| CISSP Practice Exam | | | | A. Management controls |
| Certified Information Systems Security Professional | | | | B. Operational controls |
| After you study your text books it is important to | | | | C. Technical controls |
| test your newly acquired knowledge and see just | | | | D. Human resources controls. |
| how well you have absorbed the material. Practice | | | | _____________________ |
| exams.... | | | | Question 6# - Which one of the following devices |
| * Reinforces what you learnt - fill in the gaps of what | | | | might be used to commit telecommunications fraud |
| you missed | | | | using the "shoulder surfing" technique? |
| * Gets you used to answering questions to build | | | | A. Magnetic stripe copier |
| confidence and familiarity | | | | B. Tone generator |
| Here are 10 Multiple choice exams questions for you | | | | C. Tone recorder |
| to practice on: | | | | D. Video recorder |
| ______________________________ | | | | _____________________ |
| Question 1# - Which risk management methodology | | | | Question 7# - What are database views used for? |
| uses the exposure factor multiplied by the asset | | | | A. To ensure referential integrity. |
| value to determine its outcome? | | | | B. To allow easier access to data in a database. |
| A. Annualized Loss Expectancy | | | | C. To restrict user access to data in a database. |
| B. Single Loss Expectancy | | | | D. To provide audit trails. |
| C. Annualized Rate of Occurrence | | | | _____________________ |
| D. Information Risk Management | | | | Question 8# - Which of the following services is not |
| _____________________ | | | | provided by the digital signature standard (DSS)? |
| Question 2# - Which of the following is *NOT* a | | | | A.) Encryption |
| symmetric key algorithm? | | | | B.) Integrity |
| A.) Blowfish | | | | C.) Digital signature |
| B.) Digital Signature Standard (DSS) | | | | D.) Authentication |
| C.) Triple DES (3DES) | | | | _____________________ |
| D.) RC5 | | | | Question 9# - Which one of the following describes a |
| _____________________ | | | | covert timing channel? |
| Question 3# - Related to information security, | | | | A. Modulated to carry an unintended information |
| availability is the opposite of which of the following? | | | | signal that can only be detected by special, sensitive |
| A. Delegation | | | | receivers. |
| B. Distribution | | | | B. Used by a supervisor to monitor the productivity |
| C. Documentation | | | | of a user without their knowledge. |
| D. Destruction | | | | C. Provides the timing trigger to activate a malicious |
| _____________________ | | | | program disguised as a legitimate function. |
| Question 4# - Why should organizations enforce | | | | D. Allows one process to signal information to |
| separation of duties? | | | | another by modulating its own use of system |
| A. It ensures compliance with federal union rules | | | | resources. |
| B. It helps verify that all employees know their job | | | | _____________________ |
| tasks | | | | Question 10# - Valuable paper insurance coverage |
| C. It provides for a better work environment | | | | does not cover damage to which of the following? |
| D. It encourages collusion | | | | A.) Inscribed, printed and written documents |
| E. It is considered valuable in deterring fraud | | | | B.) Manuscripts |
| _____________________ | | | | C.) Records |
| Question 5# - Which of the following is most | | | | D. |
| concerned with personnel security? | | | | |