Professional Documents
Culture Documents
Textbook Cissp Official Practice Tests Mike Chapple Ebook All Chapter PDF
Textbook Cissp Official Practice Tests Mike Chapple Ebook All Chapter PDF
Chapple
Visit to download the full and correct content document:
https://textbookfull.com/product/cissp-official-practice-tests-mike-chapple/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
https://textbookfull.com/product/cissp-official-study-guide-mike-
chapple/
https://textbookfull.com/product/isc-%c2%b2-sscp-systems-
security-certified-practitioner-official-practice-tests-chapple/
https://textbookfull.com/product/comptia-cysa-practice-tests-
exam-cs0-002-2nd-edition-mike-chapple/
https://textbookfull.com/product/comptia-cysa-practice-tests-
exam-cs0-002-2nd-edition-mike-chapple-2/
(ISC)² CISSP certified information systems security
professional: official study guide Eighth Edition
Chapple
https://textbookfull.com/product/isc%c2%b2-cissp-certified-
information-systems-security-professional-official-study-guide-
eighth-edition-chapple/
https://textbookfull.com/product/isc-%c2%b2-ccsp-certified-cloud-
security-professional-official-practice-tests-2nd-edition-ben-
malisow/
https://textbookfull.com/product/oet-medicine-official-oet-
practice-book-1-for-tests-from-31-august-2019-1st-edition/
https://textbookfull.com/product/comptia-pentest-study-guide-
exam-pt0-001-1st-edition-mike-chapple/
https://textbookfull.com/product/comptia-cysa-study-guide-exam-
cs0-002-3rd-edition-mike-chapple/
(ISC)² CISSP
Certified Information Systems
Security Professional
Official Practice Tests
Second Edition
(ISC)² CISSP
Certified Information Systems
Security Professional
Official Practice Tests
Second Edition
For Scott Ksander, who taught me that disagreeing doesn’t mean that you
can’t be on the same page, for Joanna Grama who proved me wrong and
by doing so became a wonderful friend, and for Greg Hedrick who stood
between our team of security practitioners and the rest of the world so that
we could excel. Thank you all!
—DAS
Acknowledgments
The authors would like to thank the many people who made this book possible. Jim
Minatel at Wiley Publishing helped us extend the Sybex CISSP franchise to include this
new title and gain important support from the International Information Systems Security
Certification Consortium (ISC)2 . Carole Jelen, our agent, worked on a myriad of logistic
details and handled the business side of the book with her usual grace and commitment to
excellence. Aaron Krauss, our technical editor, pointed out many opportunities to improve
our work and deliver a high-quality final product. Jeff Parker’s technical proofing ensured
a polished product. Kelly Talbot served as developmental editor and managed the project
smoothly. Many other people we’ll never meet worked behind the scenes to make this book
a success.
About the Authors
Mike Chapple, PhD, CISSP, is an author of the best-selling CISSP (ISC)2 Certified
Information Systems Security Professional Official Study Guide (Sybex, 2018), now in its
eighth edition. He is an information security professional with two decades of experience in
higher education, the private sector, and government.
Mike currently serves as Associate Teaching Professor of IT, Analytics, and Operations
at the University of Notre Dame’s Mendoza College of Business. He previously served as
Senior Director for IT Service Delivery at Notre Dame, where he oversaw the information
security, data governance, IT architecture, project management, strategic planning, and
product management functions for the university.
Before returning to Notre Dame, Mike served as Executive Vice President and Chief
Information Officer of the Brand Institute, a Miami-based marketing consultancy. Mike
also spent four years in the information security research group at the National Security
Agency and served as an active duty intelligence officer in the U.S. Air Force.
He is a technical editor for Information Security Magazine and has written 20 books,
including Cyberwarfare: Information Operations in a Connected World (Jones & Bartlett,
2015), CompTIA Security+ Training Kit (Microsoft Press, 2013), and the CompTIA
Cybersecurity Analyst+ (CySA+) Study Guide (Wiley, 2017) and Practice Tests (Wiley, 2018).
