Following are 29 examples of the types of questions included on the Certified Information Systems Security Professional (CISSP) examination. CLICK HERE for correct answers and an explanation of responses.

I. Access Control Systems and Methodology
1. In a discretionary mode, who has delegation authority to grant access to information to other people?
a. User
b. Security officer
c. Group leader
d. Owner

2. An access system that grants users only those rights necessary for them to perform their work is operating on which security principle?
a. Discretionary access
b. Least privilege
c. Mandatory access
d. Separation of duties

3. The type of penetration testing used to discover whether numerous usercode/password combinations can be attempted without detection is called
a. Keystroke capturing
b. Access validation testing
c. Brute force testing
d. Accountability testing

II. Telecommunications & Network Security
4. Which of the following telecommunications media is MOST resistant to tapping?
a. Twisted pair
b. Coaxial
c. Shielded coaxial
d. Fiber optic

5. Which network topology passes all traffic through all active nodes?
a. Broadband
b. Hub and spoke
c. Baseband
d. Token ring

6. Layer 4 of the OSI stack is known as
a. The data link layer
b. The transport layer
c. The network layer
d. The presentation layer

III. Security Management
7. Which of the following represents an ALE calculation?
a. Gross loss expectancy x loss frequency
b. Asset value x loss expectancy
c. Total cost of loss + actual replacement value
d. Single loss expectancy x annualized rate of occurrence

8. Who is ultimately responsible for ensuring that information is categorized and that specific protective measures are taken?
a. Security officer
b. Management
c. Data owner
d. Custodian

9. What principle recommends the division of responsibilities so that one person cannot commit an undetected fraud?
a. Separation of duties
b. Mutual exclusion
c. Need to know
d. Least privilege

IV. Application & System Development Security
10. When a database error has been detected requiring a backing-out process, a mechanism that permits starting the process at designated places in the process is called
a. Restart
b. Reboot
c. Checkpoint
d. Journal

11. Which one of the following is an automated software product used to review security logs?
a. User profiling
b. Intrusion detection
c. System baselining
d. Access modeling

12. Which of the following is a malicious program, the purpose of which is to reproduce itself throughout the network utilizing system resources?
a. Logic bomb
b. Virus
c. Worm
d. Trojan horse

V. Cryptography
13. In what way does the Rivest-Shamir-Adleman algorithm differ from the Data Encryption Standard?
a. It is based on a symmetric algorithm.
b. It uses a public key for encryption.
c. It eliminates the need for a key-distribution center.
d. It cannot produce a digital signature.

14. The fact that it is easier to find prime numbers than to factor the product of two prime numbers is fundamental to what kind of algorithm?
a. Symmetric key
b. Asymmetric key
c. Secret key
d. Stochastic key

15. The Data Encryption Algorithm performs how many rounds of substitution and permutation?
a. 4
b. 16
c. 54
d. 64

VI. Security Architecture & Models
16. At which ITSEC or TCSEC class is design verification first required?
a. F5 or A1
b. F3 or B1
c. F2 or C2
d. F1 or C1 17.

What software flaw allows stack overflows and other memory-bound attacks to succeed? a. Inadequate confinement properties.
b. Compartmentalization not enforced.
c. Insufficient parameter checking.
d. Applications execute in privileged mode.

18. Between-the-lines, line disconnects, interrupt and NAK attacks are all examples of exploits related to
a. System data channel
b. System timing (TOC/TOU)
c. System bounds checking
d. Passive monitoring

VII. Operations Security
19. Why are unique user IDs critical in the review of audit trails?
a. They show which files were altered.
b. They establish individual accountability.
c . They cannot be easily altered.
d. They trigger corrective controls.

20. An e-mail gateway that does not restrict the reception of e-mail to a known set of addresses can be used by a hacker for
a. Spamming attacks
b. NAK attacks
c. Exhaustive attacks
d. Spoofing attacks

21. Which of the following is an example of an operations security attack that is designed to cause the system, or a portion of the system, to cease operations?
a. Ping of Death
b. Brute force
c. Satan attack
d. Back door

VIII. Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)
22. Which of the following criteria should be met by off-site storage protection for media backup?
a. The storage site should be located at least 15 miles from the main site.
b. The storage site should be easily accessible during working hours.
c. The storage site should always be protected by an armed guard.
d. The storage site should guard against unauthorized access.

23. Which of the following best describes remote journaling?
a. Send hourly tapes containing transactions off-site.
b. Send daily tapes containing transactions off-site.
c . Real-time capture of transactions to multiple storage devices.
d. The electronic forwarding of transactions to an off-site facility.

IX. Law, Investigations & Ethics
24. Computer-generated evidence is not considered reliable because it is

a. Stored on volatile media
b. Too complex for jurors to understand
c. Seldom comprehensive enough to validate
d. Too difficult to detect electronic tampering

25. Before powering off a computer system, the computer crime investigator should record the contents of the monitor and
a. Save the contents of the spooler queue
b. Dump the memory contents to disk
c. Back up the hard drive
d. Collect the owner's bootup disks

26. According to the Internet Activities Board, which one of the following activities is in violation of RFC 1087 "Ethics and the Internet?"
a. Performing penetration testing against an Internet host.
b. Entering information into an active Web page.
c. Creating a network-based computer virus.
d. Disrupting Internet communica- tions.

X. Physical Security
27. Which of the following measures would be the BEST deterrent to the theft of corporate information from a laptop that was left in a hotel room?

a. Store all data on disks and lock them in an in-room safe.
b. Remove the batteries and power supply from the laptop and store them separately from the computer.
c. Install a cable lock on the laptop when it is unattended.
d. Encrypt the data on the hard drive.

28. Which of the following BEST describes a transponder-based identification card?
a. The card is read by passing it through a magnetic strip reader.
b. The card is read by holding it in the proximity of the reader.
c. The card is read by slipping the card into a standard card edge connector.
d. The card is read by passing light through the holes in the card.

29. Under what conditions would use of a "Class C" hand-held fire extinguisher be preferable to use of a "Class A" hand-held fire extinguisher?
a. When the fire is in its incipient stage.
b. When the fire involves electrical equipment.
c. When the fire is located in an enclosed area.
d. When the fire is caused by flammable products.