CISSP PRACTICE TESTS Chapter 1▪Security & Risk Management (Domain 1) 100 Q&A
1. What is the final step of quantitative?
A. Determine asset value.
B.Assess the annualized rate of occurrence.
C. Derive the annualized loss expectancy.
D. Conduct a cost/benefit analysis.
D. Conduct a cost/benef...
cissp practice tests chapter 1▪security amp risk management domain 1 100 qampa 1 what is the final step of quantitative a determine asset value bassess the annualized rate of occurrence c
Written for
CISSP
All documents for this subject (299)
Seller
Follow
LECTMAGGY
Reviews received
Content preview
CISSP PRACTICE TESTS Chapter 1▪Security & Risk
Management (Domain 1) 100 Q&A
1. What is the final step of quantitative?
A. Determine asset value.
B.Assess the annualized rate of occurrence.
C. Derive the annualized loss expectancy.
D. Conduct a cost/benefit analysis.
D. Conduct a cost/benefit analysis.
2. An evil twin attack that broadcasts a legitimate SSID for an unauthorized
network is an example of what category of threat?
A. Spoofing
B. Information disclosure
C. Repudiation
D. Tampering
A. Spoofing
3. Under the Digital Millennium Copyright Act (DMCA), what type of offenses do
not require prompt action by an Internet service provider after it receives a
notification of infringement claim from a copyright holder?
A. Storage of information by a customer on a provider's server
B. Caching of information by the provider
C. Transmission of information over the provider's network by a customer
D. Caching of information in a provider search engine
C. Transmission of information over the provider's network by a customer
4. FlyAway Travel has offices in both the European Union and the United States
and transfers personal information between those offices regularly. Which of the
seven requirements for processing personal information states that organizations
must inform individuals about how the information they collect is used?
A. Notice
B. Choice
C. Onward Transfer
D. Enforcement
A. Notice
5. Which one of the following is not one of the three common threat modeling
techniques?
A. Focused on assets
B. Focused on attackers
C. Focused on software
D. Focused on social engineering
D. Focused on social engineering
6. Which one of the following elements of information is not considered
personally identifiable information that would trigger most US state data breach
laws?
A. Student identification number
B. Social Security number
,C. Driver's license number
D. Credit card number
A. Student identification number
7. In 1991, the federal sentencing guidelines formalized a rule that requires senior
executives to take personal responsibility for information security matters. What
is the name of this rule?
A. Due dilidence rule
B. Personal liability rule
C. Prudent man rule
D. Due process rule
C. Prudent man rule
8. Which one of the following provides an authentication mechanism that would
be appropriate for pairing with a password to achieve multifactor authentication?
A. Username
B. PIN
C. Security question
D. Fingerprint scan
D. Fingerprint scan
9. What United States government agency is responsible for administering the
terms of safe harbor agreements between the European Union and the United
States under the EU Data Protection Directive?
A. Department of Defense
B. Department of the Treasury
C. State Department
D. Department of Commerce
D. Department of Commerce
10. Yolanda is the cheif privacy officer for a financial institution and is
researching privacy issues related to customer checking accounts. Which one of
the following laws is most likely to apply to this situation?
A. GLBA
B. SOX
C. HIPAA
D. FERPA
A. GLBA
11. Tim's organization recently recieved a contract to conduct sponsored
research as a government contractor. What law now likely applies to the
information system involved in this contract?
A. FISMA
B. PCI DSS
C. HIPAA
D. GISRA
A. FISMA
12. Chris is advising travelers from his organization who will be visiting many
different countries overseas. He is concerned about compliiance with export
control laws. Which of the following technologies is most likely to trigger these
regulations?
, A. Memory chips
B. Office productivity applications
C. Hard drives
D. Encryption software
D. Encryption software
13. Bobbi is investigating a security incident and discovers that an attacker
began with a normal user account but managed to exploit a system vulnerability
to provide that account with administrative rights. What type of attack took place
under the STRIDE model?
A. Spoofing
B. Repudiation
C. Tampering
D. Elevation of privilege
A. D. Elevation of privilege
14. You are completing your business continuity planning effort and have
decided that you wish to accept one of the risks. What should you do next?
A. Implement new security control to reduce the risk level.
B. Design a disaster recovery plan.
C. Repeat the business impact assessment.
D. Document your decision-making process.
D. Document your decision-making process.
15. Which one of the following control categories does not accurately describe a
fence around a facility?
A. Physical
B. Detective
C. Deterrent
D. Preventive
B. Detective
16. Tony is developing a business continuity plan and is having difficulty
prioritizing resources because of the difficulty of combining information about
tangible and intangible assets. What would be the most effective risk assessment
approach for him to use?
A. Quantitative risk assessment
B. Qualitative risk assessment
C. Neither quantitative nor qualitative risk assessment
D. Combination of quantitative and qualitative risk assessment
D. Combination of quantitative and qualitative risk assessment
17. What law provides intellectual property proctection to the holders of trade
secrets?
A. Copyright Law
B. Lanham Act
C. Glass-Steagall Act
D. Economic Espionage Act
D. Economic Espionage Act
18. Which one of the following principles imposes a standard of care upon an
individual that is broad and equivalent to what one would expect from a
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller LECTMAGGY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.88. You're not tied to anything after your purchase.