Mike earned both his BS and PhD degrees from Notre Dame in computer science and
engineering. He also holds an MS in computer science from the University of Idaho and an
MBA from Auburn University. His IT certifications include the CISSP, Security+, CySA+,
CISA, and PMP credentials.
Mike provides books, video-based training, and free study groups for a wide variety of
IT certifications at his website, CertMike.com.
David Seidl, CISSP, is the Senior Director for Campus Technology Services at the
University of Notre Dame. In this role, David is responsible for central platform and
operating system support, virtualization, cloud operations, database administration and
services, identity and access management, application services, ERP administration,
and a host of other services. Prior to his current role, he was Notre Dame’s Director of
Information Security and taught a popular Networking and Security class in Notre Dame’s
Mendoza College of Business.
In addition to his professional and teaching roles, he has co-authored CompTIA
Security+ Training Kit (Microsoft Press, 2013), Cyberwarfare: Information Operations in
a Connected World (Jones & Bartlett, 2015), CISSP Official (ISC) 2 Practice Tests (Sybex,
2016), and CompTIA CySA+ Study Guide (Sybex, 2017), and he has served as the technical
editor for the sixth (Sybex, 2012), seventh (Sybex, 2015), and eighth (Sybex, 2018) editions
of CISSP Study Guide. David holds a bachelor’s degree in communication technology and a
master’s degree in information security from Eastern Michigan University, as well as CISSP,
GPEN, GCIH, and CySA+ certifications.
About the Technical Editor
Aaron Krauss began his career as a security auditor for U.S. federal government clients.
From there he moved into security risk management for healthcare and financial services,
which offered more opportunities to travel, explore, and eat amazing food around the
world. He currently works for a cyber-risk insurance startup in San Francisco and spends
his free time dabbling in cooking, cocktail mixology, and photography.
Contents at a Glance
Introduction xvii
Index 459
Contents
Introduction xvii
CISSP Certification
The CISSP certification is offered by the International Information System Security Certi-
fication Consortium, or (ISC)2, a global nonprofit organization. The mission of (ISC)2 is to
support and provide members and constituents with credentials, resources, and leadership to
address cyber, information, software, and infrastructure security to deliver value to society.
(ISC)2 achieves this mission by delivering the world’s leading information security certifi-
cation program. The CISSP is the flagship credential in this series and is accompanied by
several other (ISC)2 programs.
■■ Systems Security Certified Practitioner (SSCP)
■■ Certified Authorization Professional (CAP)
■■ Certified Secure Software Lifecycle Professional (CSSLP)
■■ HealthCare Information Security and Privacy Practitioner (HCISPP)
■■ Certified Cloud Security Professional (CCSP)
xviii Introduction
There are also three advanced CISSP certifications for those who want to move on from
the base credential to demonstrate advanced expertise in a domain of information security.
■■ Information Systems Security Architecture Professional (CISSP-ISSAP)
■■ Information Systems Security Engineering Professional (CISSP-ISSEP)
■■ Information Systems Security Management Professional (CISSP-ISSMP)
The CISSP certification covers eight domains of information security knowledge. These
domains are meant to serve as the broad knowledge foundation required to succeed in the
information security profession.
■■ Security and Risk Management
■■ Asset Security
■■ Security Architecture and Engineering
■■ Communication and Network Security
■■ Identity and Access Management (IAM)
■■ Security Assessment and Testing
■■ Security Operations
■■ Software Development Security
The CISSP domains are periodically updated by (ISC)2 . The most recent revision in
April 2018 changed the name of the Security Engineering domain to add Architecture. It
also added or expanded coverage of topics such as secure coding and cloud operations that
security professionals commonly encounter in modern security operations environments. It
also changed the names of other areas to reflect changes in common information security
topics and terminology.
Complete details on the CISSP Common Body of Knowledge (CBK) are contained in the
Exam Outline. It includes a full outline of exam topics, can be found on the (ISC)2 website
at www.isc2.org.
For either version of the exam, passing requires achieving a score of at least 700 out of
1,000 points. It’s important to understand that this is a scaled score, meaning that not every
question is worth the same number of points. Questions of differing difficulty may factor
into your score more or less heavily, and adaptive exams adjust to the test taker.
