This article offers you a solid foundation for the Certified Information Systems Security Professional (CISSP) exam. This article is designed for readers and students who want to study for the CISSP certification exam.
The CISSP exam is governed by the International Information Systems Security Certification Consortium, Inc. (ISC)2 organization.
- CISSP – MCQ – Security Management Practices
- CISSP – MCQ – Access Control Systems
- CISSP – MCQ – Telecommunications and Network Security
- CISSP – MCQ – Cryptography
- CISSP – MCQ – Security Architecture and models
- CISSP – MCQ – Operations Security
- CISSP – MCQ – Applications and Systems Development
- CISSP – MCQ – Business Continuity Planning and Disaster Recovery Planning
- CISSP – MCQ – Law, Investigation and Ethics
- CISSP – MCQ – Physical Security
- CISSP – MCQ – Systems Security Engineering
- CISSP – MCQ – Certification and Accreditation
- CISSP – MCQ – Technical Management
- CISSP – MCQ – U.S. Government Information Assurance (IA) Regulations
(ISC)2 is a global not-for-profit organization. It has four primary mission goals:
- Maintain the Common Body of Knowledge for the field of information systems security
- Provide certification for information systems security professionals and practitioners
- Conduct certification training and administer the certification exams
- Oversee the ongoing accreditation of qualified certification candidates through continued education
In this article, all the questions are related to “Applications and Systems Development” and are as follows:
1) According to the Internet Activities Board (IAB), an activity that causes which of the following is considered a violation of ethical behavior on the Internet?
- Wasting resources
- Appropriate other people’s intellectual output
- Using a computer to steal
- Using a computer to bear false witness
2) Which of the following best defines social engineering?
- Illegal copying of software
- Gathering information from discarded manuals and printouts
- Using people skills to obtain proprietary information
- Destruction or alteration of data
3) Because the development of new technology usually outpaces the law, law enforcement uses which traditional laws to prosecute computer criminals?
- Malicious mischief.
- Embezzlement, fraud, and wiretapping.
- Conspiracy and elimination of competition.
4) Which of the following is NOT a category of law under the Common law system?
- Criminal law
- Civil law
- Administrative/Regulatory law
- Derived law
5) A trade secret:
- Provides the owner with a legally enforceable right to exclude others from practicing the art covered for a specified time period.
- Protects original works of authorship.
- Secures and maintains the confidentiality of proprietary technical or business-related information that is adequately protected from disclosure by the owner.
- Is a word, name, symbol, color, sound, product shape, or device used to identify goods and to distinguish them from those made or sold by others.
6) Which of the following is NOT a European Union (EU) principle?
- Data should be collected in accordance with the law.
- Transmission of personal information to locations where equivalent personal data protection cannot be assured is permissible.
- Data should be used only for the purposes for which it was collected and should be used only for a reasonable period of time.
- Information collected about an individual cannot be disclosed to other organizations or Individuals unless authorized by law or by consent of the individual.
7) The Federal Sentencing Guidelines:
- Hold Senior corporate officers personally liable if their organizations do not comply with the law.
- Prohibit altering, damaging, or destroying information in a federal interest computer.
- Prohibit eavesdropping or the interception of message contents
- Established a category of sensitive information called Sensitive But Unclassified (SBU)
8) What does the prudent man rule require?
- Senior officials to post performance bonds for their actions.
- Senior officials to perform their duties with the care that ordinary, prudent people would exercise under similar circumstances.
- Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur.
- Senior officials to follow specified government standards.
9) Information Warfare is:
- Attacking the information infrastructure of a nation to gain military and/or economic advantages.
- Developing weapons systems based on artificial intelligence technology.
- Generating and disseminating propaganda material.
- Signal intelligence
10) The chain of evidence relates to:
- Securing laptops to desks during an investigation.
- DNA testing.
- Handling and controlling evidence.
- Making a disk image.
11) The Kennedy-Kassebaum Act is also known as:
- EU Directive
12) Which of the following refers to a U.S. government program that reduces or eliminates emanations from electronic equipment?
13) Imprisonment is a possible sentence under:
- Civil (tort) law
- Criminal law
- Both civil and criminal law
- Neither civil nor criminal law
14) Which one of the following conditions must be met if legal electronic monitoring of employees is conducted by an organization?
- Employees must be unaware or the monitoring activity.
- All employees must agree with the monitoring policy.
- Results of the monitoring cannot be used against the employee.
- The organization must have a policy stating that all employees are regularly notified that monitoring is being conducted.
15) Which of the following is a key principle in the evolution of computer crime laws in many countries?
- All members of the United Nations have agreed to uniformly define and prosecute computer crime.
- Existing laws against embezzlement, fraud, and wiretapping cannot be applied to computer crime.
- The definition of property was extended to include electronic information.
- Unauthorized acquisition of computer-based information without the intent to resell is not a crime.
16) The concept of due care states that senior organizational management must ensure that:
- All risks to an information system are eliminated
- Certain requirements must be fulfilled in carrying out their responsibilities to the organization.
- Other management personnel are delegated the responsibility for information system security.
- The cost of implementing safeguards is greater than the potential resultant losses resulting from information security breaches.
17) Liability of senior organizational officials relative to the protection of the organization’s information systems is prosecutable under:
- Criminal law
- Civil law
- International law
- Financial law
18) Responsibility for handling computer crimes in the United States is assigned to:
- The Federal Bureau of Investigation (FBI) and the Secret Service
- The FBI only
- The National Security Agency (NSA)
- The Central Intelligence Agency (CIA)
19) In general, computer-based evidence is considered:
20) Investigation and prosecuting computer crimes is made more difficult because:
- Backups may be difficult to find.
- Evidence is mostly intangible.
- Evidence cannot be preserved.
- Evidence is hearsay and can never be introduced into a court of law.
21) Which of the following criteria are used to evaluate suspects in the commission of a crime?
- Motive, Intent, and Ability
- Means, Object, and Motive
- Means, Intent, and Motive
- Motive, Means, and Opportunity
22) Which one of the following U.S. government entities was assigned the responsibility for improving government efficiency through the application of new technologies and for developing guidance on information security for government agencies by the Paperwork Reduction Act of 1980, 1995?
- The National Institute for Standards and Technology (NIST)
- The General Services Administration (GSA)
- The Office of Management and Budget (OMB)
- The National Security Agency (NSA)
23) What is enticement?
- Encouraging the commission of a crime when there was initially no intent to commit a crime.
- Assisting in the commission of a crime.
- Luring the perpetrator to an attractive area or presenting the perpetrator with a lucrative target after the crime has already been initiated.
- Encouraging the commission of one crime over another.
24) Which of the following is NOT a computer investigation issue?
- Evidence is easy to obtain.
- The time frame for investigation is compressed.
- An expert may be required to assist.
- The information is intangible.
25) Conducting a search without the delay of obtaining a warrant if destruction of evidence seems imminent is possible under:
- Federal Sentencing Guidelines
- Proximate Causation
- Exigent Circumstances
- Prudent Man Rule
26) Which one of the following items in NOT TRUE concerning the Platform for Privacy Preferences (P3P) developed by the World Wide Web Consortium (W3C)?
- It allows Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents.
- It allows users to be informed of site practices in human-readable format.
- It does not provide the site privacy practices to users in machine-readable format.
- It automates decision-making based on the site’s privacy practices when appropriate.
27) The 1996 Information Technology Management Reform Act (ITMRA), or Clinger-Cohen Act, did which one of the following?
- Relieved the General Services Administration of responsibility for procurement of automated systems and contract appeals and charged the Office of Management and Budget with providing guidance on information technology procurement.
- Relieved the General Services Administration of responsibility for procurement of automated systems and contract appeals and charged the National Institute for Standards and Technology with providing guidance on information technology procurement.
- Relieved the Office of Management and Budget of responsibility for procurement of automated systems and contract appeals and charged the General Services Administration with providing guidance on information technology procurement.
- Relieved the General Services Administration of responsibility for procurement of automated systems and contract appeals and charged the National Security Agency with providing guidance on information technology procurement.
28) Which one of the following U.S. Acts prohibits trading, manufacturing, or selling in any way that is intended to bypass copyright protection mechanisms?
- The 1999 Uniform Information Transactions Act (UCITA)
- The 1998 Digital Millennium Copyright Act (DMCA)
- The 1998 Sonny Bono Copyright Term Extension Act
- The 1987 U.S. Computer Security Act
29) Which of the following actions by the U.S. government is NOT permitted or required by the U.S. Patriot Act, signed into law on October 26, 2001 ?
- Subpoena of electronic records.
- Monitoring of Internet communications.
- Search and seizure of information on live systems (including routers and servers), backups and archives.
- Reporting of cash and wire transfers of $5,000 or more.
30) Which Act required U.S. government agencies to do the following?
- 1994 U.S. Computer Abuse Amendments Act
- 1996, Title I, Economic Espionage Act
- 1987 U.S. Computer Security Act
- Paperwork Reduction Act of 1980, 1995