Embark on a journey of CISSP exam readiness with this comprehensive series of practice tests. From operational security tasks to legal and regulatory compliance considerations, each article offers a diverse array of questions to test your knowledge and skills in information security.
1. Which resource is primarily targeted by phreakers?
A. Mainframes
B. Networks
C. PBX systems
D. Wireless networks
Correct Answer: C
2. After sending an email to an old colleague, it was rejected and you were prompted to resend it. What likely occurred with the message transfer agent?
A. Allowlist
B. Graylist
C. Blocklist
D. Black hole
Correct Answer: B
3. In the event of a significant disruption, which of the following is designed to assume operational responsibilities when the primary site is inoperative?
A. BCP (business continuity plan)
B. Audit
C. Incident response
D. COOP (continuity of operations plan)
Correct Answer: D
4. Which RAID configuration offers data striping without any redundancy?
A. RAID 0
B. RAID 1
C. RAID 3
D. RAID 4
Correct Answer: A
5. Which backup method is the quickest to perform but requires the most time to restore?
A. Incremental
B. Differential
C. Full
D. Grandfathered
Correct Answer: A
6. Which type of intrusion detection system primarily differentiates between typical and atypical activities?
A. Pattern based
B. Statistical based
C. Traffic based
D. Protocol based
Correct Answer: B
7. Which process involves replacing data with zeros?
A. Formatting
B. Drive wiping
C. Zeroization
D. Degaussing
Correct Answer: C
8. Which RAID configuration is characterized by a combination of striping and mirroring?
A. RAID 1
B. RAID 5
C. RAID 10
D. RAID 15
Correct Answer: C
9. Which multi-disk technique allows for the utilization of hard drives of varying sizes, provides no speed benefits, does not mirror, and can be implemented on two or more drives?
A. RAID 0
B. RAID 1
C. RAID 5
D. JBOD (Just a Bunch of Disks)
Correct Answer: D
10. If you are working on a confidential project that demands an immense amount of computational power, which technique would be most appropriate?
A. Redundant servers
B. Clustering
C. Distributed computing
D. Cloud computing
Correct Answer: C
11. How would you best describe a business continuity/ disaster recovery plan?
A. A strategy for preventing disasters
B. A sanctioned set of preparations and adequate procedures to react to disasters
C. A set of actions and methods to respond to disasters without needing managerial consent
D. The necessary preparations and methods to ensure the ongoing operation of all organizational functions
Correct Answer: B
12. Which legal and regulatory requirement is universally applicable across all industries?
A. Sarbanes-Oxley
B. HIPAA
C. Due diligence
D. BS25999
Correct Answer: C
13. Which statement most accurately captures the scope and focus of business continuity or disaster recovery planning within an organization?
A. Continuity planning is a paramount organizational concern encompassing all organizational areas or functions.
B. Continuity planning primarily focuses on technology, emphasizing the recovery of technological assets.
C. Continuity planning is essential only where there’s intricate voice and data communication.
D. Continuity planning is a crucial managerial concern, focusing on the main functions as determined by management.
Correct Answer: A
14. The primary objective of a business impact analysis is to
A. Determine the effects of a threat on organizational operations
B. Identify potential loss exposures for the organization
C. Assess the repercussions of a risk on the organization
D. Find the most cost-effective method to eliminate threats
Correct Answer: A
15. During the risk analysis phase of planning, which action is most effective in managing threats or reducing the consequences of an event?
A. Altering the exercise scenario
B. Crafting recovery procedures
C. Increasing dependence on key personnel
D. Instituting procedural controls
Correct Answer: D
16. What is the primary reason for introducing additional controls or safeguards?
A. To discourage or eliminate the risk
B. To detect and remove the threat
C. To minimize the threat’s impact
D. To recognize the risk and the threat
Correct Answer: A
17. Which statement most accurately defines a business impact analysis?
A. Risk analysis and organizational impact analysis are synonymous terms describing the same project effort.
B. A business impact analysis measures the likelihood of disruptions within the organization.
C. A business impact analysis is vital for the creation of a business continuity plan.
D. A business impact analysis determines the consequences of disruptions on the organization.
Correct Answer: D
18. The term “disaster recovery” pertains to the restoration of
A. Organizational operations
B. The technological environment
C. The manufacturing environment
D. Personnel environments
Correct Answer: B
19. Which term most accurately describes the effort to understand the potential repercussions of disruptions resulting from a disaster?
