CISSP - Questions with Answers
Advertisement Area

1. Which choice below is, NOT a type of motion-detection system?

  1. Ultrasonic-detection system
  2. Microwave-detection system
  3. Host-based intrusion-detection system
  4. Sonic-detection system

Answer: C

Hint: Host-based intrusion-detection systems are used to detect unauthorized logical access to network resources, not the physical presence of an intruder.

2. Which type of personnel control below helps prevent piggybacking?

  1. Mantraps
  2. Back doors
  3. Brute force
  4. Maintenance hooks

Answer: A

Hint: The other three answers are not personnel or physical controls but are technical threats or vulnerabilities. Answer B, back doors, commonly refers to Trojan Horses used covertly to give an attacker backdoor network access. Hackers install back doors to gain network access at a later time. Answer C, brute force, is a cryptographic attack attempting to use all combinations of key patterns to decipher a message. Answer D, maintenance hooks, are undocumented opening into an application to assist pogrammers with debugging. Although intended innocently, these can be exploited by intruders.

3. Which choice below most accurately describes the prime benefit of using guards ?

  1. Human guards are less expensive than guard dogs.
  2. Guards can exercise discretionary judgment in a way that automated systems can't.
  3. Automated systems have a greater reliability rate than guards.
  4. Guard dogs cannot discern an intruder's intent.

Answer: B

Hint: The prime advantage to using human guards is that they can exercise discretionary judgment when the need arises. For example, during an emergency guards can switch roles from access control to evacuation support, something guard dogs or automated systems cannot.

4. The recommended optimal relative humidity range for computer operations is:

  1. 10% - 30%
  2. 30% - 40%
  3. 40% - 60%
  4. 60% - 80%

Answer: C

Hint: 40% to 60% relative humidity is recommended for safe computer operations. Too low humidity can create static discharge problems, and too high humidity can create condensation and electrical contact problems.

5. How many times should a diskette be formatted to comply with TCSEC Orange Book object reuse recommendations?

  1. Three
  2. Five
  3. Seven
  4. Nine

Answer: C

Hint: Most computer certification and accreditation standards recommend that diskettes be formatted seven times to prevent any possibility of data remanence.

6. Which of the following more closely describes the combustibles in a Class B-rated fire?

  1. Paper
  2. Gas
  3. Liquid
  4. Electrical

Answer: C

Hint: Paper is described as a common combustible and is therefore rated a class A fire. An electrical fire is rated Class C. Gas is not defined as a combustible.

7. Which of the following is NOT the proper suppression medium for a Class B fire?

  1. CO2
  2. Soda Acid
  3. Halon
  4. Water

Answer: D

Hint: Water is not a proper suppression medium for a class B fire. The other three are commonly used.

8. What does an audit trail or access log usually Not record?

  1. How often a diskette was formatted
  2. Who attempted access
  3. The data and time of the access attempt
  4. Wheather the attempt was successful

Answer: A

Hint: The other three answers are common elements of an access log or audit trail.

9. A brownout can be defined as a :

  1. Prolonged power loss
  2. Momentary low voltage
  3. Prolonged low voltage
  4. Momentary high voltage

Answer: C

Hint: Answer A, prolonged power loss, is a blackout; answer B, momentary low voltage, is a sag; and D, momentary high voltage, is a spike.

10. Which statement below is NOT accurate about smoke damage to electronic equipment?

  1. Smoke exposure during a fire fo a relativelty short period does little immediate damage.
  2. Continuing power to the smoke-exposed equipment can increase the damage.
  3. Moisture and oxygen corrosion constitute the main damage to the equipment.
  4. The primary damage done by smoke exposure is immediate.

Answer: D

Hint: Immediate smoke exposure to electronic equipment does little damage. However, the particulate residue left after the smoke has dissipated contains active by-products that corrode metal contact surfaces in the presence of moisture and oxygen.

11. A surge cab be defined as a(n):

  1. Prolonged high voltage
  2. Initial surge of power at start
  3. Momentary power loss
  4. Steady interfering disturbance

Answer: A

Hint: Answer B, initial surge of power at start or power on, is called an inrush; C, momentary power loss, is a fault; and D, a steady interfering disturbance, is called noise.

12. Which is Not a Type of a fire detector?

  1. Heat-sensing
  2. Gas-discharge
  3. Flame-actuated
  4. Smoke-actuated

Answer: B

Hint: Gas-discharge is a type of fire extinguishing system, not a fire detection system.

13. Which of the following is NOT considered an acceptable replacement for Halon discharge systems?

  1. FA200
  2. Inergen (IG541)
  3. Halon 1301
  4. Argon (IG55)

Answer: C

Hint: Existing installations are encourged to replace Halon 1301 with one of the substitutes listed.

14. Which type of fire extinguishing method contains standing water in the pipe and therefore generally does not enable a manual shutdown of systems before discharge?

  1. Dry pipe
  2. Wet pipe
  3. Preaction
  4. Deluge

Answer: B

Hint: The other three are variations on a dry pipe discharge method with the water not standing in the pipe until a fire is detected.

15. Which type of control below is NOT an example of a physical security access control?

  1. Retinal scanner
  2. Guard dog
  3. Five-key programmable lock
  4. Audit trail

Answer: D

16. Which is NOT a recommended way to dispose of unwanted used data media ?

  1. Destroying CD-ROMs
  2. Formatting diskettes seven or more times
  3. Shredding paper reports by cleared personnel
  4. Copying new data over existing data on diskettes

Answer: D

Hint: While this method might overwrite the older files, recoverable data might exist past the file end marker of the new file if the new data file is smaller than the older data file.

17. According to the NFPA, which choice below is NOT a recommended risk factor to consider when determing the need for protecting the computing environment from fire?

  1. Life safety aspects of the computing function or process
  2. Fire threat of the instllation to occupants or exposed property
  3. Distance of the computing facility from a fire station
  4. Economic loss of the equipment's value

Answer: C

Hint: While the distance of the computing facility from a fire station should be considered when initially determining the physical location of a computing facility (as should police and hospital proximity), it is not considered a primary factor in determining the need for internal fire suppression systems.

18. Which choice below is NOT an example of a Halocarbon Agent?

  1. HFC-23
  2. FC-3 -1-10
  3. IG-541
  4. HCFC-22

Answer: C

Hint: IG-541 is an inert gas agent, not a halocarbon agent.

19. Which statement below most accurately describes a dry pipe sprinkler system?

  1. Dry pipe is the most commonly used sprinkler system.
  2. Dry pipe contains air pressure.
  3. Dry pipe sounds an alarm and delays water release.
  4. Dry pipe may contain carbon dioxide.

Answer: B

Hint: In a dry pipe system, air pressure is maintained until the sprinkler head seal is ruptured. Answer A is incorrect; wet pipe is the most commonly used sprinkler system, dry pipe is second. Answer C describes a preaction pipe, which sounds an alarm and delays the water release. A preaction pipe may or may not be a dry pipe, but not all dry pipes are preaction. Answer D is incorrect because a dry pipe is a water release system.

20. The theft of a laptop poses a threat to which tenet of the C.I.A. triad?

  1. Confidentiality
  2. Integrity
  3. Availability
  4. All of the above

Answer: D

Hint: Confidentiality, because the data can now be read by someone outside of a monitored environment; availability, because the user has lost the computing ability provided by the unit; and integrity, because the data residing on and any telecomminications from the portable are now suspect.

21. Which is a benefit of a guard over an automated control?

  1. Guards can use discriminating judgement.
  2. Guards are cheaper.
  3. Guards do not need training
  4. Guards do not need preemployment screening

Answer: A

Hint: Guards can use discriminating judgement. Guards are typically more expensive than automated controls, need training as to the protection requirements of the specific site, and need to be screened and bonded.

22. Which is NOT considered a preventative security measure?

  1. Fences
  2. Guards
  3. Audit trails
  4. Preset locks

Answer: C

Hint: Audit trails are detective, rather than preventative, because they are used to piece together the information of an intrusion or intrusion attempt after the fact.

23. Which is NOT a PC security control device?

  1. A cable lock
  2. A switch control
  3. A port control
  4. A file cabinet lock

Answer: D

Hint: A cable lock is used to attach the PC to a desk; a switch control is used to prevent powering off of a unit; and a port control (such as a diskette drive lock) is used to prevent data from being downloaded from the PC.

24. Which choice below is NOT an example of a clean fire-extinguishing agent?

  1. CO2
  2. IG-55
  3. IG-01
  4. HCFC-22

Answer: A

Hint: CO2 carbon dioxide, leaves a corrosive residue, and is therefore not recommended for computer facility fire suppression systems.

25. What is the recommended height of perimeter fencing to keep out casual trespassers?

  1. 1' to 2' high
  2. 3' to 4' high
  3. 6' to 7' high
  4. 8' to 12' high

Answer: B

Hint: 3' to 4' high fencing is considered minimal protection, for restriicting only casual trespassers. Answers C and D are better protection against intentional intruders.

26. Why should extensive exterior perimeter lighting of entrances or parking areas to be installed?

  1. To enable programmable locks to be used
  2. To create two-factor authentication
  3. To discourage prowlers or casual intruders
  4. To prevent data remanence

Answer: C

Hint: The other answers have nothing to do with lighting.

27. Which of the following is NOT a form of data erasure?

  1. Clearing
  2. Remanence
  3. Purging
  4. Destruction

Answer: B

Hint: Clearing refers to the overwriting of data media intended to be reused in the same organization. Purging refers to degaussing or overwriting media intended to be removed from the organization. Destruction refers to completely destroying the media.

28. Which is NOT considered a physical intrusion detection method?

  1. Audio motion detector
  2. Photoelectric sensor
  3. Wave pattern motion detector
  4. Line supervision

Answer: D

Hint: Line supervision is the monitoring of the alarm signaling transmission medium to detect tampering. Audio detectors monitor a room for any abnormal soundwave generation. Photoelectric sensors receive a beam of light from a light-emitting device. Wave pattern motion detectors generate a wave pattern and send an alarm if the pattern is disturbed.

29. Which choice below represents the BEST reason to control the humidity in computer operations areas?

  1. Computer operators do not perform at their peak if the humidity in high.
  2. Electrostatic discharges can harm electronic equipment.
  3. Static electricity destroys the electrical efficiency of the circuits.
  4. If the air is too dry, electroplating of conductors may occur

Answer: B

Hint: Electrostatic discharges from static electricity can damage senstive electronic equipment, even in small amounts.

30. Which term below refers to a standard used in determining the fire safety of a computer room ?

  1. Non-combustible
  2. Fire-resistant
  3. Fire-retardant
  4. Non-flammable

Answer: B

Hint: Answer A, non-combustible, means material that will not aid or add appreciable heat to an ambient fire. Answer C, fire retardant, describes material that lessens or prevents the spread of a fire. Fire retardant coatings are designed to protect materials from fire exposure damage. Answer D, non-flammable, describes material that will not burn.

Suggested Read Articles:
Contents/Index
  1. Chapter 1 (30 Questions)
  2. Chapter 2 (30 Questions)
  3. Chapter 3 (46 Questions)
  4. Chapter 4 (35 Questions)
  5. Chapter 5 (34 Questions)
  6. Chapter 6 (30 Questions)
  7. Chapter 7 (30 Questions)
  8. Chapter 8 (32 Questions)
  9. Chapter 9 (30 Questions)
  10. Chapter 10 (30 Questions)
  11. Chapter 11 (30 Questions)
  12. Chapter 12 (30 Questions)
  13. Chapter 13 (30 Questions)
  14. Chapter 14 (30 Questions)
Advertisement Area