CISSP Practice Test

With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

A.

Continuously without exception for all security controls

B.

Before and after each change of the control

C.

At a rate concurrent with the volatility of the security control

D.

Only during system implementation and decommissioning

What is the ultimate objective of information classification?

A.

To assign responsibility for mitigating the risk to vulnerable systems

B.

To ensure that information assets receive an appropriate level of protection

C.

To recognize that the value of any item of information may change over time

D.

To recognize the optimal number of classification categories and the benefits to be gained from their use

Following the completion of a network security assessment, which of the following can BEST be demonstrated?

A.

The effectiveness of controls can be accurately measured

B.

A penetration test of the network will fail

C.

The network is compliant to industry standards

D.

All unpatched vulnerabilities have been identified

Which one of the following describes granularity?

A.

Maximum number of entries available in an Access Control List (ACL)

B.

Fineness to which a trusted system can authenticate users

C.

Number of violations divided by the number of total accesses

D.

Fineness to which an access control system can be adjusted

What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?

A.

Man-in-the-Middle (MITM) attack

B.

Smurfing

C.

Session redirect

D.

Spoofing