BSI CISSP CBK 2024 Review Final Exam PJATK Exam
Questions And Correct Answers 2024-2025
Residual risks. - Answer A risk is the probability of a threat source exploiting a
vulnerability of an information system. The risks that remain after the implementation of
security measures are referred to as:
Protects the right of an author to prevent unauthorized use of his/her works. - Answer
Copyright grants what type of protection:
$20,000. - Answer As a information systems security professional, what maximum
amount would you recommend to a corporation to spend annually on a countermeasure
for safeguarding their assets worth $1 million from a possible threat that has an
annualized rate of occurrence (ARO) of once every five years and an exposure factor
(EF) of 10% :
Key exchange - Answer Which of the following represents the first step in the process to
establish an encrypted session using a Data Encryption Standard (DES) key?
Identify information sensitivity or classification level. - Answer In a classic information
security program, what is the most important owner of information (data)?
Identification of person who left the evidence. - Answer Which of the following is not part
of â€Å"chain of evidenceâ€:
All access permission should be reviewed. - Answer When an employee transfers within
an organization …
One-way encrypted file - Answer A system security engineer is evaluation methods to
store user passwords in an information system, so what may be the best method to
store user passwords and meeting the confidentiality security objective?
,disclosure, alteration, destruction - Question What is the equivalent of C.I.A. triad in risk
management?
Responsibility to the public safety, clients, other individual and profession. - Question A
CISSP may face an ethical conflict between his/her organization's policies and the
(ISC)2 Code of Ethics. According to the (ISC)2 Code of Ethics, what is the order of
precedence to handle ethical conflicts?
Discretionary Access Control - Answer Company X is going to use rule based access
control mechanism for providing access to its information assets, what type of access
control is this normally associated with?
Protection Profile. - Answer In the Common Criteria Evaluation and Validation Scheme
(CCEVS), requirements for future products are defined by:
A brief, high-level statement specifying what is permitted and what is not permitted to
happen during the use of the system. Solution As an ISSM, you are tasked with
describing the rationale for a system security policy.
do not negatively impact the implementation of the security policy. - Solution
Configuration management ensures that changes…?
Private key of the certificate owner has been compromised. - Answer Under what
circumstance might a certification authority (CA) revoke a certificate?
Senior Management - Answer Which of the following entity is ultimately responsible for
information security within an organization?
Ciphertext-only - Answer What type of cryptanalytic attack where an adversary has the
least amount of information to work with?
A&C - Answer In business continuity planning, which of the following is an advantage of
a "hot site" over a "cold site"
, Minimize the number of entrances - Answer Which of the following is the most effective
method for reducing security risks associated with building entrances?
removing the volume header information. - Answer All of the following methods ensure
the stored data are unreadable except.?
It sniffs network traffic. - Solution Before actually implementing an Intrusion Prevention
System (IPS), a network engineer would install a packet sniffer on the network, for
which of the following reasons?
Solutions
The organization's documented security policy for data classification - Solution
According to a Mandatory Access Control(MAC) philosophy, what provides the basis for
the assignments of the data classification?
Birthday attack - Answer A type cryptographic attack where it is based on the
probability of two different messages using the same hash function to produce the same
message digest is?
Least Privilege - Answer An access control system that grants users only those rights
necessary for them to perform their work is operating on which security principle?
It provides a clear understanding of potential risk and exposure. - Answer Which one of
the following is the main purpose of a security awareness program?
Provide an exact image of the hard drive. - Answer Which of the following evidence
collection method is most likely accepted in a court case?
Statistically predictable. - Answer Which of the following characteristics is not of a good
stream cipher?
A stand-alone workstation with Rainbow table and a copied password database. -
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Easton. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.99. You're not tied to anything after your purchase.