CISSP - Questions with Answers
Advertisement Area

1. What is a data warehouse?

  1. A remote facility used for storing backup tapes
  2. A repository of information from heterogeneous databases
  3. A table in a relational database system
  4. A hot backup building

Answer: B

Hint: The correct answer is B, a repository of information from heterogeneous databases. Answers A and D describe physical facilities for backup and recovery of information systems, and answer C describes a relation in a relational database.

2. What does normalizing data in a data warehouse mean ?

  1. Redundant data is removed.
  2. Numerical data is divided by a common factor.
  3. Data is converted to a symbolic representation
  4. Data is restricted to a range of values.

Answer: A

Hint: The correct answer is A, removing redundant data.

3. What is a neural network ?

  1. A hardware or software system that emulates the reasoning of a human expert
  2. A collection of computers that are focused on medical applications
  3. A series of networked PCs performing artificial intelligence tasks
  4. A hardware or software system that emulates the functioning of biological neurons

Answer: D

Hint: The correct answer is D. A neural network is a hardware or software system that emulates the functioning of biological neurons. Answer A refers to an expert system, and answers B and C are distracters.

4. A neural network learns by using various algorithms to:

  1. Adjust the weights applied to the data
  2. Fire the rules in the knowledge base
  3. Emulate an inference engine
  4. Emulate the thinking of an expert

Answer: A

Hint: The correct answer is "A neural network learns by using various algorithms to adjust the weights applied to the data." Answers B, C and D are terminology referenced in expert systems.

5. The SEI Software Capability Maturity Model is based on the premise that:

  1. Good software development is a function of the number of expert programmers in the organization.
  2. The maturity of an organization's software processes cannot br measured.
  3. The quality of a software product is a direct function of the quality of its associated software development and maintenance processes.
  4. Software development is an art that cannot be measured by conventional means.

Answer: C

Hint: The correct answer is C. The quality of a software product is a direct function of the quality of its associated software development and maintenance processes. Answer A is false because the SEI Software CMM relates the production of good software to having the proper processes in place in an organization and not to expert programs or heroes. Answer B is false because the Software CMM provides means to measure the maturity of an organization's software processes. Answer D is false for the same reason as answer B.

6. In configuration management, a configuration item is :

  1. The version of the operating system that is opertaing on the workstation that provides information security services
  2. A component whose state is to be recorded and against which changes are to be progressed
  3. The network architecture used by tne organization
  4. A series of files contain sensitive information

Answer: B

Hint: The correct answer is B, a component whose state is to be recorded and against which changes are to be progressed. Answers A, C, and D are incorrect by the definition of a configuration item.

7. In an object-oriented system, polymorphism denotes:

  1. Objects of many different classes that are related by some common superclass; thus, any object denoted by this name can respond to some common set of operations in a different war.
  2. Objects of many different classes that are related by some common superclass; thus. all objects denoted by this name can respond to some connon set of operations in identical fashion.
  3. Objects of the same class; thus, any object denoted by this name can respond to some common set of operations in the same way.
  4. Objects of many different classes that are unrelated but respond to some common set of operations in the same way.

Answer: A

Hint: The correct answer is a, objects of many different classes that are related by some common superclass that are able to respond to some common set of operations in a different way. Answers B, C, and D are incorrect by the definition of polymorphism.

8. The simplistic model of software life cycle development assumes that :

  1. Iteration will be required among the steps in the process.
  2. Each step can be completed and finalized without any effect from the later stages that might require rework.
  3. Each phase is identical to a completed milestone.
  4. Software development requires reworking and repeating some of the phases.

Answer: B

Hint: The correct answer is B. Each step can be completed and finalized without any effect from the later stages that might require rework. Answer A is incorrect because no iteration is allowed for in the model. Answer C is incorrect because it applies to the modified Waterfall model. Answer D is incorrect because no iteration or reworking is considered in the model.

9. What is a method in an object-oriented system ?

  1. The means of communication among objects
  2. A guide to the programming of objects
  3. The code defining the actions that the object performs in response to a message
  4. The situation where a class inherits the behavioral characteristics of more that one parent class

Answer: C

Hint: The correct answer is C. A method in an object-oriented system is the code that defines the actions that the object performs in response to a message. Answer A is incorrect because it defines a message. Answer B is a distracter, and answer D refers o multiple inheritance.

10. What does the Spiral model depict ?

  1. A spiral that incorporates various phases of software development
  2. A spiral that models the behavior of biological neurons
  3. The operation of expert systems
  4. Information security checklists

Answer: A

Hint: The correct answer is A - a spiral that incorporates various phases of software development. The other answers are distracters.

