CISSP CBK Review Final Exam Week 5
CISSP CBK Review Final Exam (Deandre Felder)
CISSP CBK Review Page 1
1. A risk is the likelihood of a threat agent taking advantage of a vulnerability to an information system. Risks left over after implementing safeguards is known as: A. Leftover risks B. Residual risks. C. Remaining risks. D. Exposures.
2. Copyright provides what form of protection:
A. Protects an author’s right to distribute his/her works.
B. Protects information that provides a competitive advantage.
C. Protects the right of an author to prevent unauthorized use of his/her works.
D. Protects the right of an author to prevent viewing of his/her works.
3. As an information systems security professional, what is the highest amount would you recommend to a corporation to invest annually on a countermeasure for protecting their assets valued at $1 million from a potential threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 10% : A. $100,000 B. $20,000.
C. $200,000 D. $40,000.
4. Which of the following describes the first step in establishing an encrypted session using a Data Encryption Standard (DES) key? A. Key clustering
B. Key compression
C. Key signing
D. Key exchange
5. In a typical information security program, what is the primary responsibility of information (data) owner? A. Ensure the validity and accuracy of data. B. Determine the information sensitivity or classification level. C. Monitor and audit system users. D. Ensure availability of data.
6. Which of the following is not a component of “chain of evidence??”
A. Location evidence obtained.
B. Time evidence obtained.
C. Who discovered the evidence? D. Identification of person who left the evidence.
7. When an employee transfers within an organization … A. The employee must undergo a new security review. B. The old system IDs must be disabled.
C. All access permission should be reviewed.
D. The employee must turn in all access devices.
CISSP CBK Review Page 1
1. A risk is the likelihood of a threat agent taking advantage of a vulnerability to an information system. Risks left over after implementing safeguards is known as: A. Leftover risks B. Residual risks. C. Remaining risks. D. Exposures.
2. Copyright provides what form of protection:
A. Protects an author’s right to distribute his/her works.
B. Protects information that provides a competitive advantage.
C. Protects the right of an author to prevent unauthorized use of his/her works.
D. Protects the right of an author to prevent viewing of his/her works.
3. As an information systems security professional, what is the highest amount would you recommend to a corporation to invest annually on a countermeasure for protecting their assets valued at $1 million from a potential threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 10% : A. $100,000 B. $20,000.
C. $200,000 D. $40,000.
4. Which of the following describes the first step in establishing an encrypted session using a Data Encryption Standard (DES) key? A. Key clustering
B. Key compression
C. Key signing
D. Key exchange
5. In a typical information security program, what is the primary responsibility of information (data) owner? A. Ensure the validity and accuracy of data. B. Determine the information sensitivity or classification level. C. Monitor and audit system users. D. Ensure availability of data.
6. Which of the following is not a component of “chain of evidence??”
A. Location evidence obtained.
B. Time evidence obtained.
C. Who discovered the evidence? D. Identification of person who left the evidence.
7. When an employee transfers within an organization … A. The employee must undergo a new security review. B. The old system IDs must be disabled.
C. All access permission should be reviewed.
D. The employee must turn in all access devices.