HOME Interview Questions MCQs Class Notes *LAB VIVA SEMINAR TOPICS

ONLINE TEST GATE CAT Internship ABOUT US

Any Skill Sear

Sign Up Free

Pass IT Certification Exams, World’s #1 Online

Exam-Labs

Home » Objective Questions » 300+ [UPDATED] CISSP MCQs

and Answers [PDF]

300+ [UPDATED] CISSP MCQs

and Answers [PDF]

Product Sourcing Made Easy

Alibaba.com

CISSP Objective Questions and Answers 

CISSP Objective Questions and Answers Pdf Download for
Exam CISSP Multiple choice Questions. Quiz CISSP Test
Questions

1. When an attacker sends unsolicited communication, it is

an example of:
A. Spoofing

B. Spamming

C. Crackers

D. Sniffers

Ans: B

Mcqs on CISSP

2. Masquerading is:
 

  A. Attempting to hack a system through backdoors to an

operating system or application

  B. Pretending to be an authorized user 

  C. Always done through IP spoofing

  D. Applying a subnet mask to an internal IP range

Ans: B

3. Integrity is protection of data from all of the following

EXCEPT: 
 

  A. Unauthorized changes

  B. Accidental changes

  C. Data analysis 

  D. Intentional manipulation

Ans: C

4. A security program cannot address which of the

following business goals?
 

  A. Accuracy of information 

  B. Change control

  C. User expectations

  D. Prevention of fraud

Ans: A

5. In most cases, integrity is enforced through:

 

  A. Physical security

  B. Logical security

  C. Confidentiality 
  D. Access controls 

Ans: D

6. A “well-formed transaction” is one that:

 

  A. Has all the necessary paperwork to substantiate the

transaction.

  B. Is based on clear business objectives.

  C. Ensures that data can be manipulated only by a specific set

of programs. 

  D. Is subject to duplicate processing.

Ans: C

7. In an accounting department, several people are

required to complete a financial process. This is most likely
an example of:
 

  A. Segregation of duties 

  B. Rotation of duties

  C. Need-to-know

  D. Collusion

Ans: A

 

8. Risk Management is commonly understood as all of the

following EXCEPT:
 

  A. Analyzing and assessing risk

  B. Identifying risk

  C. Accepting or mitigation of risk

  D. Likelihood of a risk occurring 

Ans: D

9. The percentage or degree of damage inflicted on an asset

used in the calculation of single loss expectancy can be
referred to as:
 

  A. Exposure Factor (EF) 

  B. Annualized Rate of Occurrence (ARO)

  C. Vulnerability

  D. Likelihood

Ans: A

10. The absence of a fire-suppression system would be best

characterized as a(n):
  
  A. Exposure

  B. Threat

  C. Vulnerability 

  D. Risk

Ans: C

11. Risk Assessment includes all of the following EXCEPT:

 

  A. Implementation of effective countermeasures 

  B. Ensuring that risk is managed

  C. Analysis of the current state of security in the target

environment

  D. Strategic analysis of risk

Ans: A

12. A risk management project may be subject to

overlooking certain types of threats. What can assist the
risk management team to prevent that?
 

  A. Automated tools 

  B. Adoption of qualitative risk assessment processes

  C. Increased reliance on internal experts for risk assessment 

  D. Recalculation of the work factor

Ans: A

13. Data classification can assist an organization in:

 

  A. Eliminating regulatory mandates

  B. Lowering accountability of data classifiers

  C. Reducing costs for protecting data 

  D. Normalization of databases

Ans: C

14. Who “owns” an organization’s data?

 

  A. Information technology group

  B. Users

  C. Data custodians

  D. Business units 

Ans: D

15. An information security policy does NOT usually

include: 
 

  A. Authority for information security department

  B. Guidelines for how to implement policy 

  C. Basis for data classification

  D. Recognition of information as an asset of the organization

Ans: B

16. The role of an information custodian should NOT

include:
 

  A. Restoration of lost or corrupted data

  B. Regular backups of data

  C. Establishing retention periods for data 

  D. Ensuring the availability of data

Ans: C

17. A main objective of awareness training is:

 

  A. Provide understanding of responsibilities 

  B. Entertaining the users through creative programs 

  C. Overcoming all resistance to security procedures

  D. To be repetitive to ensure accountability

Ans: A

18. What is a primary target of a person employing social

engineering?
 

  A. An individual 

  B. A policy

  C. Government agencies

  D. An information system

Ans: A

19. Social engineering can take many forms EXCEPT:

 

  A. Dumpster diving

  B. Coercion or intimidation

  C. Sympathy

  D. Eavesdropping 

Ans: D


20. Incident response planning can be instrumental in:
 

  A. Meeting regulatory requirements

  B. Creating customer loyalty

  C. Reducing the impact of an adverse event on the

organization 

  D. Ensuring management makes the correct decisions in a

crisis

Ans: C

21) A high profile company has been receiving a high

volume of attacks on their web site. The network
administrator wants to be able to collect information on
the attacker(s) so legal action can be taken. What should be
implemented?
 

  A. DMZ (Demilitarized Zone)

  B. A honey pot 

  C. A firewall

  D. A new subnet

Ans: B

22) You are running cabling for a network through a boiler

room where the furnace and some other heavy machinery 
reside. You are concerned about interference from these
sources. Which of the following types of cabling provides
the best protection from interference in this area?
 

  A. STP

  B. UTP

  C. Coaxial

  D. Fiber-optic 

Ans:  D

23) In order for a user to obtain a certificate from a trusted

CA Certificate Authority), the user must present proof of
identity and a?
  A. Private Key

  B. Public Key  

  C. Password

  D. Kerberos Key

Ans: B

24) while performing a routing site audit of your wireless

network, you discover an unauthorized Access Point
placed on your network under the desk of Accounting
department security. When questioned, she denies any 
knowledge of it, but informs you that her new boyfriend
has been to visit her several times, including taking her to
lunch one time. What type of attack have you just become a
victim of?
 

  A. Piggybacking

  B. Masquerading

  C. Man-in-da-middle attack

  D. Social Engineering  

Ans: D

25) when visiting an office adjacent to the server room,

you discover the lock to the window is broken. Because it is
not your office you tell the resident of the office to contact
the maintenance person and have it fixed. After leaving,
you fail to follow up on whether the windows were actually
repaired. What affect will this have on the likelihood of a
threat associated with the vulnerability actually
occurring? 
 

  A. If the window is repaired, the likelihood of the threat

occurring will increase. 

  B. If the window is repaired, the likelihood of the threat

occurring will remain constant.

  C. If the window is not repaired the, the likelihood of the threat

occurring will decrease.


  D. If the window is not repaired, the likelihood of the threat
occurring will increase.

Ans: A

26) a company consists of a main building with two

smaller branch offices at opposite ends of the city. The
main building and branch offices are connected with fast
links so that all employees have good connectivity to the
network. Each of the buildings has security measures that
require visitors to sign in, and all employees are required
to wear identification badges at all times. You want to
protect servers and other vital equipment so that the
company has the best level of security at the lowest
possible cost. Which of the following will you do to achieve
this objective?
  A. Centralize servers and other vital components in a single
room of the main building, and add security measures to this room so
that they are well protected. 

  B. Centralize most servers and other vital components in a

single room of the main building, and place servers at each of the
branch offices. Add security measures to areas where the servers and
other components are located.

  C. Decentralize servers and other vital components, and add

security measures to areas where the servers and other components
are located.

  D. main building. Because the building prevents unauthorized

access to visitors and other persons, there is no need to implement
physical security in the server room.

Ans: A 


27) You are explaining SSL to a junior administrator and

come up to the topic of handshaking. How many steps are
employed between the client and server in the SSL
handshake process?
  A. Five

  B. Six  

  C. Seven

  D. Eight

Ans: B

28) You have been alerted to the possibility of someone

using an application to capture and manipulate packets as
they are passing through your network. What type of threat
does this represent?
  A. DDos

  B. Trojan Horse

  C. Logic Bomb

  D. Man-in-the-middle 

Ans: D

29) A problem with air conditioning is causing

fluctuations in temperature in the server room. The
temperature is rising to 90 degrees when the air
conditioner stops working, and then drops to 60 degrees 
when it starts working again. The problem keeps occurring
over the next two days. What problem may result from
these fluctuations?
  A. Electrostatic discharge

  B. Power outages

  C. Chip creep 

  D. Poor air quality

Ans: C

30) While connected from home to an ISP (Internet

Service Provider), a network administrator performs a
port scan against a corporate server and encounters four
open TCP (Transmission Control Protocol) ports: 25, 110,
143 and 389. Corporate users in the organization must be
able to connect from home, send and receive messages on
the Internet, read e-mail by beams of the IMAPv.4
(Internet Message Access Protocol version 4) protocol, and
search into a directory services database for user e-mail
addresses, and digital certificates. All the e-mail relates
services, as well as the directory server, run on the scanned
server. Which of the above ports can be filtered out to
decrease unnecessary exposure without affecting
functionality?
  A. 25

  B. 110  

  C. 143

  D. 389

  Ans: B 
 

31) Asymmetric key cryptography is used for all of the

following except:
  A. Encryption of data

  B. Access control

  C. Nonrepudiation

  D. Steganography 

 Ans: D

32) The most common forms of asymmetric key

cryptography include
  A. Diffie–Hellman 

  B. Rijndael

  C. Blowfish

  D. SHA-256

 Ans: A

33) What is an important disadvantage of using a public

key algorithm compared to a symmetric algorithm?
  A. A symmetric algorithm provides better access control.

  B. A symmetric algorithm is a faster process. 

  C. A symmetric algorithm provides nonrepudiation of delivery.


  D. A symmetric algorithm is more difficult to implement.

Ans: B

34) When a user needs to provide message integrity, what

options may be best?
  A. Send a digital signature of the message to the recipient

  B. Encrypt the message with a symmetric algorithm and send

it

  C. Encrypt the message with a private key so the recipient can

decrypt with the corresponding public key

  D. Create a checksum, append it to the message, encrypt the

message, then send to recipient. 

Ans: D

35) A certificate authority provides what benefits to a user?

  A. Protection of public keys of all users

  B. History of symmetric keys

  C. Proof of nonrepudiation of origin

  D. Validation that a public key is associated with a particular

user 

Ans: D

36) What is the output length of a RIPEMD-160 hash? 

  A. 160 bits 

  B. 150 bits

  C. 128 bits

  D. 104 bits

 Ans:  A

37) ANSI X9.17 is concerned primarily with

  A. Protection and secrecy of keys 

  B. Financial records and retention of encrypted data

  C. Formalizing a key hierarchy

  D. The lifespan of key-encrypting keys (KKMs)

Ans: A

38) When a certificate is revoked, what is the proper

procedure?
  A. Setting new key expiry dates

  B. Updating the certificate revocation list 

  C. Removal of the private key from all directories

  D. Notification to all employees of revoked keys

 Ans: B


39) What is not true about link encryption?
  A. Link encryption encrypts routing information.

  B. Link encryption is often used for Frame Relay or satellite

links.

  C. Link encryption is suitable for high-risk environments. 

  D. Link encryption provides better traffic flow confidentiality.

Ans: C

40) A_________ is the sequence that controls the

operation of the cryptographic algorithm.
  A. Encoder

  B. Decoder wheel

  C. Cryptovariable 

  D. Cryptographic routine

 Ans:  C  

41) The process used in most block ciphers to increase

their strength is
  A. Diffusion

  B. Confusion

  C. Step function

  D. SP-network 

 Ans: D

42) The two methods of encrypting data are

  A. Substitution and transposition

  B. Block and stream

  C. Symmetric and asymmetric 

  D. DES and AES

Ans: C

43) Cryptography supports all of the core principles of

information security except
  A. Availability

  B. Confidentiality

  C. Integrity

  D. Authenticity 

Ans: D

44) A way to defeat frequency analysis as a method to

determine the key is to use
  A. Substitution ciphers

  B. Transposition ciphers

  C. Polyalphabetic ciphers  
  D. Inversion ciphers

Ans: C

45) The running key cipher is based on

  A. Modular arithmetic 

  B. XOR mathematics

  C. Factoring

  D. Exponentiation

Ans: A

46) The only cipher system said to be unbreakable by brute

force is
  A. AES

  B. DES

  C. One-time pad 

  D. Triple DES

 Ans: C

47) Messages protected by steganography can be

transmitted to
  A. Picture files

  B. Music files 
  C. Video files

  D. All of the above 

Ans: D

48) a significant action has a state that enables actions on

an ADP system to be traced to individuals who may then be
held responsible. The action does NOT include:
  A. Violations of security policy.

  B. Attempted violations of security policy.

  C. Non-violations of security policy.

  D. Attempted violations of allowed actions. 

Ans: D

49) Which of the following embodies all the detailed

actions that personnel are required to follow?
  A. Standards

  B. Guidelines

  C. Procedures 

  D. Baselines

Ans: C


50) which of the following choices is NOT part of a security
policy?
  A. definition of overall steps of information security and the
importance of security

  B. statement of management intend, supporting the goals and

principles of information security

  C. definition of general and specific responsibilities for

information security management

  D. .description of specific technologies used in the field of

information security 

Ans: D

---- >> Below Are The Related Posts Of Above

Questions :::

------>>[MOST IMPORTANT]<<------

1. 300+ TOP CISSP Objective Questions and Answers |

MCQs
2. 200+ TOP CISSP Online Quiz Questions – Exam Test |
Online Test
3. 300+ [UPDATED] SAP Security MCQs and Answers
[PDF]
4. 300+ TOP Radius Interview Questions [UPDATED]
5. 300+ TOP Palo Alto Firewall Interview Questions
[UPDATED]
6. 300+ TOP RSA Archer GRC Interview Questions
[UPDATED]
7. 250+ TOP MCQs on Information Security
Technologies and Answers
8. 250+ TOP MCQs on Network Management and
Answers 
 9. 100+ TOP Computer Forensics Interview Questions |
Lab Viva
10. 300+ [UPDATED] System Administration Interview
Questions
11. 300+ TOP PRTG Interview Questions [UPDATED]
12. 300+ [LATEST] Information Security Analyst
Interview Questions and Answers
13. 250+ TOP MCQs on Transact SQL and Answers
14. 300+ [UPDATED] Active Directory MCQs and
Answers
15. 250+ TOP MCQs on Encryption and Its Applications
and Answers
16. 250+ TOP MCQs on Row Level Security and Answers
17. 300+ [UPDATED] WebLogic MCQs and Answers
[PDF]
18. 250+ TOP MCQs on Wireless Security and Answers
19. 250+ TOP MCQs on SNMP and Answers
20. 300+ [UPDATED] SQL Server Security Interview
Questions

LEAVE A REPLY

Your email address will not be published. Required fields are marked * 
 Comment *

Name *

Email *

Website

Post Comment

Engineering 2022 , FAQs Interview Questions , Theme by Engineering||

Privacy Policy||
Terms and
Conditions||
ABOUT US||
Contact US||
Engineering interview questions,Mcqs,Objective Questions,Class Lecture Notes,Seminor topics,Lab
Viva Pdf PPT Doc Book free download. Most Asked Technical Basic CIVIL | Mechanical | CSE | EEE | ECE
| IT | Chemical | Medical MBBS Jobs Online Quiz Tests for Freshers Experienced .