Practice Exam Questions
1: |
What type of access control is typically used by organizations such as the DoD, the NSA, and the FBI?
|
2: |
Which of the following is not a form of single sign-on (SSO)?
|
3: |
What form of biometric system analyzes the features that exist in the colored tissue surrounding the pupil to validate access?
|
4: |
What is the most important item to consider when examining biometric systems?
|
5: |
What type of biometric error occurs when an unauthorized individual is granted access?
|
6: |
What height of fence will deter only casual trespassers?
|
7: |
When discussing policies and procedures, who is strictly responsible for the protection of the company's assets and data?
|
8: |
Which of the following is considered a flaw, loophole, oversight, or error that makes the organization susceptible to attack or damage?
|
9: |
Which of the following are the correct steps involved in determining the single loss expectancy?
|
10: |
Estimating potential loss is an important task of CISSP-certified professionals. In order, which of the following are the steps used to perform a quantitative assessment?
|
11: |
What is the Delphi Technique an example of?
|
12: |
What is the formula for total risk?
|
13: |
What method of dealing with risk occurs when individuals accept the potential cost and loss?
|
14: |
The security kernel is found at what protection ring level?
|
15: |
At what protection ring are applications found?
|
16: |
Which of the following are considered temporary storage units within the CPU?
|
17: |
Confidentiality and integrity are important concepts when discussing security models. Which of the following was the first model developed to address the concerns of both confidentiality and integrity?
|
18: |
Which of the following is considered the first security model to be based on confidentiality?
|
19: |
What piece of documentation was developed to evaluate integrity and is also know as TNI?
|
20: |
Which level of Orange Book protection is considered discretionary protection?
|
21: |
What is considered the smallest set of code that can be scheduled for processing?
|
22: |
Which of the following frequencies do cordless phones not use?
|
23: |
Which of the following wireless standards used frequency-hopping spread spectrum (FHSS) by default?
|
24: |
Which of the following is the original technique used to digitize voice with 8 bits of sampling 8,000 times per second, which yields 64Kbps for one voice channel?
|
25: |
How many DS0 channels are bundled to make a T1?
|
26: |
Which of the following protocols was developed in the mid-1970s for use in Systems Network Architecture (SNA) environments?
|
27: |
Which of the following best defines transaction persistence?
|
28: |
What is the capability to combine data from separate sources to gain information?
|
29: |
Joey considers himself a skillful hacker. He has devised a way to replace the existing autoexec.bat file between the time that the system boots and checks to see if there is an autoexec file yet before the system actually executes the autoexec.bat file. He believes that if he can perfect his attack, he can gain control of the system. What type of attack is described here?
|
30: |
Which of the following is evidence that is not based on personal knowledge but that was told to the witness?
|
31: |
Which of the following is considered the fastest mode of DES?
|
32: |
What mode of Triple DES uses three keys?
|
33: |
Which asymmetric cryptosystem is used for digital signatures?
|
34: |
When developing the organization's contingency plan, which of the following should not be included in the process?
|
35: |
Which of the following is a valid form of attack against ARP?
|
36: |
Which of the following is considered the weakest form of authentication?
|
37: |
Which of the following address ranges is not listed in RFC 1918?
|
38: |
Which of the following is not a reason why email should be encrypted?
|
39: |
Which of the following statements about instant messaging is incorrect?
|
40: |
ActiveX is used by which of the following technologies?
|
41: |
Which of the following protocols is said to use "a web of trust"?
|
42: |
Which of the following is considered the act of inducing a person to commit a crime in order to bring criminal charges against him?
|
43: |
Which of the following terms describes the U.S. law enforcement agreements that are carried out with law enforcement agents in other nations to fight computer crime and terrorism?
|
44: |
Which of the following is not one of the main BCP testing strategies?
|
45: |
When discussing the BCP, critical resources are usually divided into five primary categories. The categories are which of the following groups?
|
46: |
Which of the following is not one of the three layers used by the Java interpreter?
|
47: |
Which of the following protocols is used for router multicasting?
|
48: |
VoIP uses which of the following because network congestion can be such a critical problem?
|
49: |
Which of the following is considered a network technology based on transferring data in cells or packets of a fixed size?
|
50: |
WEP has been publicized as having vulnerabilities. Which of the following is not a reason why it is vulnerable?
|
51: |
You are an advisory board member for a local nonprofit charity. The charity has been given a new server, and members plan to use it to connect their 24 client computers to the Internet for email access. Currently, none of these computers has antivirus software installed. Your research indicates that there is a 95% chance these systems will become infected after email is in use. A local vendor has offered to sell 25 copies of antivirus software to the nonprofit organization for $400. Even though the nonprofit's 10 paid employees make only about $9 an hour, there's a good chance that a virus could bring down the network for an entire day. They would like you to tell them what the ALE for this proposed change would be. How will you answer them?
|
52: |
A Common Criteria rating of structurally tested means the design meets what level of verification?
|
53: |
Which of the following is not a valid Red Book rating?
|
54: |
What Bell-LaPadula model rule states that someone at one security level cannot write information to a lower security level?
|
55: |
You are an advisory board member for a nonprofit organization that has decided to go forward with a proposed Internet and email connectivity project. The CEO would like to know how much money, if any, will be saved through the purchase of antivirus software. Here are the projected details: 24 computers connected to the Internet 95% probability of virus infection 10 paid employees who make $9 an hour A successful virus outage could bring down the network for an entire day 25 copies of antivirus software will cost the nonprofit $399
|
56: |
Which of the following is considered the first line of defense against human behavior?
|
57: |
HVAC should provide which of the following?
|
58: |
Which of the following types of fire detectors uses rate-of-rise sensors?
|
59: |
A fire caused by electrical equipment is considered which class of fire?
|
60: |
Which of the following types of water sprinkler systems is known as a closed-head system?
|