![MCQs [2024]](https://engineeringinterviewquestions.com/wp-content/uploads/2021/02/Interview-Questions-2.png)
CISSP Online Test and Answers Pdf Download :-
These are very useful & Most Asked Questions in your certification Exam. Read all Online Mock Test Exam Question Bank for Beginners Freshers & Experienced.
1. When an attacker sends unsolicited communication, it is an example of:
A. Spoofing
B. Spamming
C. Crackers
D. Sniffers
Answer:- B
2. Masquerading is:
A. Attempting to hack a system through backdoors to an operating system or application
B. Pretending to be an authorized user
C. Always done through IP spoofing
D. Applying a subnet mask to an internal IP range
Answer:- B
3. Integrity is protection of data from all of the following EXCEPT:
A. Unauthorized changes
B. Accidental changes
C. Data analysis
D. Intentional manipulation
Answer:- C
4. A security program cannot address which of the following business goals?
A. Accuracy of information
B. Change control
C. User expectations
D. Prevention of fraud
Answer:- A
5. In most cases, integrity is enforced through :
A. Physical security
B. Logical security
C. Confidentiality
D. Access controls
Answer:- D
6. A “well-formed transaction” is one that:
A. Has all the necessary paperwork to substantiate the transaction.
B. Is based on clear business objectives.
C. Ensures that data can be manipulated only by a specific set of programs.
D. Is subject to duplicate processing.
Answer:- C
7. In an accounting department, several people are required to complete a financial process. This is most likely an example of:
A. Segregation of duties
B. Rotation of duties
C. Need-to-know
D. Collusion
Answer:- A
8. Risk Management is commonly understood as all of the following EXCEPT:
A. Analyzing and assessing risk
B. Identifying risk
C. Accepting or mitigation of risk
D. Likelihood of a risk occurring
Answer:- D
9. The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as:
A. Exposure Factor (EF)
B. Annualized Rate of Occurrence (ARO)
C. Vulnerability
D. Likelihood
Answer:- A
10. The absence of a fire-suppression system would be best characterized as a(n):
A. Exposure
B. Threat
C. Vulnerability
D. Risk
Answer:- C
11. Risk Assessment includes all of the following EXCEPT:
A. Implementation of effective countermeasures
B. Ensuring that risk is managed
C. Analysis of the current state of security in the target environment
D. Strategic analysis of risk
Answer:- A
12. A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?
A. Automated tools
B. Adoption of qualitative risk assessment processes
C. Increased reliance on internal experts for risk assessment
D. Recalculation of the work factor
Answer:- A
13. Data classification can assist an organization in:
A. Eliminating regulatory mandates
B. Lowering accountability of data classifiers
C. Reducing costs for protecting data
D. Normalization of databases
Answer:- C
14. Who “owns” an organization’s data?
A. Information technology group
B. Users
C. Data custodians
D. Business units
Answer:- D
15. An information security policy does NOT usually include:
A. Authority for information security department
B. Guidelines for how to implement policy
C. Basis for data classification
D. Recognition of information as an asset of the organization
Answer:- B
16. The role of an information custodian should NOT include:
A. Restoration of lost or corrupted data
B. Regular backups of data
C. Establishing retention periods for data
D. Ensuring the availability of data
Answer:- C
17. A main objective of awareness training is:
A. Provide understanding of responsibilities
B. Entertaining the users through creative programs
C. Overcoming all resistance to security procedures
D. To be repetitive to ensure accountability
Answer:- A
18. What is a primary target of a person employing social engineering?
A. An individual
B. A policy
C. Government agencies
D. An information system
Answer:- A
19. Social engineering can take many forms EXCEPT:
A. Dumpster diving
B. Coercion or intimidation
C. Sympathy
D. Eavesdropping
Answer:- D
20. Incident response planning can be instrumental in:
A. Meeting regulatory requirements
B. Creating customer loyalty
C. Reducing the impact of an adverse event on the organization
D. Ensuring management makes the correct decisions in a crisis
Answer:- C
CISSP Objective type Questions with Answers
31) Asymmetric key cryptography is used for all of the following except:
A. Encryption of data
B. Access control
C. Nonrepudiation
D. Steganography
Answer:- D
32) The most common forms of asymmetric key cryptography include
A. Diffie–Hellman
B. Rijndael
C. Blowfish
D. SHA-256
Answer:- A
33) What is an important disadvantage of using a public key algorithm compared to a symmetric algorithm?
A. A symmetric algorithm provides better access control.
B. A symmetric algorithm is a faster process.
C. A symmetric algorithm provides nonrepudiation of delivery.
D. A symmetric algorithm is more difficult to implement.
Answer:- B
34) When a user needs to provide message integrity, what options may be best?
A. Send a digital signature of the message to the recipient
B. Encrypt the message with a symmetric algorithm and send it
C. Encrypt the message with a private key so the recipient can decrypt with the corresponding public key
D. Create a checksum, append it to the message, encrypt the message, then send to recipient.
Answer:- D
35) A certificate authority provides what benefits to a user?
A. Protection of public keys of all users
B. History of symmetric keys
C. Proof of nonrepudiation of origin
D. Validation that a public key is associated with a particular user
Answer:- D
36) What is the output length of a RIPEMD-160 hash?
A. 160 bits
B. 150 bits
C. 128 bits
D. 104 bits
Answer:- A
37) ANSI X9.17 is concerned primarily with
A. Protection and secrecy of keys
B. Financial records and retention of encrypted data
C. Formalizing a key hierarchy
D. The lifespan of key-encrypting keys (KKMs)
Answer:- A
38) When a certificate is revoked, what is the proper procedure?
A. Setting new key expiry dates
B. Updating the certificate revocation list
C. Removal of the private key from all directories
D. Notification to all employees of revoked keys
Answer:- B
39) What is not true about link encryption?
A. Link encryption encrypts routing information.
B. Link encryption is often used for Frame Relay or satellite links.
C. Link encryption is suitable for high-risk environments.
D. Link encryption provides better traffic flow confidentiality.
Answer:- C
40) A_________ is the sequence that controls the operation of the cryptographic algorithm .
A. Encoder
B. Decoder wheel
C. Cryptovariable
D. Cryptographic routine
Answer:- C
41) The process used in most block ciphers to increase their strength is
A. Diffusion
B. Confusion
C. Step function
D. SP-network
Answer:- D
42) The two methods of encrypting data are
A. Substitution and transposition
B. Block and stream
C. Symmetric and asymmetric
D. DES and AES
Answer:- C
43) Cryptography supports all of the core principles of information security except
A. Availability
B. Confidentiality
C. Integrity
D. Authenticity
Answer:- D
44) A way to defeat frequency analysis as a method to determine the key is to use
A. Substitution ciphers
B. Transposition ciphers
C. Polyalphabetic ciphers
D. Inversion ciphers
Answer:- C
45) The running key cipher is based on
A. Modular arithmetic
B. XOR mathematics
C. Factoring
D. Exponentiation
Answer:- A
46) The only cipher system said to be unbreakable by brute force is
A. AES
B. DES
C. One-time pad
D. Triple DES
Answer:- C
47) Messages protected by steganography can be transmitted to
A. Picture files
B. Music files
C. Video files
D. All of the above
Answer:- D
48) a significant action has a state that enables actions on an ADP system to be traced to individuals who may then be held responsible. The action does NOT include :
A. Violations of security policy.
B. Attempted violations of security policy.
C. Non-violations of security policy.
D. Attempted violations of allowed actions.
Answer:- D
49) Which of the following embodies all the detailed actions that personnel are required to follow?
A. Standards
B. Guidelines
C. Procedures
D. Baselines
Answer:- C
50) which of the following choices is NOT part of a security policy?
A. definition of overall steps of information security and the importance of security
B. statement of management intend, supporting the goals and principles of information security
C. definition of general and specific responsibilities for information security management
D. .description of specific technologies used in the field of information security
Answer:- D