CISSP – Practice Test Questions – 2024 – Set 6 (53 Questions)

Unlock the secrets to CISSP exam success with this series of practice tests covering a wide range of topics in information security. Whether you’re exploring asset protection strategies or mastering security assessment and testing methodologies, each article provides a valuable opportunity to enhance your skills and knowledge.

1. Which of these physical security devices possess integrated computing capabilities?

A. Smart cards
B. Memory cards
C. Hardware tokens
D. Physical tokens

Correct Answer: A

2. Which physical security devices are suitable for safeguarding IT assets with a low risk and confidentiality level?

A. Smart cards
B. Memory cards
C. Hardware tokens
D. Physical tokens

Correct Answer: D

3. Distributed system security services can be no stronger than the underlying

A. Hardware components
B. Firmware components
C. Operating system
D. Application system

Correct Answer: C

4. What five aspects should a physical security plan focus on when deliberating on threats and the countermeasures to be implemented?

A. Prevent, Identify, Respond, Sustain, and Preserve
B. Discourage, Delay, Respond, Sustain, and Preserve
C. Discourage, Delay, Identify, Evaluate, and Respond
D. Identify, Delay, Evaluate, Respond, and Validate

Correct Answer: C

5. What is the best definition of Faraday cage?

A. A structure offering complex access control, including man traps
B. A shield that prohibits any emanations from leaving or infiltrating the enclosed space
C. A wired, cage-enclosed room that prohibits unauthorized access and has a single entry point
D. Copper shielding around twisted-pair wiring that provides extra protection from emanations and adds strength

Correct Answer: B

6. What type of model is represented by a two-dimensional arrangement where individual subjects are grouped into roles, and access is granted to these groups for specific objects?

A. Multilevel lattice
B. State machine
C. Non-interference
D. Matrix-based

Correct Answer: D

7. Which model ensures that a subject with a “Secret” clearance level can only write to objects classified as “Secret” or “Top Secret” and is barred from writing information classified as “Public”?

A. Biba Integrity
B. Clark-Wilson
C. Brewer-Nash
D. Bell-LaPadula

Correct Answer: D

8. What feature is exclusive to the Biba Integrity Model?

A. Simple property
B. * (star) property
C. Invocation property
D. Strong * property

Correct Answer: D

9. Which security model is best suited for a shared data hosting environment to ensure that one customer’s data is not disclosed to a competitor or other customers sharing the same environment?

A. Brewer-Nash
B. Clark-Wilson
C. Bell-LaPadula
D. Lipner

Correct Answer: A

10. Which security model is mainly concerned with how subjects and objects are created and how subjects are assigned rights or privileges?

A. Bell-LaPadula
B. Biba Integrity
C. Chinese Wall
D. Graham-Denning

Correct Answer: D

11. In the context of information systems security, how would you describe a penetration?

A. An attack followed by a breach
B. A threat followed by an attack
C. A breach resulting from a threat
D. A countermeasure against a threat

Correct Answer: A

12. Which of the following does not align with the fundamental goals of computer-based information systems security?

A. Safeguarding system assets against loss, damage, and misuse
B. Ensuring data accuracy and process reliability within applications
C. Ensuring information and application processes are always accessible
D. Managing data analysis

Correct Answer: D

13. What is the main objective of a plan of action and milestones document?

A. Eliminating or reducing known vulnerabilities
B. Utilizing findings from security control assessments
C. Applying results from security impact analyses
D. Implementing findings from continuous monitoring activities

Correct Answer: A

14. In terms of information systems security, how would you characterize an exposure?

A. An attack followed by a breach
B. A vulnerability combined with a threat
C. An attack following a threat
D. An attack combined with a vulnerability

Correct Answer: B

15. Which type of technical security control is interrelated with other controls and consistently active for risk mitigation?

A. Supportive controls
B. Preventative controls
C. Detective controls
D. Recovery controls

Correct Answer: A

16. What approach must information security follow?

A. Top-down process
B. Bottom-up process
C. Both top-down and bottom-up
D. Bottom-up initially, followed by top-down

Correct Answer: A

17. Which feature or mode of IPSec conceals the actual IP addresses of the source and destination?

A. Transport mode
B. Tunnel mode
C. Internet Key Exchange (IKE)
D. Security Parameter Index (SPI)

Correct Answer: B

18. Where should you look to verify if the issuer of an X.509 digital certificate has retracted its trust for the subject of the certificate?

A. The certificate revocation list (CRL)
B. Directory services registry
C. The organization’s email server
D. The CRL distribution point (CDP)

Correct Answer: A

19. Which of these does not pertain to the properties of the one-time pad?

A. The key is the same length as the message.
B. The key is not reused.
C. The key is tied to a certificate.
D. The key is highly random.

Correct Answer: C

20. How would you describe an attack trying to produce a collision using a hashing algorithm?

A. A brute-force attack
B. A rainbow attack
C. A birthday attack
D. A ciphertext-only attack

Correct Answer: C

21. What are the necessary components to create a signed and sealed message?

A. Sender’s public key, sender’s private key, and a hashing algorithm
B. Sender’s private key, recipient’s public key, and a hashing algorithm
C. Sender’s private key, recipient’s private key, and a hashing algorithm
D. Sender’s private key, recipient’s public key, and recipient’s private key

Correct Answer: B

22. Which type of attack is typically used to reveal a sender’s symmetric key easily?

A. Ciphertext only
B. Known plaintext
C. Chosen plaintext
D. Chosen ciphertext

Correct Answer: D

23. Which mode of symmetric key block ciphers is the fastest and most robust?

A. Counter mode
B. Output feedback mode
C. Cipher feedback mode
D. Cipher block chaining

Correct Answer: A

24. What function is used in the S-box for modern symmetric key cryptosystems?

A. Transposition
B. Hashing
C. Pseudo-random number generation
D. Exclusive Or

Correct Answer: C

25. How would you describe a superscalar processor?

A. Executes only one instruction at a time
B. Has two large input and output caches
C. Executes multiple instructions simultaneously
D. Has two large output caches

Correct Answer: C

26. What term refers to shortcuts created by programmers during development, allowing bypass of normal processes, but are accidentally left in the software when shipped to customers?

A. Backdoors
B. Traps
C. Buffer overflows
D. Covert channels

Correct Answer: A

27. You noticed a high level of TCP traffic and discovered malformed TCP ACK packets with unauthorized data. What type of attack did you discover?

A. Buffer overflow attack
B. Asynchronous attack
C. Covert channel attack
D. DoS attack

Correct Answer: C

28. Which standard evaluates functionality and assurance separately?

A. TCSEC
B. TNI
C. ITSEC
D. CTCPEC

Correct Answer: C

29. Which model was the first to focus on confidentiality?

A. Bell-LaPadula
B. Biba
C. Clark-Wilson
D. Take-Grant

Correct Answer: A

30. Which model is based on integrity and was designed for commercial applications?

A. Information flow
B. Clark-Wilson
C. Bell-LaPadula
D. Brewer-Nash

Correct Answer: B

31. What does the Biba model primarily address?

A. Internal threats
B. External threats
C. Confidentiality
D. Availability

Correct Answer: C

32. Which model is also known as the Chinese Wall model?

A. Biba
B. Take-Grant
C. Harrison-Ruzzo-Ullman
D. Brewer-Nash

Correct Answer: D

33. Which of the following evaluates both integrity and availability?

A. Orange Book
B. Brown Book
C. Red Book
D. Purple Book

Correct Answer: B

34. What is the intent of the * property in the Bell- LaPadula model?

A. No upward read
B. No upward write
C. No downward read
D. No downward write

Correct Answer: D

35. What is the aim of the simple integrity rule in the Biba model?

A. No upward read
B. No upward write
C. No downward read
D. No downward write

Correct Answer: B

36. What can be used to bridge disparate mandatory access control (MAC) systems?

A. Labels
B. Reference monitor
C. Controls
D. Guards

Correct Answer: D

37. Which security operating mode best describes when a user must have a legitimate need to know for all data?

A. Dedicated
B. System high
C. Compartmented
D. Multilevel

Correct Answer: A

38. Which security model utilizes the “transformational procedures” (TLC) concept?

A. Biba
B. Clark-Wilson
C. Bell-LaPadula
D. Brewer-Nash

Correct Answer: B

39. As a security manager for a bank with 100 employees, all required to encrypt data using DES encryption, how many keys would be necessary?

A. 4950
B. 49.5
C. 99
D. 4900

Correct Answer: A

40. What is the best description of obtaining plaintext from ciphertext without a key?

A. Frequency analysis
B. Cryptanalysis
C. Decryption
D. Hacking

Correct Answer: B

41. Which attack type involves an attacker intercepting session keys and reusing them later?

A. Known plaintext attack
B. Ciphertext-only attack
C. Man-in-the-middle attack
D. Replay attack

Correct Answer: D

42. What is a drawback of symmetric encryption?

A. Key size
B. Speed
C. Key management
D. Key strength

Correct Answer: C

43. Which of the following doesn’t belong in the category of symmetric algorithms?

A. DES
B. RC5
C. AES
D. RSA

Correct Answer: D

44. Which type of attack happens when an attacker can intercept session keys and use them at a later time?

A. Known plaintext attack
B. Ciphertext-only attack
C. Man-in-the-middle attack
D. Replay attack

Correct Answer: D

45. Which is a drawback of symmetric encryption?

A. Key size
B. Speed
C. Key management
D. Key strength

Correct Answer: C

46. Which of the following is not a symmetric algorithm?

A. DES
B. RC5
C. AES
D. RSA

Correct Answer: D

47. In cryptography’s physical security context, which modules are predominantly employed in encrypting routers’ creation, implementation, and operation?

A. Cryptographic modules with a single chip
B. Stand-alone cryptographic modules with multiple chips
C. Cryptographic modules in software
D. Cryptographic modules in hardware

Correct Answer: A

48. Concerning cryptographic modules, which attack targets the hardware module’s operations without needing physical interaction with the module’s internal components?

A. Timing analysis attack
B. Noninvasive attack
C. Differential power analysis attack
D. Simple power analysis attack

Correct Answer: B

49. In terms of cryptography’s physical security, which modules are most commonly used in the production, implementation, and operation of adapters and expansion boards?

A. Single-chip cryptographic modules
B. Stand-alone cryptographic modules with multiple chips
C. Embedded cryptographic modules with multiple chips
D. Hardware cryptographic modules

Correct Answer: C

50. In cryptography, which of the following outwardly shows that a cryptographic module’s physical security has been compromised?

A. Tamper attempt
B. Tamper evidence
C. Tamper detection
D. Tamper response

Correct Answer: B

51. Which method studies the fluctuations in a cryptographic module’s electrical power consumption to extract information about cryptographic keys?

A. Timing analysis attack
B. Differential power analysis attack
C. Simple power analysis attack
D. Electromagnetic emanation attack

Correct Answer: B

52. Which of these physical security devices is approved for protecting nonsensitive and unclassified IT assets?

A. Smart cards
B. Memory cards
C. Hardware tokens
D. Physical tokens

Correct Answer: C

53. From a cryptographic module’s physical security perspective, tamper-evident seals or pick-resistant locks are placed on covers or doors to protect against unauthorized physical access to which of the following?

A. Environmental equipment
B. Critical security parameters
C. Configuration management system
D. Data center furniture

Correct Answer: B

You may also like: