Skip survey header

CISSP Practice Quiz: Domain 1 Security and Risk Management Quiz 1

CISSP Practice Quiz Domain 1 Security and Risk Management Quiz 1

1. Acme Systems recently developed a new technology for constructing integrated circuit boards. They would like to protect this technology but want to make certain that competitors do not learn how the technology works.

What intellectual property protection technique is best suited for Acme’s situation?
2. Jack is conducting a risk assessment for his firm and is evaluating the risks associated with a flood inundating the firm’s data center. Consulting FEMA maps, he determines that the data center is located in a 100-year flood plain. He estimates that a flood would cause $5M of damage to his $40M facility.

What is the annualized loss expectancy?
3. Mary recently read about a new hacking group that is using advanced tools to break into the database servers of organizations running public websites. In risk management language, how would she describe this group of hackers?
4. Ben is planning to deploy a new firewall on his organization’s network. What category of control does the firewall fit into?
5. The MilTech defense contracting company would like to add an administrative security control that protects against insider attacks.

Which one of the following controls best meets those criteria?
6. MountainSports is a major outdoor sports retailer with locations around the United States. They engage in credit card transactions throughout the country and are concerned about compliance issues surrounding credit card processing.

What regulation applies in this situation?
7. Bob is conducting a business impact assessment as part of his organization’s business continuity program. He identified the longest period of time that a service can be unavailable without causing damage to the business.

What BIA variable did Bob identify?
8. Yellow Submarine Enterprises recently conducted a risk assessment of their IT systems and decided to implement a new data loss prevention system to reduce the likelihood of an accidental data breach.

What risk management strategy did they adopt?
9. Tom is completing an asset valuation exercise for his company’s two-year-old Storage Area Network (SAN). He gathers the invoices from the equipment purchases and adds them up to determine the asset value. What method is Tom using?
10. Orwell Systems is one of the nation’s largest publicly traded companies. Annie is Orwell’s IT compliance program manager and she wants to ensure the accuracy of the company’s financial statements.

What regulation most likely applies in this scenario?
Thank you to our sponsor for providing this free practice quiz.