Mike Chapple - (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

31 Renee is designing the long-term security plan for her organization and has a three- to five-year planning horizon. Her primary goal is to align the security function with the broader plans and objectives of the business. What type of plan is she developing?OperationalTacticalSummaryStrategic

32 Gina is working to protect a logo that her company will use for a new product they are launching. She has questions about the intellectual property protection process for this logo. What U.S. government agency would be best able to answer her questions?USPTOLibrary of CongressNSANIST

33 The Acme Widgets Company is putting new controls in place for its accounting department. Management is concerned that a rogue accountant may be able to create a new false vendor and then issue checks to that vendor as payment for services that were never rendered. What security control can best help prevent this situation?Mandatory vacationSeparation of dutiesDefense in depthJob rotation

34 Which one of the following categories of organizations is most likely to be covered by the provisions of FISMA?BanksDefense contractorsSchool districtsHospitals

35 Robert is responsible for securing systems used to process credit card information. What security control framework should guide his actions?HIPAAPCI DSSSOXGLBA

36 Which one of the following individuals is normally responsible for fulfilling the operational data protection responsibilities delegated by senior management, such as validating data integrity, testing backups, and managing security policies?Data custodianData ownerUserAuditor

37 Alan works for an e-commerce company that recently had some content stolen by another website and republished without permission. What type of intellectual property protection would best preserve Alan's company's rights?Trade secretCopyrightTrademarkPatent

38 Florian receives a flyer from a U.S. federal government agency announcing that a new administrative law will affect his business operations. Where should he go to find the text of the law?United States CodeSupreme Court rulingsCode of Federal RegulationsCompendium of Laws

39 Tom enables an application firewall provided by his cloud infrastructure as a service provider that is designed to block many types of application attacks. When viewed from a risk management perspective, what metric is Tom attempting to lower by implementing this countermeasure?ImpactRPO MTOLikelihood

40 Which one of the following individuals would be the most effective organizational owner for an information security program?CISSP-certified analystChief information officer (CIO)Manager of network securityPresident and CEO

41 What important function do senior managers normally fill on a business continuity planning team?Arbitrating disputes about criticalityEvaluating the legal environmentTraining staffDesigning failure controls

42 You are the CISO for a major hospital system and are preparing to sign a contract with a software as a service (SaaS) email vendor and want to perform a control assessment to ensure that its business continuity planning measures are reasonable. What type of audit might you request to meet this goal?SOC 1FISMAPCI DSSSOC 2

43 Gary is analyzing a security incident and, during his investigation, encounters a user who denies having performed an action that Gary believes he did perform. What type of threat has taken place under the STRIDE model?RepudiationInformation disclosureTamperingElevation of privilege

44 Beth is the security administrator for a public school district. She is implementing a new student information system and is testing the code to ensure that students are not able to alter their own grades. What principle of information security is Beth enforcing?IntegrityAvailabilityConfidentialityDenial

45 Which one of the following issues is not normally addressed in a service-level agreement (SLA)?Confidentiality of customer informationFailover timeUptimeMaximum consecutive downtime

46 Joan is seeking to protect a piece of computer software that she developed under intellectual property law. Which one of the following avenues of protection would not apply to a piece of software?TrademarkCopyrightPatentTrade secretFor questions 47–49, please refer to the following scenario:Juniper Content is a web content development company with 40 employees located in two offices: one in New York and a smaller office in the San Francisco Bay Area. Each office has a local area network protected by a perimeter firewall. The local area network (LAN) contains modern switch equipment connected to both wired and wireless networks.Each office has its own file server, and the information technology (IT) team runs software every hour to synchronize files between the two servers, distributing content between the offices. These servers are primarily used to store images and other files related to web content developed by the company. The team also uses a SaaS-based email and document collaboration solution for much of their work.You are the newly appointed IT manager for Juniper Content, and you are working to augment existing security controls to improve the organization's security.

47 Users in the two offices would like to access each other's file servers over the internet. What control would provide confidentiality for those communications?Digital signaturesVirtual private networkVirtual LANDigital content management

48 You are also concerned about the availability of data stored on each office's server. You would like to add technology that would enable continued access to files located on the server even if a hard drive in a server fails. What control allows you to add robustness without adding additional servers?Server clusteringLoad balancingRAIDScheduled backups

49 Finally, there are historical records stored on the server that are extremely important to the business and should never be modified. You would like to add an integrity control that allows you to verify on a periodic basis that the files were not modified. What control can you add?HashingACLsRead-only attributesFirewalls

50 Beth is a human resources specialist preparing to assist in the termination of an employee. Which of the following is not typically part of a termination process?An exit interviewRecovery of propertyAccount terminationSigning an NCA

51 Frances is reviewing her organization's business continuity plan documentation for completeness. Which one of the following is not normally included in business continuity plan documentation?Statement of accountsStatement of importanceStatement of prioritiesStatement of organizational responsibility

52 An accounting employee at Doolittle Industries was recently arrested for participation in an embezzlement scheme. The employee transferred money to a personal account and then shifted funds around between other accounts every day to disguise the fraud for months. Which one of the following controls might have best allowed the earlier detection of this fraud?Separation of dutiesLeast privilegeDefense in depthMandatory vacation

53 Jeff would like to adopt an industry-standard approach for assessing the processes his organization uses to manage risk. What maturity model would be most appropriate for his use?CMMSW-CMMRMMCOBIT

54 Chris' organization recently suffered an attack that rendered their website inaccessible to paying customers for several hours. Which information security goal was most directly impacted?ConfidentialityIntegrityAvailabilityDenial

55 Yolanda is writing a document that will provide configuration information regarding the minimum level of security that every system in the organization must meet. What type of document is she preparing?PolicyBaselineGuidelineProcedure

56 Who should receive initial business continuity plan training in an organization?Senior executivesThose with specific business continuity rolesEveryone in the organizationFirst responders