CISSP SAMPLE EXAMINATION
Following are 29 examples of the types of questions included
on the Certified Information Systems Security Professional (CISSP)
correct answers and an explanation of
I. Access Control Systems and
1. In a
discretionary mode, who has delegation authority to grant access to
information to other people?
c. Group leader
2. An access system
that grants users only those rights necessary for them to perform their
work is operating on which security principle?
b. Least privilege
c. Mandatory access
d. Separation of
3. The type of
penetration testing used to discover whether numerous usercode/password
combinations can be attempted without detection is called
b. Access validation testing
c. Brute force
d. Accountability testing
II. Telecommunications & Network
4. Which of the following
telecommunications media is MOST resistant to tapping?
c. Shielded coaxial
d. Fiber optic
5. Which network
topology passes all traffic through all active nodes?
b. Hub and
d. Token ring
6. Layer 4 of the
OSI stack is known as
a. The data link layer
b. The transport
c. The network layer
d. The presentation layer
III. Security Management
7. Which of the
following represents an ALE calculation?
a. Gross loss expectancy x
b. Asset value x loss expectancy
c. Total cost of
loss + actual replacement value
d. Single loss expectancy x annualized
rate of occurrence
8. Who is
ultimately responsible for ensuring that information is categorized and
that specific protective measures are taken?
c. Data owner
9. What principle
recommends the division of responsibilities so that one person cannot
commit an undetected fraud?
a. Separation of duties
c. Need to know
d. Least privilege
IV. Application & System Development
10. When a database error has been detected requiring a
backing-out process, a mechanism that permits starting the process at
designated places in the process is called
11. Which one of
the following is an automated software product used to review security
a. User profiling
b. Intrusion detection
d. Access modeling
12. Which of the
following is a malicious program, the purpose of which is to reproduce
itself throughout the network utilizing system resources?
d. Trojan horse
13. In what way does the
Rivest-Shamir-Adleman algorithm differ from the Data Encryption
a. It is based on a symmetric algorithm.
b. It uses a public key
c. It eliminates the need for a key-distribution
d. It cannot produce a digital signature.
14. The fact that
it is easier to find prime numbers than to factor the product of two prime
numbers is fundamental to what kind of algorithm?
b. Asymmetric key
c. Secret key
d. Stochastic key
15. The Data
Encryption Algorithm performs how many rounds of substitution and
VI. Security Architecture & Models
16. At which ITSEC
or TCSEC class is design verification first required?
a. F5 or
b. F3 or B1
c. F2 or C2
d. F1 or C1 17.
What software flaw
allows stack overflows and other memory-bound attacks to succeed? a.
Inadequate confinement properties.
b. Compartmentalization not
c. Insufficient parameter checking.
execute in privileged mode.
Between-the-lines, line disconnects, interrupt and NAK attacks are all
examples of exploits related to
a. System data channel
c. System bounds checking
d. Passive monitoring
VII. Operations Security
19. Why are unique user
IDs critical in the review of audit trails?
a. They show which
files were altered.
b. They establish individual accountability.
. They cannot be easily altered.
d. They trigger corrective controls.
20. An e-mail
gateway that does not restrict the reception of e-mail to a known set of
addresses can be used by a hacker for
a. Spamming attacks
c. Exhaustive attacks
d. Spoofing attacks
21. Which of the
following is an example of an operations security attack that is designed
to cause the system, or a portion of the system, to cease
a. Ping of Death
b. Brute force
d. Back door
VIII. Business Continuity Planning (BCP) & Disaster Recovery
22. Which of the following criteria should be met
by off-site storage protection for media backup?
a. The storage
site should be located at least 15 miles from the main site.
storage site should be easily accessible during working hours.
storage site should always be protected by an armed guard.
storage site should guard against unauthorized access.
23. Which of the
following best describes remote journaling?
a. Send hourly tapes
containing transactions off-site.
b. Send daily tapes containing
c . Real-time capture of transactions to
multiple storage devices.
d. The electronic forwarding of transactions
to an off-site facility.
IX. Law, Investigations
24. Computer-generated evidence is not
considered reliable because it is
a. Stored on volatile media
Too complex for jurors to understand
c. Seldom comprehensive enough to
d. Too difficult to detect electronic tampering
25. Before powering
off a computer system, the computer crime investigator should record the
contents of the monitor and
a. Save the contents of the spooler
b. Dump the memory contents to disk
c. Back up the hard
d. Collect the owner's bootup disks
26. According to
the Internet Activities Board, which one of the following activities is in
violation of RFC 1087 "Ethics and the Internet?"
a. Performing penetration
testing against an Internet host.
b. Entering information into an
active Web page.
c. Creating a network-based computer virus.
Disrupting Internet communica- tions.
X. Physical Security
27. Which of the following measures
would be the BEST deterrent to the theft of corporate information from a
laptop that was left in a hotel room?
a. Store all data on disks
and lock them in an in-room safe.
b. Remove the batteries and power
supply from the laptop and store them separately from the computer.
Install a cable lock on the laptop when it is unattended.
the data on the hard drive.
28. Which of the
following BEST describes a transponder-based identification
a. The card is read by passing it through a magnetic strip
b. The card is read by holding it in the proximity of the
c. The card is read by slipping the card into a standard card
d. The card is read by passing light through the holes
in the card.
29. Under what
conditions would use of a "Class C" hand-held fire extinguisher be
preferable to use of a "Class A" hand-held fire
a. When the fire is in its incipient stage.
b. When the fire
involves electrical equipment.
c. When the fire is located in an
d. When the fire is caused by flammable