This article offers you a solid foundation for the Certified Information Systems Security Professional (CISSP) exam. This article is designed for readers and students who want to study for the CISSP certification exam.
The CISSP exam is governed by the International Information Systems Security Certification Consortium, Inc. (ISC)2 organization.
- CISSP – MCQ – Security Management Practices
- CISSP – MCQ – Access Control Systems
- CISSP – MCQ – Telecommunications and Network Security
- CISSP – MCQ – Cryptography
- CISSP – MCQ – Security Architecture and models
- CISSP – MCQ – Operations Security
- CISSP – MCQ – Applications and Systems Development
- CISSP – MCQ – Business Continuity Planning and Disaster Recovery Planning
- CISSP – MCQ – Law, Investigation and Ethics
- CISSP – MCQ – Physical Security
- CISSP – MCQ – Systems Security Engineering
- CISSP – MCQ – Certification and Accreditation
- CISSP – MCQ – Technical Management
- CISSP – MCQ – U.S. Government Information Assurance (IA) Regulations
(ISC)2 is a global not-for-profit organization. It has four primary mission goals:
- Maintain the Common Body of Knowledge for the field of information systems security
- Provide certification for information systems security professionals and practitioners
- Conduct certification training and administer the certification exams
- Oversee the ongoing accreditation of qualified certification candidates through continued education
In this article, all the questions are related to “Security Architecture and Models” and are as follows:
1) What is a data warehouse?
- A remote facility used for storing backup tapes
- A repository of information from heterogeneous databases
- A table in a relational database system
- A hot backup building
2) What does normalizing data in a data warehouse mean?
- Redundant data is removed.
- Numerical data is divided by a common factor.
- Data is converted to a symbolic representation.
- Data is restricted to a range of values.
3) What is a neural network?
- A hardware or software system that emulates the reasoning of a human expert
- A collection of computers that are focused on medical applications
- A series of networked PCs performing artificial intelligence tasks
- A hardware or software system that emulates the functioning of biological neurons
4) A neural network learns by using various algorithms to:
- Adjust the weights applied to the data
- Fire the rules in the knowledge base
- Emulate an inference engine
- Emulate the thinking of an expert
5) The SEI Software Capability Maturity Model is based on the premise that:
- Good software development is a function of the number of expert programmers in the organization.
- The maturity of an organization’s software processes cannot be measured.
- The quality of a software product is a direct function of the quality of its associated software development and maintenance processes.
- Software development is an art that cannot be measured by conventional means.
6) In configuration management, a configuration item is:
- The version of the operating system that is operating on the workstation that provides information security services.
- A component whose state is to be recorded and against which changes are to be progressed.
- The network architecture used by the organization.
- A series of files that contain sensitive information.
7) In an object-oriented system, polymorphism denotes:
- Objects of many different classes that are related by some common superclass; thus, any object denoted by this name can respond to some common set of operations in a different way.
- Objects of many different classes that are related by some common superclass; thus, all objects denoted by this name can respond to some common set of operations in identical fashion.
- Objects of the same class; thus, any object denoted by this name can respond to some common set of operations in the same way.
- Objects of many different classes that are unrelated but respond to some common set of operations in the same way.
8) The simplistic model of software life cycle development assumes that:
- Iteration will be required among the steps in the process.
- Each step can be completed and finalized without any effect from the later stages that might require rework.
- Each phase is identical to a completed milestone.
- Software development requires reworking and repeating some of the phases.
9) What is a method in an object-oriented system?
- The means of communication among objects
- A guide to the programming of objects
- The code defining the actions that the object performs in response to a message
- The situation where a class inherits the behavioral characteristics of more that one parent class
10) What does the Spiral model depict?
- A spiral that incorporates various phases of software development
- A spiral that models the behavior of biological neurons
- The operation of expert systems
- Information security checklists
11) In the software life cycle, verification:
- Evaluates the product in development against real-world requirements
- Evaluates the product in development against similar products
- Evaluates the product in development against general baselines
- Evaluates the product in development against the specification
12) In the software life cycle, validation:
- Refers to the work product satisfying the real-world requirements and concepts.
- Refers to the work product satisfying derived specifications.
- Refers to the work product satisfying software maturity levels.
- Refers to the work product satisfying generally accepted principles.
13) In the modified Waterfall model:
- Unlimited backward iteration is permitted.
- The model was reinterpreted to have phases end at project milestones.
- The model was reinterpreted to have phases begin at project milestones.
- Product verification and validation are not included.
14) Cyclic redundancy checks, structured walk-throughs, and hash totals are examples of what type of application controls?
- Preventive security controls
- Preventive consistency controls
- Detective accuracy controls
- Corrective consistency controls
15) In a system life cycle, information security controls should be:
- Designed during the product implementation phase
- Implemented prior to validation
- Part of the feasibility phase
- Specified after the coding phase
16) The software maintenance phase controls consist of:
- Request control, change control, and release control
- Request control, configuration control, and change control
- Change control, security control, and access control
- Request control, release control, and access control
17) In configuration management, what is a software library?
- A set of versions of the component configuration items
- A controlled area accessible only to approved users who are restricted to the use of an approved procedure
- A repository of backup tapes
- A collection of software build lists
18) What is configuration control?
- Identifying and documenting the functional and physical characteristics of each configuration item
- Controlling changes to the configuration items and issuing versions of configuration items from the software library
- Recording the processing of changes
- Controlling the quality of the configuration management procedures
19) What is searching for data correlations in the data warehouse called?
- Data warehousing
- Data mining
- A data dictionary
- Configuration management
20) The security term that is concerned with the same primary key existing at different classification levels in the same database is:
21) What is a data dictionary?
- A database for system developers
- A database of security terms
- A library of objects
- A validation reference source
22) Which of the following is an example of mobile code?
- Embedded code in control systems
- Embedded code in PCs
- Java and ActiveX code downloaded into a Web browser from the World Wide Web (WWW)
- Code derived following the Spiral model
23) Which of the following is NOT true regarding software unit testing?
- The test data is part of the specification.
- Correct test output results should be developed and known beforehand.
- Live or actual field data is recommended for use in the testing procedures.
- Testing should check for out-of-range values and other bounds conditions.
24) The definition “the science and art of specifying, designing, implementing, and evolving programs, documentation, and operating procedures whereby computers can be made useful to man” is that of:
- Structured analysis/structured design (SA/SD)
- Software engineering
- An object-oriented system
- Functional programming
25) In software engineering, the term verification is defined as:
- To establish the truth of correspondence between a software product and its specification.
- A complete, validated specification of the required functions, interfaces, and performance for the software product.
- To establish the fitness or worth of a software product for its operational mission.
- A complete, verified specification of the overall hardware-software architecture, control structure, and data structure for the product.
26) The discipline of identifying the components of a continually evolving system for the purpose of controlling changes to those components and maintaining integrity and traceability throughout the life cycle is called:
- Change control
- Request control
- Release control
- Configuration management
27) The basic version of the Construction Cost Model (COCOMO), which proposes quantitative life cycle relationships, performs what function?
- Estimates software development effort based on user function categories.
- Estimates software development effort and cost as a function of the size of the software product in source instructions.
- Estimates software development effort and cost as a function of the size of the software product in source instructions modified by manpower buildup and productivity factors.
- Estimates software development effort and cost as a function of the size of the software product in source instructions modified by hardware and input functions.
28) A refinement to the basic Waterfall model that states that software should be developed in increments of functional capability is called:
- Functional refinement
- Functional development
- Incremental refinement
- Incremental development
29) The Spiral model of the software development process (B.W. Boehm, “A Spiral Model of Software Development and Enhancement,” IEEE Computer, May 1988) uses the following metric relative to the spiral:
- The radial dimension represents the cost of each phase.
- The radial dimension represents progress made in completing each cycle.
- The angular dimension represents cumulative cost.
- The radial dimension represents cumulative cost.
30) In the Capability Maturity Model (CMM) for software, the definition “describes the range of expected results that can be achieved by following a software process” is that of:
- Structured analysis/structured design (SA/SD)
- Software process capability
- Software process performance
- Software process maturity