Professional Documents
Culture Documents
FROM CISSP
FROM CISSP
1. Which of the following contains the primary goals and objectives of security?
2. Vulnerabilities and risks are evaluated based on their threats against which of the
following?
3. Which of the following is a principle of the CIA Triad that means authorized subjects are
A. Identification C. Encryption
B. Availability D. Layering
7. If a security mechanism offers availability, then it offers a high level of assurance that
B. Audit D. Repudiate
A. Seclusion C. Privacy
B. Concealment D. Criticality
9. All but which of the following items requires awareness for all individuals affected?
12. Which of the following is the most important and distinctive concept in relation to layered
security?
A. Multiple D. Filter
C. Parallel B. Series
Chapter Two
B. The process by which the goals of risk D. An asset is anything used in a business
management are achieved is known as risk process or task.
analysis.
9. Which of the following would generally not be considered an asset in a risk analysis?
B. Risks D. Breaches
11. When a safeguard or a countermeasure is not present or is not sufficient, what remains?
A. Vulnerability C. Risk
B. Exposure D. Penetration
17. What process or event is typically hosted by an organization and is targeted to groups of
A. Education C. Training
B. Awareness D. Termination
18. Which of the following is not specifically or directly related to managing the security
function of an organization?
B. Metrics D. Budget
Chapter Three
1. What is the first step that individuals responsible for the development of a business
continuity plan should perform?
2. Once the BCP team is selected, what should be the first item placed on the team’s agenda?
3. What is the term used to describe the responsibility of a firm’s officers and directors to
ensure that adequate measures are in place to minimize the effect of a disaster on the
4. What will be the major resource consumed by the BCP process during the BCP phase?
B. Software D. Personnel
16. In which business continuity planning task would you actually design procedures and
18. What type of plan outlines the procedures to follow when a disaster interrupts the normal
operations of a business?
Chapter Four
1. Which criminal law was the first to implement penalties for the creators of viruses, worms,
and other types of malicious code that cause harm to computer system(s)?
2. Which law first required operators of federal interest computer systems to undergo periodic
3. What type of law does not require an act of Congress to implement at the federal level but
rather is enacted by the executive branch in the form of regulations, policies, and procedures?
4. Which federal government agency has responsibility for ensuring the security of government
computer systems that are not used to process sensitive and/or classified information?
D. Secret Service