That said, as you work through these practice exams, you might want to use 70 percent as
a yardstick to help you get a sense of whether you’re ready to sit for the actual exam. When
you’re ready, you can schedule an exam at a location near you through the (ISC)2 website.
Questions on the CISSP exam are provided in both multiple-choice form and what
(ISC)2 calls advanced innovative questions, which are drag-and-drop and hotspot ques-
tions, both of which are offered in computer-based testing environments. Innovative
questions are scored the same as traditional multiple-choice questions and have only one
right answer.
After your first exam attempt, you must wait 30 days before retaking the computer-
based exam. If you’re not successful on that attempt, you must then wait 90 days before
your third attempt and 180 days before your fourth attempt. You may not take the exam
more than three times in a single calendar year.
Recertification Requirements
Once you’ve earned your CISSP credential, you’ll need to maintain your certification by
paying maintenance fees and participate in continuing professional education (CPE). As
long as you maintain your certification in good standing, you will not need to retake the
CISSP exam.
Currently, the annual maintenance fees for the CISSP credential are $85 per year.
Individuals who hold one of the advanced CISSP concentrations will need to pay an
additional $35 annually for each concentration they hold.
The CISSP CPE requirement mandates earning at least 40 CPE credits each year toward
the 120-credit 3-year requirement. (ISC)2 provides an online portal where certificate hold-
ers may submit CPE completion for review and approval. The portal also tracks annual
maintenance fee payments and progress toward recertification.
Introduction xxi
1
Management
(Domain 1)
2 Chapter 1 ■ Security and Risk Management (Domain 1)
2. Match the following numbered wireless attack terms with their appropriate lettered
descriptions:
Descriptions
A. An attack that relies on an access point to spoof a legitimate access point’s SSID and
Mandatory Access Control (MAC) address
B. An access point intended to attract new connections by using an apparently legitimate
SSID
C. An attack that retransmits captured communication to attempt to gain access to a
targeted system
D. The process of using detection tools to find wireless networks
3. Under the Digital Millennium Copyright Act (DMCA), what type of offenses do not
require prompt action by an internet service provider after it receives a notification of
infringement claim from a copyright holder?
A. Storage of information by a customer on a provider’s server
B. Caching of information by the provider
C. Transmission of information over the provider’s network by a customer
D. Caching of information in a provider search engine
4. FlyAway Travel has offices in both the European Union (EU) and the United States and
transfers personal information between those offices regularly. They have recently received
a request from an EU customer requesting that their account be terminated. Under the
General Data Protection Regulation (GDPR), which requirement for processing personal
information states that individuals may request that their data no longer be disseminated
or processed?
A. The right to access
B. Privacy by design
C. The right to be forgotten
D. The right of data portability
Chapter 1 ■ Security and Risk Management (Domain 1) 3
5. Which one of the following is not one of the three common threat modeling techniques?
A. Focused on assets
B. Focused on attackers
C. Focused on software
D. Focused on social engineering
6. Which one of the following elements of information is not considered personally identifi-
able information that would trigger most United States (U.S.) state data breach laws?
A. Student identification number
B. Social Security number
C. Driver’s license number
D. Credit card number
7. In 1991, the Federal Sentencing Guidelines formalized a rule that requires senior execu-
tives to take personal responsibility for information security matters. What is the name of
this rule?
A. Due diligence rule
B. Personal liability rule
C. Prudent man rule
D. Due process rule
8. Which one of the following provides an authentication mechanism that would be appropri-
ate for pairing with a password to achieve multifactor authentication?
A. Username
B. Personal identification number (PIN)
C. Security question
D. Fingerprint scan
9. What United States government agency is responsible for administering the terms of
privacy shield agreements between the European Union and the United States under the
EU GDPR?
A. Department of Defense
B. Department of the Treasury
C. State Department
D. Department of Commerce
10. Yolanda is the chief privacy officer for a financial institution and is researching privacy
issues related to customer checking accounts. Which one of the following laws is most
likely to apply to this situation?
