CISSP – Practice Test Questions – 2024 – Set 14 (53 Questions)

Embark on a journey of CISSP exam readiness with this comprehensive series of practice tests. From operational security tasks to legal and regulatory compliance considerations, each article offers a diverse array of questions to test your knowledge and skills in information security.

1. Which resource is primarily targeted by phreakers?

A. Mainframes
B. Networks
C. PBX systems
D. Wireless networks

Correct Answer: C

2. After sending an email to an old colleague, it was rejected and you were prompted to resend it. What likely occurred with the message transfer agent?

A. Allowlist
B. Graylist
C. Blocklist
D. Black hole

Correct Answer: B

3. In the event of a significant disruption, which of the following is designed to assume operational responsibilities when the primary site is inoperative?

A. BCP (business continuity plan)
B. Audit
C. Incident response
D. COOP (continuity of operations plan)

Correct Answer: D

4. Which RAID configuration offers data striping without any redundancy?

A. RAID 0
B. RAID 1
C. RAID 3
D. RAID 4

Correct Answer: A

5. Which backup method is the quickest to perform but requires the most time to restore?

A. Incremental
B. Differential
C. Full
D. Grandfathered

Correct Answer: A

6. Which type of intrusion detection system primarily differentiates between typical and atypical activities?

A. Pattern based
B. Statistical based
C. Traffic based
D. Protocol based

Correct Answer: B

7. Which process involves replacing data with zeros?

A. Formatting
B. Drive wiping
C. Zeroization
D. Degaussing

Correct Answer: C

8. Which RAID configuration is characterized by a combination of striping and mirroring?

A. RAID 1
B. RAID 5
C. RAID 10
D. RAID 15

Correct Answer: C

9. Which multi-disk technique allows for the utilization of hard drives of varying sizes, provides no speed benefits, does not mirror, and can be implemented on two or more drives?

A. RAID 0
B. RAID 1
C. RAID 5
D. JBOD (Just a Bunch of Disks)

Correct Answer: D

10. If you are working on a confidential project that demands an immense amount of computational power, which technique would be most appropriate?

A. Redundant servers
B. Clustering
C. Distributed computing
D. Cloud computing

Correct Answer: C

11. How would you best describe a business continuity/ disaster recovery plan?

A. A strategy for preventing disasters
B. A sanctioned set of preparations and adequate procedures to react to disasters
C. A set of actions and methods to respond to disasters without needing managerial consent
D. The necessary preparations and methods to ensure the ongoing operation of all organizational functions

Correct Answer: B

12. Which legal and regulatory requirement is universally applicable across all industries?

A. Sarbanes-Oxley
B. HIPAA
C. Due diligence
D. BS25999

Correct Answer: C

13. Which statement most accurately captures the scope and focus of business continuity or disaster recovery planning within an organization?

A. Continuity planning is a paramount organizational concern encompassing all organizational areas or functions.
B. Continuity planning primarily focuses on technology, emphasizing the recovery of technological assets.
C. Continuity planning is essential only where there’s intricate voice and data communication.
D. Continuity planning is a crucial managerial concern, focusing on the main functions as determined by management.

Correct Answer: A

14. The primary objective of a business impact analysis is to

A. Determine the effects of a threat on organizational operations
B. Identify potential loss exposures for the organization
C. Assess the repercussions of a risk on the organization
D. Find the most cost-effective method to eliminate threats

Correct Answer: A

15. During the risk analysis phase of planning, which action is most effective in managing threats or reducing the consequences of an event?

A. Altering the exercise scenario
B. Crafting recovery procedures
C. Increasing dependence on key personnel
D. Instituting procedural controls

Correct Answer: D

16. What is the primary reason for introducing additional controls or safeguards?

A. To discourage or eliminate the risk
B. To detect and remove the threat
C. To minimize the threat’s impact
D. To recognize the risk and the threat

Correct Answer: A

17. Which statement most accurately defines a business impact analysis?

A. Risk analysis and organizational impact analysis are synonymous terms describing the same project effort.
B. A business impact analysis measures the likelihood of disruptions within the organization.
C. A business impact analysis is vital for the creation of a business continuity plan.
D. A business impact analysis determines the consequences of disruptions on the organization.

Correct Answer: D

18. The term “disaster recovery” pertains to the restoration of

A. Organizational operations
B. The technological environment
C. The manufacturing environment
D. Personnel environments

Correct Answer: B

19. Which term most accurately describes the effort to understand the potential repercussions of disruptions resulting from a disaster?

A. Business impact analysis
B. Risk analysis
C. Risk assessment
D. Project problem definition

Correct Answer: A

20. What is the primary benefit of utilizing a cold site as a recovery strategy?

A. It’s a more cost-effective recovery option.
B. It can be set up and made operational for any organizational function.
C. It’s preconfigured for communications and can be tailored for organizational functions.
D. It’s the most readily available option for testing server and communication restorations.

Correct Answer: A

21. Which of the following best describes the components of risk?

A. Natural and man-made disasters
B. Threats, assets, and controls to mitigate them
C. Risk assessment and business impact analysis
D. Business impact analysis and controls to mitigate risks

Correct Answer: B

22. What does the term “recovery time objective” (RTO) refer to?

A. The maximum duration a service or system can be down
B. The duration a disaster recovery process should take
C. The time needed to transition from a primary to a backup site
D. The waiting period before initiating a crisis communication plan

Correct Answer: A

23. Which backup type allows for the most efficient restoration from tape backup?

A. Full backup
B. Incremental backup
C. Partial backup
D. Differential backup

Correct Answer: A

24. What is a primary advantage of a hot site recovery solution?

A. It’s more cost-effective.
B. It’s highly available.
C. It ensures zero downtime.
D. It requires no maintenance.

Correct Answer: B

25. Which method is not recommended for testing the business continuity plan?

A. Tabletop exercise
B. Call exercise
C. Simulated exercise
D. Interrupting a live production application or function

Correct Answer: D

26. What is the main objective of a well-structured business continuity exercise?

A. To pinpoint the strengths and weaknesses of the plan
B. To meet managerial requirements
C. To adhere to an auditor’s stipulations
D. To sustain shareholder trust

Correct Answer: A

27. When is the optimal time to update and maintain a business continuity plan?

A. Yearly or upon an auditor’s request
B. Only when new software versions are rolled out
C. Exclusively when new hardware is introduced
D. As part of the configuration and change management procedure

Correct Answer: D

28. Which factor is paramount for the success of business continuity?

A. Support from senior leadership
B. A competent technical support team
C. A comprehensive Wide Area Network infrastructure
D. A cohesive incident response team

Correct Answer: A

29. If the recovery time objective for a service is two months, which alternate site strategy is most suitable?

A. Cold site
B. Reciprocal agreement
C. Warm site
D. Hot site

Correct Answer: A

30. If a service’s recovery point objective is zero, which strategy is best to ensure this requirement is met?

A. RAID 6 with a hot site alternative
B. RAID 0 with a warm site alternative
C. RAID 0 with a cold site alternative
D. RAID 6 with a reciprocal agreement

Correct Answer: A

31. What is the main role of a physical protection system?

A. Ascertain, guide, and dispatch
B. Detect, delay, and respond
C. Display, develop, initiate, and capture
D. Evaluate, dispatch, and detain

Correct Answer: B

32. For a successful vulnerability assessment, understanding protection systems is crucial through which of the following?

A. Threat definition, target identification, and facility characterization
B. Threat definition, conflict control, and facility characterization
C. Risk assessment, threat identification, and incident review
D. Threat identification, vulnerability evaluation, and access review

Correct Answer: A

33. In which scenarios is laminated glass recommended?

A. All external glass windows
B. Interior boundary breaches and vital infrastructure facilities
C. Windows at street level, entrances, and other access points
D. Capacitance proximity, intrusion detection locations, and boundary breaches

Correct Answer: C

34. What is the strategy called that involves creating multiple layers of protection around a resource or facility?

A. Secured boundary
B. Defense in depth
C. Strengthened barrier deterrent
D. Reasonable asset defense

Correct Answer: B

35. Which technique is most effective in shaping a physical environment to positively impact human behavior and reduce crime?

