correct
You can also see that the answer is correct from the full name of the ISSMP which is Information Systems Security Management Professional.
Incorrect
ISSMP or Information Systems Security Management Professional is focused on the management of information security policies, practices, principles, and procedures.
-
Question 6 of 30
6. Question
Which one of these is included in the additional study tools?
Correct
Electronic Flashcard is the right answer. It is one of the additional study tools and it provides hundreds of questions to challenge you further for the CISSP exam.
Incorrect
Electronic Flashcard is one of the additional study tools that help you understand the exams better and help you achieve better results in the future.
-
Question 7 of 30
7. Question
What is the biggest problem of using onetime password generators?
Correct
People often forget their password from the ones that are easy to the complex ones. Onetime password generators create a new password each time you log in with the old one. So you have to constantly remember new passwords.
Incorrect
The biggest problem is for people to remember the password. Here we have a situation of Onetime password generator creating a new password each time you log in and that represents the problem for people.
-
Question 8 of 30
8. Question
Which one of these biometrics are unique to an individual and have been used for decades in physical security for identification?
Correct
Fingerprints are the visible patterns on the fingers and thumbs of people. They are unique to an individual and have been used for decades in physical security for identification. Fingerprint readers are now commonly used on laptop computers and USB flash drives as a method of identification and authentication.
Incorrect
Fingerprints are the correct answer. The first thing that came to use where the fingerprints and they are commonly used for security reasons for different devices like smartphones we use every day.
-
Question 9 of 30
9. Question
What is the definition of Concealment?
Correct
Often concealment is viewed as a means of cover, obfuscation, or distraction and these define the concealment.
Incorrect
Concealment is the act of hiding and preventing disclosure and it is often viewed as a means of cover, obfuscation or distraction.
-
Question 10 of 30
10. Question
What does the CIA Triad contain?
Correct
These three are commonly seen as security essentials and they are referenced by the term CIA Triad.
Incorrect
This is only one part of CIA triad and all of these represent a CIA triad.
-
Question 11 of 30
11. Question
What do numerous attacks on violation of integrity include?
Correct
This one is correct for it is a common way of violating the integrity
Incorrect
Logic bombs are one of the many violations of integrity in numerous other ways.
-
Question 12 of 30
12. Question
What is ensured by the nonrepudiation?
Correct
Nonrepudiation prevents a subject from saying he did not send a message, did not preformed an action or to be a cause of an event.
Incorrect
Nonrepudiation ensures that the subject of the activity or who caused an event cannot deny that the event occurred. For example, it prevents them from saying they did not send a message or performed some action that leads to an event.
-
Question 13 of 30
13. Question
To how many elements does AAA service refer to?
Correct
Even if there are three letters in the acronym, the AAA service refers to five elements
Incorrect
AAA refers to five elements such as identification, authentication, authorization, auditing, and accounting.
-
Question 14 of 30
14. Question
What is the meaning of auditing?
Correct
Second name for auditing is monitoring. It is also the process by which unauthorized or abnormal activities are detected on a system.
Incorrect
The programmatic means by which a subject’s actions are tracked and recorded to hold the subject accountable for their actions while authenticated on a system.
-
Question 15 of 30
15. Question
What is the definition of layering?
Correct
No one control can protect against all possible threats so we use a multilayered solution.
Incorrect
Layering, also known as defense-in-depth, is simply the use of multiple controls in a series. Using layers in a series rather than in parallel is important
-
Question 16 of 30
16. Question
What is the definition of security governance?
Correct
Using the term “security governance” is an attempt to emphasize this point by indicating that security needs to be managed and governed throughout the organization, not just in the IT department.
Incorrect
It is the collection of practices related to supporting, defining, and directing the security efforts of an organization.
-
Question 17 of 30
17. Question
Which one represents one of the change management several goals?
Correct
With additional of six more goals to this one implementing changes in a monitored and orderly manner is one of the several goals of change management
Incorrect
Implement changes in a monitored and orderly manner is one of the several goals of change management with six additional goals.
-
Question 18 of 30
18. Question
How many steps you must perform to implement a classification scheme?
Correct
This is the right amount of steps that need to be performed for implementing a classification scheme
Incorrect
You must perform seven major steps to implement a classification scheme.
-
Question 19 of 30
19. Question
depending on the data type what is the unclassified term used for?
Correct
It is rated as the lowest level of government/military classification
Incorrect
Is used for data that is neither sensitive nor classified and it is the lowest level of classification
-
Question 20 of 30
20. Question
What is the highest level of classification in commercial business/private sector levels?
Correct
It is used for data that is extremely sensitive and for internal use only and that why it is ranked as the highest level of classification in commercial business/private sector levels
Incorrect
Confidential if the highest level of classification in the commercial business/private sector levels
-
Question 21 of 30
21. Question
Which logical order of following roles that appear in a secured environment is correct?
Correct
This order is logical and it appears in a secured environment and destroying this order could lead to possible security disorder
Incorrect
Senior Manager, Security Professional, Data Owner, Data Custodian, User, Auditor is the logical order that appears in a secured environment.
-
Question 22 of 30
22. Question
What type of access control does single sign-on provide to a subject once it gets on the system?
Correct
It is a centralized access control technique that allows a subject to be authenticated once on a system and to access multiple resources without authenticating again. For example, users can authenticate once on a network and then access resources throughout the network without being prompted to authenticate again.
Incorrect
It provides access to multiple resources without authenticating again which is saving time and provides a better experience.
-
Question 23 of 30
23. Question
What is the first principle of COBIT 5?
Correct
That is the first principle of COBIT 5 as it is one of the five key principles for governance and management of enterprise IT.
Incorrect
Meeting Stakeholder Needs is the first principle of COBIT 5.
-
Question 24 of 30
24. Question
What is the definition of security policies?
Correct
It is an overview or generalization of an organization’s security needs and it also identifies the major functional areas of data processing and clarifies and defines all relevant terminology.
Incorrect
It is a document that defines the scope of security needed by the organization and discusses the assets that require protection and the extent to which security solutions should go to provide the necessary protection.
-
Question 25 of 30
25. Question
What is PASTA or Process for Attack Simulation and Threat Analysis?
Correct
Process for Attack Simulation and Threat Analysis (PASTA) is a seven-stage threat modeling methodology and it presents a risk-centric approach that aims at selecting or developing countermeasures to the value of the assets to be protected
Incorrect
It is a risk-centric approach that aims at selecting or developing countermeasures to the value of the assets to be protected.
-
Question 26 of 30
26. Question
How many stages does PASTA contain?
Correct
This is the number of stages that PASTA contains. These stages are: Definition of the Objectives (DO) for the Analysis of Risks, Definition of the Technical Scope (DTS), Application Decomposition and Analysis (ADA), Threat Analysis (TA), Weakness and Vulnerability Analysis (WVA), Attack Modeling & Simulation (AMS), Risk Analysis & Management (RAM)
Incorrect
It contains seven stages.
-
Question 27 of 30
27. Question
In which stages do these elements appear Threat Analysis, Risk Analysis & Management and Definition of the Technical Scope?
Correct
Threat Analysis, Risk Analysis & Management and Definition of the Technical Scope are one of the stages that appear in PASTA.
Incorrect
The stages are IV, VII, II.
-
Question 28 of 30
28. Question
How many key concepts you must identify in the decomposition process?
Correct
These are: Trust Boundaries, Data Flow Paths, Input Points, Privileged Operations, Details about Security Stance and Approach.
Incorrect
You must identify five key concepts.
-
Question 29 of 30
29. Question
What is DREAD designed for?
Correct
This is the full definition and the other aspects represent the five main questions about each threat
Incorrect
This is a question about a threat that appears in security.
-
Question 30 of 30
30. Question
What do we complete with the Document Exchange and Review process?
Correct
When evaluating a third party for your security integration, you must consider a few processes including this one
Incorrect
Investigate how datasets and documentation are exchanged as well as the formal processes by which they perform assessments and reviews is the correct answer.