11. In the software life cycle, verification:

  1. Evaluates the product in development against real-world requirements
  2. Evaluates the product in development against similar products
  3. Evaluates the product in development against general baselines
  4. Evaluates the product in development against the specification

Answer: D

Hint: The correct answer is D. In the software life cycle, verification evalutes the product in development against the specification. Answer A defines validation. Answer B and C are distracters

12. In the software life cycle, validation:

  1. Refers to the work product satisfying the real-world requirements and concepts.
  2. Refers to the work product satisfying derived specifications.
  3. Refers to the work product satisfying software maturity levels.
  4. Refers to the work product satisfying generally accepted pripciples.

Answer: A

Hint: The correct answer is A. In the software life cycle, validation is the work product satisfying the real-world requirements and concepts. The other answers are distracters.

13. In the modified Waterfall model:

  1. Unlimited backward iteration is permitted.
  2. The model was reinterpreted to have phases end at project milestones.
  3. The model was reinterpreted to have phases begin at project milestones.
  4. Product verification and validation are not included.

Answer: B

Hint: The correct answer is B. The modified Waterfall model was reinterpreted to have phases end at project milestones. Answer A is false because unlimited backward iteration is not permitted in the modified Waterfall model. Answer C is a distracter, and answer D is false because verification and validation are included.

14. Cyclic redundancy checks, structured walk-throughs, and hash totals are examples of what type of application controls ?

  1. Preventive security controls
  2. Preventive consistency controls
  3. Detective accuracy controls
  4. Corrective consistency controls

Answer: C

Hint: The correct answer is C. Cyclic redunadancy checks, structured walkthroughs, and hash totals are examples of detective accuracy controls. The other answers do not apply by the definition of the types of controls.

15. In a system life cycle, information security controls should be :

  1. Designed during the product implementation phase
  2. Implemented prior to validation
  3. Part of the feasibility phase
  4. Specified after the coding phase

Answer: C

Hint: The correct answer is C. In the system life cycle, information security controls should be part of the feasibility phase. The other answers are incorrect because the basic premise of information system security is that controls should be included in the earliest phases of the software life cycle and not added later in the cycle or as an afterthought.

16. The software maintenance phase controls consists of:

  1. Request contol, change control, and release control
  2. Request control, configuration control, and change control
  3. Change control, security control, and access control
  4. Request control, release control, and access control

Answer: A

Hint: The correct answer is A. The software maintenance phase controls consist of request control, change control, and release control by definition. The other answers are, therefore, incorrect.

17. In configuration management, what is a software library?

  1. A set of versions of the component configuration items
  2. A controlled area accessible only to approved users who are restricted to the use of an approved procedure
  3. A repository of backup tapes
  4. A collection if software build lists

Answer: B

Hint: The correct is answer is B. In configuration, a software library is a controlled area accessible only to approved users who are restricted to the use of approved procedure. Answer A is incorrect because it defines a build list. Answer C is incorrect because it defines a backup storage facility. Answer D is a distracter.

18. What is configuration control ?

  1. Identifying and documenting the functional and physical characteristics of each configuration item
  2. Controlling changes to the configuration items and issusing versions of configuration items from the software library
  3. Recording the processing of changes
  4. Controlling the quality of the configuration management procedures

Answer: B

Hint: The correct answer is B. Configuration control is controlling changes to the configuration items and issuing versions of configuration items from the software library. Answer A is the definition of configuration identification. Answer C is the definition of configuration status accounting, and answer D is the definition of configuration audit.

19. What is searching for data correlations in the data warehouse called ?

  1. Data warehousing
  2. Data mining
  3. A data dictionary
  4. Configuration management

Answer: B

Hint: The correct answer is B. Searching for data correlations in the data warehouse is called data mining. Answer A is incorrect because data warehousing is creating a repository of information from heterogeneous databases that is available to users for making queries. Answer C is incorrect because a data dictionary is a database for system developers. Answer D is incorrect because configuration management is the discipline of identifying the components of a continually evolving system for the purposes of controlling changes to those components and maintaining integrity and traceability throughout the life cycle.

20. The security term that is concerned with the same primary key existing at different classification levels in the same database is:

  1. Polymorphism
  2. Normalization
  3. Inheritance
  4. Polyinstantiation

Answer: D

Hint: The correct answer is D. The security term that is concerned with the same primary key existing at different classification levels in the same database is polyinstantiation. Answer A is incorrect because polymorphism is defined as objects of many different classes that are related by some common superclass; thus, any object denoted by this name is able to respond to some common set of operations in a different way. Answer B is incorrect because normalization refers to removing redundant or incorrect data from a database. Answer C is incorrect because inheritance refers to methods from a class inherited by another subclass.

21. What is a data dictionary?

  1. A database for system developers
  2. A database of security terms
  3. A library of objects
  4. A validaion reference source

Answer: A

Hint: The correct answer is A. A data dictionary is a database for system developers. Answers B, C and D are distracters.

22. Which of he following is an example of mobile code ?

  1. Embedded code in control system
  2. Embedded code in PCs
  3. Java and ActiveX code downloaded into a Web browser from the World Wide Web (WWW)
  4. Code derived following the Spiral model

Answer: C

Hint: The correct answer is C. An example of mobile code is Java and ActiveX code downloaded into a Web browser from the World Wide Web. Answers A, B, and D are incorrect because they are types of code that are not related to mobile code.

23. Which of the following is NOT true regarding software unit testing ?

  1. The test data is part of the specifications.
  2. Correct test output results should be developed and known beforehand.
  3. Live or actual field data is recommended for use in the testing procedures.
  4. Testing should check for out-of-range values and other bounds conditions.

Answer: C

Hint: The correct answer is C. Live or actual field data are NOT recommended for use in testing because they do not thoroughly test all normal and abnormal situations and the test results are not known beforehand. Answers A, B, and D are true of testing.

24. The definition "the science and art of specifying, designing, implementing, and evolving programs, documentation, and operating procedures whereby computers can be made useful to man" is that of:

  1. Structured annalysis/structured design (SA/SD)
  2. Software engineering
  3. An object-oriented system
  4. Functional programming

Answer: B

25. In software engineering, the term verification is defined as :

  1. To establish the truth of correspondence between a software product and its specification
  2. A complete, validated specification of the required functions, interfaces, and perforance for the software product
  3. To establish the fitness or worth of a software product for its operational mission
  4. A complete, verified specification of the overall hardware-software architecture, control structure for he product

Answer: A

26. The discipline of identifying the components of a continually evolving system for the purposes of controlling changes to those components and maintaining integrity and traceability throughout the life cycle is called:

  1. Change control
  2. Request control
  3. Release control
  4. Configuration management

Answer: D

Hint: This is demonstrated in Configuration of computer-based systems, British Standards Institution, 1984. Answers A, B, and C are components of the maintenance ativity of software life cycle models. In general, one can look at the maintenance phase as the progression from request control, though change control to release control. Answer B, request control, is involved wih the users' requests for changes to the software. Change Control, answer A, involves the analysis and understandinh of the existing code, the design of changes, and the corresponding test procedures. Answer C, release control, involves deciding which requests are to be implemented in the new release, performing the changes, and conducting testing.

27. The basic version of the Construction Cost Model (COCOMO), which proposes quantitative life cycle relationships, performs what function ?

  1. Estimates software development effort based on user function categories
  2. Estmates software development effort and cost as a function of the size of the software product in source instructions
  3. Estimates software development effort and cost as a function of the size of the software product in source instructions modified by manpower buildup and productivity factors
  4. Estimates software development effort and cost as a function of the sixe of the softwarw product in source instructions modified by hardware and input functions

Answer: B

28. A refinement to the basic Waterfall model that states that software should be developed in increments of functional capability is called:

  1. Functional refinement
  2. Functional development
  3. Incremental refinement
  4. Incremental development

Answer: D

Hint: The advantages of incremental development include the ease of testing increments of functional capability and the opportunity to incorporate user experience into a successively refined product. Answers A, B, and C are distracters.

29. The Spiral model of the software development process (B.W.Boehm, "A Spiral Model of Software Development and Enhancement," IEEE Computer, May 1988) usesthe following metric relative to the spiral:

  1. The radial dimension represents the cost of each phase.
  2. The radial dimension represents progress made in completing each cycle.
  3. The angular dimension represents cumulative cost.
  4. The radial dimension represents cumulative cost.

Answer: D

Hint: The radial dimension represents cumulative cost and the angular dimension represents progress made in completing each cycle of the spiral.

30. In the Capability Maturity Model (CMM) for software, the definition "describes the range of expected results that can be achieved by following a software process" is that of:

  1. Structured analysis/structured design (SA/SD)
  2. Software process capability
  3. Software process performance
  4. Software process maturity

Answer: B

Hint: A software process is a set of activities, methods, and practices that are used to develop and maintain software and associated products. Software process capability is a means of predicting the outcome of the next software project conducted by an organization. Answer C, software process performance, is the result achieved by following a software process. Thus, software capability is aimed at expected results while software performance is focused on results that have been achieved.

Suggested Read Articles:
Contents/Index
  1. Chapter 1 (30 Questions)
  2. Chapter 2 (30 Questions)
  3. Chapter 3 (46 Questions)
  4. Chapter 4 (35 Questions)
  5. Chapter 5 (34 Questions)
  6. Chapter 6 (30 Questions)
  7. Chapter 7 (30 Questions)
  8. Chapter 8 (32 Questions)
  9. Chapter 9 (30 Questions)
  10. Chapter 10 (30 Questions)
  11. Chapter 11 (30 Questions)
  12. Chapter 12 (30 Questions)
  13. Chapter 13 (30 Questions)
  14. Chapter 14 (30 Questions)
Advertisement Area