CISSP Practice Quiz 1

1. Which of the following documents lists the value of all assets within the organization?  

• Risk assessment
• Nondisclosure agreement
• Business impact analysis
• Action plan

2. Which of the following is typically not considered a privileged user?  

• A customer making an online purchase
• A database administrator changing the format of a particular table
• A manager adding an employee to the access control list for a specific project
• A system administrator changing the configuration of a particular device

3. What is the term for risk left over after security controls are applied?  

• Minimized
• Transferred
• Fragmentary
• Residual

4. What is a network of geographically-distributed servers used to optimize quality of service called? 

• Sharding
• MARS
• CDN
• TEMPEST

5. Which of the following is not a characteristic of the NIST/ISO cloud computing definitions?  

• Measured service
• Broad network access
• Shared resources
• Minimized risk

6. Which of the following is not a form of strong authentication?  

• Synchronization of the two endpoints in a communication
• Encrypted data in motion
• Multiple factors
• Exchange of certificates

7. What is a measurable/observable occurrence in an environment called? 

• Event
• Impact
• Transaction
• Cloud computing

8. The post-response activity (sometimes referred to as “lessons learned”) phase allows the organization to better deal with the same type of incident if it ever happens again and also ______________________.  

• demonstrate due diligence in case the organization allowed sensitive data to be exposed to unauthorized personnel
• allows the organization to improve the overall incident management process for use in all future incident management activity
• minimize liability for future incidents
• reduce exposure to any similar kinds of incidents

9. Which of the following is not typically a method for gathering data for the business impact analysis (BIA)?  

• Regulatory mandate
• Customer response
• Surveys
• Financial audit

10. Which of the following is an absolutely essential aspect of business continuity and disaster recovery (BCDR) planning?  

• Testing
• Alternate communications capabilities
• Regulatory input
• Recovery kit(s)