A. Asset protection and vulnerability evaluations
B. Minimizing vulnerability by safeguarding, compensating, or transferring the risk
C. Crime prevention through environmental design
D. Implementing employee screening and programs against workplace violence

Correct Answer: C

36. What is the cornerstone of an effective physical protection system?

A. Integration of individuals, processes, and equipment
B. Combination of technology, risk evaluation, and human engagement
C. Safeguarding, compensating, and risk transfer
D. Detection, prevention, and reaction

Correct Answer: A

37. What is the main goal of regulating access to a facility or zone?

A. Manage time controls for all staff members
B. Ensure only authorized individuals gain entry
C. Prevent potential threats or unauthorized materials that could be used for sabotage
D. For identification purposes

Correct Answer: B

38. What is the recommended lighting level for safety in perimeter zones like parking areas or garages?

A. 3 fc
B. 5 fc
C. 7 fc
D. 10 fc

Correct Answer: B

39. Which interior sensor is most suitable for a structure with ground-floor windows?

A. Infrared glass-break sensor
B. Ultrasonic glass-break sensors
C. Acoustic/shock glass-break sensors
D. Volumetric sensors

Correct Answer: C

40. Which options accurately represent three distinct functions of CCTV?

A. Monitoring, deterrence, and evidence collection
B. Intrusion detection, containment, and response
C. Optical scanning, infrared projection, and illumination
D. Observation, white balancing, and inspection

Correct Answer: A

41. While security technologies aren’t a panacea for all organizational security challenges, what benefit do they offer when applied correctly?

A. Reduction in electricity expenses
B. Enhancement of the security framework, often leading to cost savings for the organization
C. Government tax breaks for improved physical security systems
D. Increased property value due to advanced integrated technologies

Correct Answer: B

42. For what primary reason should a comprehensive evaluation of a facility or structure be conducted?

A. To identify the locations of all fire exits
B. In relation to the specified threats and the worth of the organization’s assets
C. To tally the number of staff members inside the facility
D. To assess the robustness of the boundary walls

Correct Answer: B

43. Which of the following is the optimal example of designing a new facility with security in mind?

A. Minimizing the number of entrances that need monitoring, staffing, and protection
B. Cutting down costs related to energy consumption for the physical security system
C. Providing employees with easy access without them being aware of the security measures monitoring them
D. Applying blast-resistant film to all external windows

Correct Answer: A

44. Why is it an established protocol for all visitors to sign in and out using a visitor’s log when entering a facility?

A. For detection, responsibility, and the potential need for action
B. For access control and observation
C. To record the duration of the visit, the person visited, and to account for everyone in emergencies
D. For planning evaluation and proper designation requirements

Correct Answer: C

45. What is the most effective method to safeguard the physical components linked to the alarm system?

A. Tamper protection
B. Target fortification
C. Security design
D. UL 2050 standard

Correct Answer: A

46. When utilizing portable computing devices or media, either within a facility or outside for legitimate business reasons, which protective measures are BEST to ensure their security?

A. Cable locks, encryption, password safeguards, and heightened awareness
B. Mitigating vulnerability through protection, risk offset, or risk transfer
C. Operational readiness, physical security systems, and standard operating procedures
D. Enhancing awareness, environmental design, and physical security measures

Correct Answer: A

47. Which systems authenticate individuals based on unique physical characteristics like fingerprints, eye patterns, or voice?

A. Biometric devices
B. Technological systems
C. Physiometric devices
D. Physical analysis devices

Correct Answer: A

48. Physical security is implemented using what kind of approach with protective measures to deter unauthorized access or property damage?

A. Layers
B. Methods
C. Varieties
D. Types

Correct Answer: A

49. What term describes a thorough review of a facility, encompassing physical security controls, policies, procedures, and employee safety?

A. Availability assessment
B. Security survey
C. Budgetary and financial review
D. Defense in depth

Correct Answer: B

50. Which security measure is most effective in preventing unauthorized access methods like “piggybacking” or “tailgating”?

A. Cameras
B. Turnstiles
C. Keys
D. Identification badges

Correct Answer: B

51. From which source does the most significant threat of cybercrime originate?

A. External actors
B. State-sponsored actors
C. Internal actors or employees
D. Novice hackers or enthusiasts

Correct Answer: C

52. What is the primary obstacle in combating computer-related crimes?

A. Cybercriminals tend to be more intelligent than cyber investigators.
B. Insufficient funds to stay ahead of cybercriminals.
C. The global nature of computer crime activities.
D. The overwhelming number of cybercriminals compared to investigators.

Correct Answer: C

53. Computer forensics combines computer science, IT, and engineering with which of the following?

A. Legal principles
B. Information systems
C. Analytical reasoning
D. Scientific methodology

Correct Answer: A

You may also like: