REVIEW QUESTIONS

  1. Which of the following is not an (ISC)² certification?
    A. HCISPP
    B. ISSEP
    C. CAP
    D. OSCP
  2. According to the Peacock Model, which of the following is not an information system component?
    A. ERP system
    B. Procurement process
    C. System administrator
    D. None of the above
  3. Which of the following is not a DoD 8570.1 baseline certification?
    A. CISSP
    B. CISM
    C. CEH
    D. None of the above
  4. As a CISSP aspirant, which of the following should you download before you get started your CISSP journey?
    A. The CISSP Certification Exam Outline
    B. The Ethics Complaint Affidavit Form
    C. The official (ISC)² Logo Usage Guidelines
    D. None of the above
  5. How many (ISC)² Code of Ethics Canons are there that are limited to principals only when making a complaint?
    A. One canon
    B. Two canons
    C. Three canons
    D. Four canons
  6. Which of the following defines the security objectives of confidentiality, integrity, and availability?
    A. HIPAA
    B. FISMA
    C. GLBA
    D. SOX
  7. Which of the following is not a risk factor?
    A. Objectives
    B. Uncertainty
    C. Effect
    D. None of the above
  8. Which of the following is not part of Wentz’s Risk Model?
    A. Peacock Model
    B. Onion Model
    C. Protection Ring Model
    D. None of the above
  9. Because a hacker may deface an unpatched web site through SQL injection, that would jeopardize the organization’s reputation. Which of the following best describes the statement?
    A. Risk
    B. Threat
    C. Opportunity
    D. Threat scenario
  10. According to ISO 27005, which of the following is not a primary asset?
    A. Sales report
    B. Human resource staff
    C. Procurement procedure
    D. Backup strategy
  11. Which of the following data classification criteria covers the most widespread concerns?
    A. Sensitivity
    B. Criticality
    C. Business value
    D. Recovery cost
  12. Which of the following is responsible for improving data quality?
    A. Data owner
    B. Data custodian
    C. Data controller
    D. Data steward
  13. Which of the following best describes security labeling?
    A. Stick a “Secret” label to a CD
    B. Use a red document folder with the term “Secret”
    C. Configure a printer as “Secret”
    D. Place security level “(S)” inline in a text
  14. Which of the following is part of access control?
    A. Authentication
    B. Authorization
    C. Accounting
    D. All of the above
  15. Which of the following is the most important element of management?
    A. Goals or objectives
    B. Planning
    C. Execution
    D. Continuous improvement

Leave a Reply