CISSP Practice Questions 901-920

Q: Refer to the information below to answer the question. Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed. After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing? A. Commercial products often have serious weaknesses of the magnetic force available in the degausser product. B. Degausser products may not be properly maintained and operated. C. The inability to turn the drive around in the chamber for the second pass due to human error. D. Inadequate record keeping when sanitizing media.

Correct answer: B. Improper operation or maintenance of degaussers can result in incomplete erasure of magnetic media.

Q: An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation? A. Clients can authenticate themselves to the servers. B. Mutual authentication is available between the clients and servers. C. Servers are able to issue digital certificates to the client. D. Servers can authenticate themselves to the client.

Correct answer: D. Server-side certificates enable clients to verify they are communicating with legitimate, authenticated servers.

Q: An organization's data policy MUST include a data retention period which is based on A. application dismissal. B. business procedures. C. digital certificates expiration. D. regulatory compliance.

Correct answer: B. A missing or inactive log source indicates potential system compromise or failure, whereas 404 errors are expected behavior.

Q: Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. When determining appropriate resource allocation, which of the following is MOST important to monitor? A. Number of system compromises B. Number of audit findings C. Number of staff reductions D. Number of additional assets

Correct answer: B. Audit findings provide objective evidence of control weaknesses and are a key performance indicator of risk exposure.

Q: A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation? A. The inherent risk is greater than the residual risk. B. The Annualized Loss Expectancy (ALE) approaches zero. C. The expected loss from the risk exceeds mitigation costs. D. The infrastructure budget can easily cover the upgrade costs.

Correct answer: C. Mitigation is justified when the cost of risk reduction is less than the expected financial loss from that risk.

Q: A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred? A. Spoofing B. Eavesdropping C. Man-in-the-middle D. Denial of service

Correct answer: C. A man-in-the-middle attack intercepts and alters communications between two parties without detection.

Q: During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take? A. Immediately call the police B. Work with the client to resolve the issue internally C. Advise the person performing the illegal activity to cease and desist D. Work with the client to report the activity to the appropriate authority

Correct answer: D. Auditors must escalate through proper channels and ensure that law enforcement or regulators are notified appropriately.

Q: Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. The effectiveness of the security program can PRIMARILY be measured through A. audit findings. B. risk elimination. C. audit requirements. D. customer satisfaction.

Correct answer: A. Reduction in audit findings over time demonstrates improvement and effectiveness of the security program.

Q: When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)? A. Retain intellectual property rights through contractual wording. B. Perform overlapping code reviews by both parties. C. Verify that the contractors attend development planning meetings. D. Create a separate contractor development environment.

Correct answer: B. Independent code reviews by both internal and external teams ensure thorough validation of code quality and security.

Q: Which of the following is the BEST countermeasure to brute force login attacks? A. Changing all canonical passwords B. Decreasing the number of concurrent user sessions C. Restricting initial password delivery only in person D. Introducing a delay after failed system access attempts

Correct answer: D. Adding time delays after failed attempts significantly slows brute-force attacks, deterring password guessing.

Question 901

Question 901

Refer to the information below to answer the question.

Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.

After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing?
A. Commercial products often have serious weaknesses of the magnetic force available in the degausser product.
B. Degausser products may not be properly maintained and operated.
C. The inability to turn the drive around in the chamber for the second pass due to human error.
D. Inadequate record keeping when sanitizing media.

Question 902

Question 902

An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?
A. Clients can authenticate themselves to the servers.
B. Mutual authentication is available between the clients and servers.
C. Servers are able to issue digital certificates to the client.
D. Servers can authenticate themselves to the client.

Question 903

Question 903

An organization's data policy MUST include a data retention period which is based on
A. application dismissal.
B. business procedures.
C. digital certificates expiration.
D. regulatory compliance.

Question 904

Question 904

Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

When determining appropriate resource allocation, which of the following is MOST important to monitor?
A. Number of system compromises
B. Number of audit findings
C. Number of staff reductions
D. Number of additional assets

Question 905

Question 905

A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?
A. The inherent risk is greater than the residual risk.
B. The Annualized Loss Expectancy (ALE) approaches zero.
C. The expected loss from the risk exceeds mitigation costs.
D. The infrastructure budget can easily cover the upgrade costs.

Question 906

Question 906

A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the Chief Executive Officer (CEO) and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred?
A. Spoofing
B. Eavesdropping
C. Man-in-the-middle
D. Denial of service

Question 907

Question 907

During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?
A. Immediately call the police
B. Work with the client to resolve the issue internally
C. Advise the person performing the illegal activity to cease and desist
D. Work with the client to report the activity to the appropriate authority

Question 908

Question 908

Refer to the information below to answer the question.

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.

The effectiveness of the security program can PRIMARILY be measured through
A. audit findings.
B. risk elimination.
C. audit requirements.
D. customer satisfaction.

Question 909

Question 909

When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?
A. Retain intellectual property rights through contractual wording.
B. Perform overlapping code reviews by both parties.
C. Verify that the contractors attend development planning meetings.
D. Create a separate contractor development environment.

Question 910

Question 910

Which of the following is the BEST countermeasure to brute force login attacks?
A. Changing all canonical passwords
B. Decreasing the number of concurrent user sessions
C. Restricting initial password delivery only in person
D. Introducing a delay after failed system access attempts

Question 911

Question 911

Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?
A. Set up a BIOS and operating system password
B. Encrypt the virtual drive where confidential files can be stored
C. Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network
D. Encrypt the entire disk and delete contents after a set number of failed access attempts

Question 912

Question 912

What is the MOST important reason to configure unique user IDs?
A. Supporting accountability
B. Reducing authentication errors
C. Preventing password compromise
D. Supporting Single Sign On (SSO)

Question 913

Question 913

Refer to the information below to answer the question.

Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.

Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed?
A. Knurling
B. Grinding
C. Shredding
D. Degaussing

Question 914

Question 914

What is the process called when impact values are assigned to the security objectives for information types?
A. Qualitative analysis
B. Quantitative analysis
C. Remediation
D. System security categorization

Question 915

Question 915

Which of the following BEST describes the purpose of performing security certification?
A. To identify system threats, vulnerabilities, and acceptable level of risk
B. To formalize the confirmation of compliance to security policies and standards
C. To formalize the confirmation of completed risk mitigation and risk analysis
D. To verify that system architecture and interconnections with other systems are effectively implemented

Question 916

Question 916

The application of which of the following standards would BEST reduce the potential for data breaches?
A. ISO 9000
B. ISO 20121
C. ISO 26000
D. ISO 27001

Question 917

Question 917

A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?
A. Public Key Infrastructure (PKI) and digital signatures
B. Trusted server certificates and passphrases
C. User ID and password
D. Asymmetric encryption and User ID

Question 918

Question 918

Which of the following is generally indicative of a replay attack when dealing with biometric authentication?
A. False Acceptance Rate (FAR) is greater than 1 in 100,000
B. False Rejection Rate (FRR) is greater than 5 in 100
C. Inadequately specified templates
D. Exact match

Question 919

Question 919

If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?
A. User error
B. Suspected tampering
C. Accurate identification
D. Unsuccessful identification

Question 920

Question 920

A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations and physical access controls.

Which of the following is the BEST location?
A. On the top floor
B. In the basement
C. In the core of the building
D. In an exterior room with windows