A. Business impact analysis
B. Risk analysis
C. Risk assessment
D. Project problem definition
Correct Answer: A
20. What is the primary benefit of utilizing a cold site as a recovery strategy?
A. It’s a more cost-effective recovery option.
B. It can be set up and made operational for any organizational function.
C. It’s preconfigured for communications and can be tailored for organizational functions.
D. It’s the most readily available option for testing server and communication restorations.
Correct Answer: A
21. Which of the following best describes the components of risk?
A. Natural and man-made disasters
B. Threats, assets, and controls to mitigate them
C. Risk assessment and business impact analysis
D. Business impact analysis and controls to mitigate risks
Correct Answer: B
22. What does the term “recovery time objective” (RTO) refer to?
A. The maximum duration a service or system can be down
B. The duration a disaster recovery process should take
C. The time needed to transition from a primary to a backup site
D. The waiting period before initiating a crisis communication plan
Correct Answer: A
23. Which backup type allows for the most efficient restoration from tape backup?
A. Full backup
B. Incremental backup
C. Partial backup
D. Differential backup
Correct Answer: A
24. What is a primary advantage of a hot site recovery solution?
A. It’s more cost-effective.
B. It’s highly available.
C. It ensures zero downtime.
D. It requires no maintenance.
Correct Answer: B
25. Which method is not recommended for testing the business continuity plan?
A. Tabletop exercise
B. Call exercise
C. Simulated exercise
D. Interrupting a live production application or function
Correct Answer: D
26. What is the main objective of a well-structured business continuity exercise?
A. To pinpoint the strengths and weaknesses of the plan
B. To meet managerial requirements
C. To adhere to an auditor’s stipulations
D. To sustain shareholder trust
Correct Answer: A
27. When is the optimal time to update and maintain a business continuity plan?
A. Yearly or upon an auditor’s request
B. Only when new software versions are rolled out
C. Exclusively when new hardware is introduced
D. As part of the configuration and change management procedure
Correct Answer: D
28. Which factor is paramount for the success of business continuity?
A. Support from senior leadership
B. A competent technical support team
C. A comprehensive Wide Area Network infrastructure
D. A cohesive incident response team
Correct Answer: A
29. If the recovery time objective for a service is two months, which alternate site strategy is most suitable?
A. Cold site
B. Reciprocal agreement
C. Warm site
D. Hot site
Correct Answer: A
30. If a service’s recovery point objective is zero, which strategy is best to ensure this requirement is met?
A. RAID 6 with a hot site alternative
B. RAID 0 with a warm site alternative
C. RAID 0 with a cold site alternative
D. RAID 6 with a reciprocal agreement
Correct Answer: A
31. What is the main role of a physical protection system?
A. Ascertain, guide, and dispatch
B. Detect, delay, and respond
C. Display, develop, initiate, and capture
D. Evaluate, dispatch, and detain
Correct Answer: B
32. For a successful vulnerability assessment, understanding protection systems is crucial through which of the following?
A. Threat definition, target identification, and facility characterization
B. Threat definition, conflict control, and facility characterization
C. Risk assessment, threat identification, and incident review
D. Threat identification, vulnerability evaluation, and access review
Correct Answer: A
33. In which scenarios is laminated glass recommended?
A. All external glass windows
B. Interior boundary breaches and vital infrastructure facilities
C. Windows at street level, entrances, and other access points
D. Capacitance proximity, intrusion detection locations, and boundary breaches
Correct Answer: C
34. What is the strategy called that involves creating multiple layers of protection around a resource or facility?
A. Secured boundary
B. Defense in depth
C. Strengthened barrier deterrent
D. Reasonable asset defense
Correct Answer: B
35. Which technique is most effective in shaping a physical environment to positively impact human behavior and reduce crime?
A. Asset protection and vulnerability evaluations
B. Minimizing vulnerability by safeguarding, compensating, or transferring the risk
C. Crime prevention through environmental design
D. Implementing employee screening and programs against workplace violence
Correct Answer: C
36. What is the cornerstone of an effective physical protection system?
A. Integration of individuals, processes, and equipment
B. Combination of technology, risk evaluation, and human engagement
C. Safeguarding, compensating, and risk transfer
D. Detection, prevention, and reaction
Correct Answer: A
37. What is the main goal of regulating access to a facility or zone?
A. Manage time controls for all staff members
B. Ensure only authorized individuals gain entry
C. Prevent potential threats or unauthorized materials that could be used for sabotage
D. For identification purposes
Correct Answer: B
38. What is the recommended lighting level for safety in perimeter zones like parking areas or garages?
A. 3 fc
B. 5 fc
C. 7 fc
D. 10 fc
Correct Answer: B
39. Which interior sensor is most suitable for a structure with ground-floor windows?
A. Infrared glass-break sensor
B. Ultrasonic glass-break sensors
C. Acoustic/shock glass-break sensors
D. Volumetric sensors
Correct Answer: C
40. Which options accurately represent three distinct functions of CCTV?
A. Monitoring, deterrence, and evidence collection
B. Intrusion detection, containment, and response
C. Optical scanning, infrared projection, and illumination
D. Observation, white balancing, and inspection
Correct Answer: A
41. While security technologies aren’t a panacea for all organizational security challenges, what benefit do they offer when applied correctly?
A. Reduction in electricity expenses
B. Enhancement of the security framework, often leading to cost savings for the organization
C. Government tax breaks for improved physical security systems
D. Increased property value due to advanced integrated technologies
Correct Answer: B
42. For what primary reason should a comprehensive evaluation of a facility or structure be conducted?
A. To identify the locations of all fire exits
B. In relation to the specified threats and the worth of the organization’s assets
C. To tally the number of staff members inside the facility
D. To assess the robustness of the boundary walls
Correct Answer: B
43. Which of the following is the optimal example of designing a new facility with security in mind?
A. Minimizing the number of entrances that need monitoring, staffing, and protection
B. Cutting down costs related to energy consumption for the physical security system
C. Providing employees with easy access without them being aware of the security measures monitoring them
D. Applying blast-resistant film to all external windows
Correct Answer: A
44. Why is it an established protocol for all visitors to sign in and out using a visitor’s log when entering a facility?
A. For detection, responsibility, and the potential need for action
B. For access control and observation
C. To record the duration of the visit, the person visited, and to account for everyone in emergencies
D. For planning evaluation and proper designation requirements
Correct Answer: C
45. What is the most effective method to safeguard the physical components linked to the alarm system?
A. Tamper protection
B. Target fortification
C. Security design
D. UL 2050 standard
Correct Answer: A
46. When utilizing portable computing devices or media, either within a facility or outside for legitimate business reasons, which protective measures are BEST to ensure their security?
A. Cable locks, encryption, password safeguards, and heightened awareness
B. Mitigating vulnerability through protection, risk offset, or risk transfer
C. Operational readiness, physical security systems, and standard operating procedures
D. Enhancing awareness, environmental design, and physical security measures
Correct Answer: A
47. Which systems authenticate individuals based on unique physical characteristics like fingerprints, eye patterns, or voice?
A. Biometric devices
B. Technological systems
C. Physiometric devices
D. Physical analysis devices
Correct Answer: A
48. Physical security is implemented using what kind of approach with protective measures to deter unauthorized access or property damage?
A. Layers
B. Methods
C. Varieties
D. Types
Correct Answer: A
49. What term describes a thorough review of a facility, encompassing physical security controls, policies, procedures, and employee safety?
A. Availability assessment
B. Security survey
C. Budgetary and financial review
D. Defense in depth
Correct Answer: B
50. Which security measure is most effective in preventing unauthorized access methods like “piggybacking” or “tailgating”?
A. Cameras
B. Turnstiles
C. Keys
D. Identification badges
Correct Answer: B
51. From which source does the most significant threat of cybercrime originate?
A. External actors
B. State-sponsored actors
C. Internal actors or employees
D. Novice hackers or enthusiasts
Correct Answer: C
52. What is the primary obstacle in combating computer-related crimes?
A. Cybercriminals tend to be more intelligent than cyber investigators.
B. Insufficient funds to stay ahead of cybercriminals.
C. The global nature of computer crime activities.
D. The overwhelming number of cybercriminals compared to investigators.
Correct Answer: C
53. Computer forensics combines computer science, IT, and engineering with which of the following?
A. Legal principles
B. Information systems
C. Analytical reasoning
D. Scientific methodology
Correct Answer: A
You may also like:- Top 30 Linux Questions (MCQs) with Answers and Explanations
- 75 Important Cybersecurity Questions (MCQs with Answers)
- 260 One-Liner Information Security Questions and Answers for Fast Learning
- Top 20 HTML5 Interview Questions with Answers
- 80 Most Important Network Fundamentals Questions With Answers
- 100 Most Important SOC Analyst Interview Questions
- Top 40 Cyber Security Questions and Answers
- Top 10 React JS Interview Theory Questions and Answers
- CISSP – Practice Test Questions – 2024 – Set 20 (53 Questions)
- Part 2: Exploring Deeper into CCNA – Wireless (145 Practice Test Questions)