User Account Shopping Cart
Practice Exams:
View All

Assessment Test

  1. Which of the following types of access control seeks to discover evidence of unwanted, unauthorized, or illicit behavior or activity?

    1. Preventive
    2. Deterrent
    3. Detective
    4. Corrective

  2. Define and detail the aspects of password selection that distinguish good password choices from ultimately poor password choices.

    1. Difficult to guess or unpredictable
    2. Meet minimum length requirements
    3. Meet specific complexity requirements
    4. All of the above

  3. Which of the following is most likely to detect DoS attacks?

    1. Host-based IDS
    2. Network-based IDS
    3. Vulnerability scanner
    4. Penetration testing

  4. Which of the following is considered a denial-of-service attack?

    1. Pretending to be a technical manager over the phone and asking a receptionist to change their password
    2. While surfing the Web, sending to a web server a malformed URL that causes the system to consume 100 percent of the CPU
    3. Intercepting network traffic by copying the packets as they pass through a specific subnet
    4. Sending message packets to a recipient who did not request them simply to be annoying

  5. At which layer of the OSI model does a router operate?

    1. Network layer
    2. Layer 1
    3. Transport layer
    4. Layer 5

  6. Which type of firewall automatically adjusts its filtering rules based on the content of the traffic of existing sessions?

    1. Static packet filtering
    2. Application-level gateway
    3. Circuit level gateway
    4. Dynamic packet filtering

  7. A VPN can be established over which of the following?

    1. Wireless LAN connection
    2. Remote access dial-up connection
    3. WAN link
    4. All of the above

  8. What type of malware uses social engineering to trick a victim into installing it?

    1. Viruses
    2. Worms
    3. Trojan horse
    4. Logic bomb

  9. The CIA Triad comprises what elements?

    1. Contiguousness, interoperable, arranged
    2. Authentication, authorization, accountability
    3. Capable, available, integral
    4. Availability, confidentiality, integrity

  10. Which of the following is not a required component in the support of accountability?

    1. Auditing
    2. Privacy
    3. Authentication
    4. Authorization

  11. Which of the following is not a defense against collusion?

    1. Separation of duties
    2. Restricted job responsibilities
    3. Group user accounts
    4. Job rotation

  12. A data custodian is responsible for securing resources after ______________________ has assigned the resource a security label.

    1. Senior management
    2. The data owner
    3. An auditor
    4. Security staff

  13. In what phase of the Capability Maturity Model for Software (SWCMM) are quantitative measures utilized to gain a detailed understanding of the software development process?

    1. Repeatable
    2. Defined
    3. Managed
    4. Optimizing

  14. Which one of the following is a layer of the ring protection scheme that is not normally implemented in practice?

    1. Layer 0
    2. Layer 1
    3. Layer 3
    4. Layer 4

  15. What is the last phase of the TCP/IP three-way handshake sequence?

    1. SYN packet
    2. ACK packet
    3. NAK packet
    4. SYN/ACK packet

  16. Which one of the following vulnerabilities would best be countered by adequate parameter checking?

    1. Time of check to time of use
    2. Buffer overflow
    3. SYN flood
    4. Distributed denial of service

  17. What is the value of the logical operation shown here?

    
X: 0 1 1 0 1 0
Y: 0 0 1 1 0 1
_________________
X ∨ Y: ?
    1. 0 1 1 1 1 1
    2. 0 1 1 0 1 0
    3. 0 0 1 0 0 0
    4. 0 0 1 1 0 1

  18. In what type of cipher are the letters of the plain-text message rearranged to form the cipher text?

    1. Substitution cipher
    2. Block cipher
    3. Transposition cipher
    4. Onetime pad

  19. What is the length of a message digest produced by the MD5 algorithm?

    1. 64 bits
    2. 128 bits
    3. 256 bits
    4. 384 bits

  20. If Renee receives a digitally signed message from Mike, what key does she use to verify that the message truly came from Mike?

    1. Renee’s public key
    2. Renee’s private key
    3. Mike’s public key
    4. Mike’s private key

  21. Which of the following is not a composition theory related to security models?

    1. Cascading
    2. Feedback
    3. Iterative
    4. Hookup

  22. The collection of components in the TCB that work together to implement reference monitor functions is called the ______________________ .

    1. Security perimeter
    2. Security kernel
    3. Access matrix
    4. Constrained interface

  23. Which of the following statements is true?

    1. The less complex a system, the more vulnerabilities it has.
    2. The more complex a system, the less assurance it provides.
    3. The less complex a system, the less trust it provides.
    4. The more complex a system, the less attack surface it generates.

  24. Ring 0, from the design architecture security mechanism known as protection rings, can also be referred to as all but which of the following?

    1. Privileged mode
    2. Supervisory mode
    3. System mode
    4. User mode

  25. Audit trails, logs, CCTV, intrusion detection systems, antivirus software, penetration testing, password crackers, performance monitoring, and cyclic redundancy checks (CRCs) are examples of what?

    1. Directive controls
    2. Preventive controls
    3. Detective controls
    4. Corrective controls

  26. System architecture, system integrity, covert channel analysis, trusted facility management, and trusted recovery are elements of what security criteria?

    1. Quality assurance
    2. Operational assurance
    3. Lifecycle assurance
    4. Quantity assurance

  27. Which of the following is a procedure designed to test and perhaps bypass a system’s security controls?

    1. Logging usage data
    2. War dialing
    3. Penetration testing
    4. Deploying secured desktop workstations

  28. Auditing is a required factor to sustain and enforce what?

    1. Accountability
    2. Confidentiality
    3. Accessibility
    4. Redundancy

  29. What is the formula used to compute the ALE?

    1. ALE = AV * EF * ARO
    2. ALE = ARO * EF
    3. ALE = AV * ARO
    4. ALE = EF * ARO

  30. What is the first step of the business impact assessment process?

    1. Identification of priorities
    2. Likelihood assessment
    3. Risk identification
    4. Resource prioritization

  31. Which of the following represent natural events that can pose a threat or risk to an organization?

    1. Earthquake
    2. Flood
    3. Tornado
    4. All of the above

  32. What kind of recovery facility enables an organization to resume operations as quickly as possible, if not immediately, upon failure of the primary facility?

    1. Hot site
    2. Warm site
    3. Cold site
    4. All of the above

  33. What form of intellectual property is used to protect words, slogans, and logos?

    1. Patent
    2. Copyright
    3. Trademark
    4. Trade secret

  34. What type of evidence refers to written documents that are brought into court to prove a fact?

    1. Best evidence
    2. Payroll evidence
    3. Documentary evidence
    4. Testimonial evidence

  35. Why are military and intelligence attacks among the most serious computer crimes?

    1. The use of information obtained can have far-reaching detrimental strategic effects on national interests in an enemy’s hands.
    2. Military information is stored on secure machines, so a successful attack can be embarrassing.
    3. The long-term political use of classified information can impact a country’s leadership.
    4. The military and intelligence agencies have ensured that the laws protecting their information are the most severe.

  36. What type of detected incident allows the most time for an investigation?

    1. Compromise
    2. Denial of service
    3. Malicious code
    4. Scanning

  37. If you want to restrict access into or out of a facility, which would you choose?

    1. Gate
    2. Turnstile
    3. Fence
    4. Mantrap

  38. What is the point of a secondary verification system?

    1. To verify the identity of a user
    2. To verify the activities of a user
    3. To verify the completeness of a system
    4. To verify the correctness of a system

  39. Spamming attacks occur when numerous unsolicited messages are sent to a victim. Because enough data is sent to the victim to prevent legitimate activity, it is also known as what?

    1. Sniffing
    2. Denial of service
    3. Brute-force attack
    4. Buffer overflow attack

  40. Which type of intrusion detection system (IDS) can be considered an expert system?

    1. Host-based
    2. Network-based
    3. Knowledge-based
    4. Behavior-based
Previous CISSP guideNext CISSP guide
Avanset - #1 VCE Player & Designer
How to Open VCE Files

Use VCE Exam Simulator to open VCE files

VCE Player for MAC
Sign UpSign Up Learn MoreLearn More Full VersionFull Version
UP

LIMITED OFFER: GET 30% Discount

This is ONE TIME OFFER

ExamSnap Discount Offer
Enter Your Email Address to Receive Your 30% Discount Code

A confirmation link will be sent to this email address to verify your login. *We value your privacy. We will not rent or sell your email address.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.