Security and Risk Management Question CISSP Course: Try this CISSP (Certified Information Systems Security Professional) sample review practice test on Chapter 1: Security and Risk Management for ISC CISSP certification preparation.
Security and Risk Management This chapter presents the following:
• Security terminology and principles
• Protection control types
• Security frameworks, models, standards, and best practices
• Computer laws and crimes
• Intellectual property
• Data breaches
• Risk management
• Threat modeling
• Business continuity and disaster recovery
• Personnel security
• Security governance
Security and Risk Management
Q1. Alyssa is responsible for her organization’s security awareness program. She is concerned that changes in technology may make the content outdated. What control can she put in place to protect against this risk?
- A. Gamification
- B. Computer-based training
- C. Content reviews
- D. Live training
Q2. Gavin is creating a report to management on his most recent risk assessment results. In his report, he would like to identify the remaining level of risk to the organization after adopting security controls. What term best describes this current level of risk?
- A. Inherent risk
- B. Residual risk
- C. Control risk
- D. Mitigated risk
Q3. Which of the following contains the primary goals and objectives of security?
- A. A network’s border perimeter
- B. The CIA Triad
- C. A stand-alone system
- D. The internet
Q4. Vulnerabilities and risks are evaluated based on their threats against which of the following?
- A. One or more of the CIA Triad principles
- B. Data usefulness
- C. Due care
- D. Extent of liability
Q5. Which of the following is a CIA Triad principle that authorized subjects are granted timely and uninterrupted access to objects?
- A. Identification
- B. Availability
- C. Encryption
- D. Layering
Q6. Francine is a security specialist for an online service provider in the United States. She recently received a claim from a copyright holder that a user is storing information on her service that violates the third party’s copyright. What law governs the actions that Francine must take?
- A. Copyright Act
- B. Lanham Act
- C. Digital Millennium Copyright Act
- D. Gramm Leach Bliley Act
Q7. FlyAway Travel has offices in the European Union (EU) and the United States and regularly transfers personal information between those offices. They have recently received a request from an EU customer requesting that their account be terminated. Under the General Data Protection Regulation (GDPR), which requirement for processing personal information states that individuals may request that their data no longer be disseminated or processed?
- A. The right to access
- B. Privacy by design
- C. The right to be forgotten
- D. The right of data portability
Q8. After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?
- A. Accept
- B. Transfer
- C. Reduce
- D. Reject
Q9. Which of the following is not considered a violation of confidentiality?
- A. Stealing passwords
- B. Eavesdropping
- C. Hardware destruction
- D. Social engineering
Q10. Which of the following is not true?
- A. Violations of confidentiality include human error.
- B. Violations of confidentiality include management oversight.
C. Violations of confidentiality are limited to direct intentional attacks.
- D. Violations of confidentiality can occur when a transmission is not properly encrypted.
Q11. STRIDE is often used in relation to assessing threats against applications or operating systems. Which of the following is not an element of STRIDE?
- A. Spoofing
- B. Elevation of privilege
- C. Repudiation
- D. Disclosure
Q12. Which one of the following elements of information is not considered personally identifiable information that would trigger most United States (U.S.) state data breach laws?
- A. Student identification number
- B. Social Security number
- C. Driver’s license number
- D. Credit card number
Q13. Renee is speaking to her board of directors about their responsibilities to review cybersecurity controls. What rule requires that senior executives take personal responsibility for
information security matters?
- A. Due diligence rule
- B. Personal liability rule
C. Prudent man rule
- D. Due process rule
Q14. Henry recently assisted one of his co-workers in preparing for the CISSP exam. During this process, Henry disclosed confidential information about the content of the exam, in violation of Canon IV of the Code of Ethics: “Advance and protect the profession.” Who may bring ethics charges against Henry for this violation?
- A. Anyone may bring charges.
- B. Any certified or licensed professional may bring charges.
- C. Only Henry’s employer may bring charges.
- D. Only the affected employee may bring charges.
Q15. Wanda is working with one of her organization’s European Union business partners to facilitate the exchange of customer information. Wanda’s organization is located in the United States. What would be the best method for Wanda to use to ensure GDPR compliance?
- A. Binding corporate rules
- B. Privacy Shield
- C. Standard contractual clauses
- D. Safe harbor
Q16. Yolanda is the chief privacy officer for a financial institution and is researching privacy requirements related to customer checking accounts. Which one of the following laws is most likely to apply to this situation?
- A. GLBA
- B. SOX
- C. HIPAA
- D. FERPA
- A. Restricting personal email
- B. Recording phone conversations
- C. Gathering information about surfing habits
- D. The backup mechanism used to retain email messages
- A. Classification
- B. Physical access
- C. Custodian responsibilities
- D. Taking ownership
- A. CIA Triad
- B. Abstraction
- C. Nonrepudiation
- D. Hash totals
- A. Multiple
- B. Series
- C. Parallel
- D. Filter
- CISSP Practice Test & Preparation Guide 2023
- Security and Risk Management Test
- Asset Security Test
- Security Architecture and Engineering Test
- Communication and Network Security Test
- Identity and Access Management (IAM) Test
- Security Assessment and Testing Test
- Security Operations Test
- Software Development Security Test