A. GLBA
B. SOX
C. HIPAA
D. FERPA
4 Chapter 1 ■ Security and Risk Management (Domain 1)
11. Tim’s organization recently received a contract to conduct sponsored research as a govern-
ment contractor. What law now likely applies to the information systems involved in this
contract?
A. FISMA
B. PCI DSS
C. HIPAA
D. GISRA
12. Chris is advising travelers from his organization who will be visiting many different coun-
tries overseas. He is concerned about compliance with export control laws. Which of the
following technologies is most likely to trigger these regulations?
A. Memory chips
B. Office productivity applications
C. Hard drives
D. Encryption software
13. Bobbi is investigating a security incident and discovers that an attacker began with a normal
user account but managed to exploit a system vulnerability to provide that account with
administrative rights. What type of attack took place under the STRIDE threat model?
A. Spoofing
B. Repudiation
C. Tampering
D. Elevation of privilege
14. You are completing your business continuity planning effort and have decided that you
wish to accept one of the risks. What should you do next?
A. Implement new security controls to reduce the risk level.
B. Design a disaster recovery plan.
C. Repeat the business impact assessment.
D. Document your decision-making process.
15. Which one of the following control categories does not accurately describe a fence around
a facility?
A. Physical
B. Detective
C. Deterrent
D. Preventive
16. Tony is developing a business continuity plan and is having difficulty prioritizing resources
because of the difficulty of combining information about tangible and intangible assets.
What would be the most effective risk assessment approach for him to use?
A. Quantitative risk assessment
B. Qualitative risk assessment
Another random document with
no related content on Scribd:
in place. Concave cylinders are then employed in quarters until the
final results of +1.D. spherical, combined with -1.D. cylinder axis
180° is secured. This necessitates the change of but four cylindrical
lenses as shown in routine “A” as follows:
ROUTINE “A” ROUTINE “B”
(Made with minus cylinder) (Made with plus cylinder)
Sph. +1.D. Cyl. Axis Sph. +1.D. Cyl. Axis
Step 1 +1.D. = -.25 ax. 180° equal to +.75 = +.25 ax. 90°
Step 2 +1.D. = -.50 ax. 180° equal to +.50 = +.50 ax. 90°
Step 3 +1.D. = -.75 ax. 180° equal to +.25 = +.75 ax. 90°
Step 4 +1.D. = -1 ax. 180° equal to 0 +1 ax. 90°
Rigidity of Construction
Illustration on following page (Fig. 11a) shows the reinforced
double bearing arms which hold the Ski-optometer lens batteries at
two points. This eliminates possibility of the instrument getting out of
alignment, and prevents wabbling or loose working parts.
The broad horizontal slides shown in the cut, move in and out
independently so that the pupillary distance is obtained for each eye
separately by turning the pinioned handle on either side of the
instrument. The scale denotes in millimeters the P.D. from the
median line of the nose outward, the total of both scales being the
patient’s pupillary distance.
Fig. 11a also serves to show the staunch construction of the base
of the Ski-optometer.
Fig. 11a—Showing staunch construction
of Ski-optometer base.
The Phorometer
As previously stated, it is practically impossible to accurately
diagnose a case of muscular imbalance with trial-case prisms. For
this reason the phorometer forms an important part of the equipment
for muscle testing in the Ski-optometer, having proven both rapid and
accurate. It consists of two five-degree prisms with bases opposite,
each reflecting an object toward the apex or thin edge. The patient
whose attention is directed to the usual muscle-testing spot of light,
will see two spots.
Aside from the instrument itself, and in further explanation of the
phorometer’s principle and construction, when two five-degree
prisms are placed together so that their bases are directly opposite,
they naturally neutralize; when their bases are together, their
strength is doubled. Thus while the prisms of the phorometer are
rotating, they give prism values from plano to ten degrees, the same
being indicated by the pointer on the phorometer’s scale of
measurements.
As a guide in dark-room testing, it should be noted that the
handle of the phorometer in a vertical position is an indication that
the vertical muscles are being tested; if horizontal, the horizontal
muscles are undergoing the test.