Dear Readers, Welcome to CISSP Objective Questions and Answers have been designed specially to get you acquainted with the nature of questions you may encounter during your Job interview for the subject of CISSP Multiple choice Questions. These Objective type CISSP are very important for campus placement test and job interviews. As per my experience good interviewers hardly plan to ask any particular question during your Job interview and these model questions are asked in the online technical test and interview of many IT & Non IT Industry.
A. Attempting to hack a system through backdoors to an operating system or application
B. Pretending to be an authorized user
C. Always done through IP spoofing
D. Applying a subnet mask to an internal IP range
A. Unauthorized changes
B. Accidental changes
C. Data analysis
D. Intentional manipulation
A. Accuracy of information
B. Change control
C. User expectations
D. Prevention of fraud
A. Physical security
B. Logical security
D. Access controls
A. Has all the necessary paperwork to substantiate the transaction.
B. Is based on clear business objectives.
C. Ensures that data can be manipulated only by a specific set of programs.
D. Is subject to duplicate processing.
A. Segregation of duties
B. Rotation of duties
A. Analyzing and assessing risk
B. Identifying risk
C. Accepting or mitigation of risk
D. Likelihood of a risk occurring
A. Exposure Factor (EF)
B. Annualized Rate of Occurrence (ARO)
A. Implementation of effective countermeasures
B. Ensuring that risk is managed
C. Analysis of the current state of security in the target environment
D. Strategic analysis of risk
A. Automated tools
B. Adoption of qualitative risk assessment processes
C. Increased reliance on internal experts for risk assessment
D. Recalculation of the work factor
A. Eliminating regulatory mandates
B. Lowering accountability of data classifiers
C. Reducing costs for protecting data
D. Normalization of databases
A. Information technology group
C. Data custodians
D. Business units
A. Authority for information security department
B. Guidelines for how to implement policy
C. Basis for data classification
D. Recognition of information as an asset of the organization
A. Restoration of lost or corrupted data
B. Regular backups of data
C. Establishing retention periods for data
D. Ensuring the availability of data
A. Provide understanding of responsibilities
B. Entertaining the users through creative programs
C. Overcoming all resistance to security procedures
D. To be repetitive to ensure accountability
A. An individual
B. A policy
C. Government agencies
D. An information system
A. Dumpster diving
B. Coercion or intimidation
A. Meeting regulatory requirements
B. Creating customer loyalty
C. Reducing the impact of an adverse event on the organization
D. Ensuring management makes the correct decisions in a crisis
A. DMZ (Demilitarized Zone)
B. A honey pot
C. A firewall
D. A new subnet
A. Private Key
B. Public Key
D. Kerberos Key
C. Man-in-da-middle attack
D. Social Engineering
A. If the window is repaired, the likelihood of the threat occurring will increase.
B. If the window is repaired, the likelihood of the threat occurring will remain constant.
C. If the window is not repaired the, the likelihood of the threat occurring will decrease.
D. If the window is not repaired, the likelihood of the threat occurring will increase.
A. Centralize servers and other vital components in a single room of the main building, and add security measures to this room so that they are well protected.
B. Centralize most servers and other vital components in a single room of the main building, and place servers at each of the branch offices. Add security measures to areas where the servers and other components are located.
C. Decentralize servers and other vital components, and add security measures to areas where the servers and other components are located.
D. main building. Because the building prevents unauthorized access to visitors and other persons, there is no need to implement physical security in the server room.
B. Trojan Horse
C. Logic Bomb
A. Electrostatic discharge
B. Power outages
C. Chip creep
D. Poor air quality
A. Encryption of data
B. Access control
A. A symmetric algorithm provides better access control.
B. A symmetric algorithm is a faster process.
C. A symmetric algorithm provides nonrepudiation of delivery.
D. A symmetric algorithm is more difficult to implement.
A. Send a digital signature of the message to the recipient
B. Encrypt the message with a symmetric algorithm and send it
C. Encrypt the message with a private key so the recipient can decrypt with the corresponding public key
D. Create a checksum, append it to the message, encrypt the message, then send to recipient.
A. Protection of public keys of all users
B. History of symmetric keys
C. Proof of nonrepudiation of origin
D. Validation that a public key is associated with a particular user
A. 160 bits
B. 150 bits
C. 128 bits
D. 104 bits
A. Protection and secrecy of keys
B. Financial records and retention of encrypted data
C. Formalizing a key hierarchy
D. The lifespan of key-encrypting keys (KKMs)
A. Setting new key expiry dates
B. Updating the certificate revocation list
C. Removal of the private key from all directories
D. Notification to all employees of revoked keys
A. Link encryption encrypts routing information.
B. Link encryption is often used for Frame Relay or satellite links.
C. Link encryption is suitable for high-risk environments.
D. Link encryption provides better traffic flow confidentiality.
B. Decoder wheel
D. Cryptographic routine
C. Step function
A. Substitution and transposition
B. Block and stream
C. Symmetric and asymmetric
D. DES and AES
A. Substitution ciphers
B. Transposition ciphers
C. Polyalphabetic ciphers
D. Inversion ciphers
A. Modular arithmetic
B. XOR mathematics
C. One-time pad
D. Triple DES
A. Picture files
B. Music files
C. Video files
D. All of the above
A. Violations of security policy.
B. Attempted violations of security policy.
C. Non-violations of security policy.
D. Attempted violations of allowed actions.
A. definition of overall steps of information security and the importance of security
B. statement of management intend, supporting the goals and principles of information security
C. definition of general and specific responsibilities for information security management
D. .description of specific technologies used in the field of information security