Category Archives: CISSP Questions

Incident response planning can be instrumental in: | CISSP Questions

A. Meeting regulatory requirements B. Creating customer loyalty C. Reducing the impact of an adverse event on the organization D. Ensuring management makes the correct decisions in a crisis Ans: C

Posted in CISSP Questions | Leave a comment

Social engineering can take many forms EXCEPT: | CISSP Questions

A. Dumpster diving B. Coercion or intimidation C. Sympathy D. Eavesdropping Ans: D

Posted in CISSP Questions | Leave a comment

What is a primary target of a person employing social engineering? | CISSP Questions

A. An individual B. A policy C. Government agencies D. An information system Ans: A

Posted in CISSP Questions | Leave a comment

A main objective of awareness training is: | CISSP Questions

A. Provide understanding of responsibilities B. Entertaining the users through creative programs C. Overcoming all resistance to security procedures D. To be repetitive to ensure accountability Ans: A

Posted in CISSP Questions | Leave a comment

The role of an information custodian should NOT include: | CISSP Questions

A. Restoration of lost or corrupted data B. Regular backups of data C. Establishing retention periods for data D. Ensuring the availability of data Ans: C

Posted in CISSP Questions | Leave a comment

An information security policy does NOT usually include: | CISSP Questions

A. Authority for information security department B. Guidelines for how to implement policy C. Basis for data classification D. Recognition of information as an asset of the organization Ans: B

Posted in CISSP Questions | Leave a comment

Who “owns” an organization’s data? | CISSP Questions

A. Information technology group B. Users C. Data custodians D. Business units Ans: D

Posted in CISSP Questions | Leave a comment

Data classification can assist an organization in: | CISSP Questions

A. Eliminating regulatory mandates B. Lowering accountability of data classifiers C. Reducing costs for protecting data D. Normalization of databases Ans: C

Posted in CISSP Questions | Leave a comment

A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that? | CISSP Questions

A. Automated tools B. Adoption of qualitative risk assessment processes C. Increased reliance on internal experts for risk assessment D. Recalculation of the work factor Ans: A

Posted in CISSP Questions | Leave a comment

Risk Assessment includes all of the following EXCEPT: | CISSP Questions

A. Implementation of effective countermeasures B. Ensuring that risk is managed C. Analysis of the current state of security in the target environment D. Strategic analysis of risk Ans: A

Posted in CISSP Questions | Leave a comment