ISC CISSP Exam Questions

Questions for the CISSP were updated on : Jun 17 ,2024

Page 1 out of 100. Viewing questions 1-15 out of 1487

Question 1

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire
EXCEPT questions that

  • A. determine the risk of a business interruption occurring
  • B. determine the technological dependence of the business processes
  • C. Identify the operational impacts of a business interruption
  • D. Identify the financial impacts of a business interruption
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

  • A. Examine the device for physical tampering
  • B. Implement more stringent baseline configurations
  • C. Purge or re-image the hard disk drive
  • D. Change access codes
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which of the following represents the GREATEST risk to data confidentiality?

  • A. Network redundancies are not implemented
  • B. Security awareness training is not completed
  • C. Backup tapes are generated unencrypted
  • D. Users have administrative privileges
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

What is the MOST important consideration from a data security perspective when an organization
plans to relocate?

  • A. Ensure the fire prevention and detection systems are sufficient to protect personnel
  • B. Review the architectural plans to determine how many emergency exits are present
  • C. Conduct a gap analysis of a new facilities against existing security requirements
  • D. Revise the Disaster Recovery and Business Continuity (DR/BC) plan
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center,
is preparing a companywide Business Continuity Planning (BCP). Which of the following failures
should the IT manager be concerned with?

  • A. Application
  • B. Storage
  • C. Power
  • D. Network
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

When assessing an organizations security policy according to standards established by the
International Organization for Standardization (ISO) 27001 and 27002, when can management
responsibilities be defined?

  • A. Only when assets are clearly defined
  • B. Only when standards are defined
  • C. Only when controls are put in place
  • D. Only procedures are defined
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which of the following types of technologies would be the MOST cost-effective method to provide a
reactive control for protecting personnel in public areas?

  • A. Install mantraps at the building entrances
  • B. Enclose the personnel entry area with polycarbonate plastic
  • C. Supply a duress alarm for personnel exposed to the public
  • D. Hire a guard to protect the public area
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

An important principle of defense in depth is that achieving information security requires a balanced
focus on which PRIMARY elements?

  • A. Development, testing, and deployment
  • B. Prevention, detection, and remediation
  • C. People, technology, and operations
  • D. Certification, accreditation, and monitoring
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Intellectual property rights are PRIMARY concerned with which of the following?

  • A. Owner’s ability to realize financial gain
  • B. Owner’s ability to maintain copyright
  • C. Right of the owner to enjoy their creation
  • D. Right of the owner to control delivery method
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Topic 2, . Asset Security

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following is MOST important when assigning ownership of an asset to a department?

  • A. The department should report to the business owner
  • B. Ownership of the asset should be periodically reviewed
  • C. Individual accountability should be ensured
  • D. All members should be trained on their responsibilities
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which one of the following affects the classification of data?

  • A. Assigned security label
  • B. Multilevel Security (MLS) architecture
  • C. Minimum query size
  • D. Passage of time
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which of the following BEST describes the responsibilities of a data owner?

  • A. Ensuring quality and validation through periodic audits for ongoing data integrity
  • B. Maintaining fundamental data availability, including data storage and archiving
  • C. Ensuring accessibility to appropriate users, maintaining appropriate levels of data security
  • D. Determining the impact the information has on the mission of the organization
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

An organization has doubled in size due to a rapid market share increase. The size of the Information
Technology (IT) staff has maintained pace with this growth. The organization hires several contractors
whose onsite time is limited. The IT department has pushed its limits building servers and rolling out
workstations and has a backlog of account management requests.
Which contract is BEST in offloading the task from the IT staff?

  • A. Platform as a Service (PaaS)
  • B. Identity as a Service (IDaaS)
  • C. Desktop as a Service (DaaS)
  • D. Software as a Service (SaaS)
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

When implementing a data classification program, why is it important to avoid too much granularity?

  • A. The process will require too many resources
  • B. It will be difficult to apply to both hardware and software
  • C. It will be difficult to assign ownership to the data
  • D. The process will be perceived as having value
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

In a data classification scheme, the data is owned by the

  • A. system security managers
  • B. business managers
  • C. Information Technology (IT) managers
  • D. end users
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2