(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests. Mike Chapple

Чтение книги онлайн.

СКАЧАТЬ the General Data Protection Regulation (GDPR), which requirement for processing personal information states that individuals may request that their data no longer be disseminated or processed?The right to accessPrivacy by designThe right to be forgottenThe right of data portability

      5 After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?AcceptTransferReduceReject

      6 Which one of the following elements of information is not considered personally identifiable information that would trigger most United States (U.S.) state data breach laws?Student identification numberSocial Security numberDriver's license numberCredit card number

      7 Renee is speaking to her board of directors about their responsibilities to review cybersecurity controls. What rule requires that senior executives take personal responsibility for information security matters?Due diligence rulePersonal liability rulePrudent man ruleDue process rule

      8 Henry recently assisted one of his co-workers in preparing for the CISSP exam. During this process, Henry disclosed confidential information about the content of the exam, in violation of Canon IV of the Code of Ethics: “Advance and protect the profession.” Who may bring ethics charges against Henry for this violation?Anyone may bring charges.Any certified or licensed professional may bring charges.Only Henry's employer may bring charges.Only the affected employee may bring charges.

      9 Wanda is working with one of her organization's European Union business partners to facilitate the exchange of customer information. Wanda's organization is located in the United States. What would be the best method for Wanda to use to ensure GDPR compliance?Binding corporate rulesPrivacy ShieldStandard contractual clausesSafe harbor

      10 Yolanda is the chief privacy officer for a financial institution and is researching privacy requirements related to customer checking accounts. Which one of the following laws is most likely to apply to this situation?GLBASOXHIPAAFERPA

      11 Tim's organization recently received a contract to conduct sponsored research as a government contractor. What law now likely applies to the information systems involved in this contract?FISMAPCI DSSHIPAAGISRA

      12 Chris is advising travelers from his organization who will be visiting many different countries overseas. He is concerned about compliance with export control laws. Which of the following technologies is most likely to trigger these regulations?Memory chipsOffice productivity applicationsHard drivesEncryption software

      13 Bobbi is investigating a security incident and discovers that an attacker began with a normal user account but managed to exploit a system vulnerability to provide that account with administrative rights. What type of attack took place under the STRIDE threat model?SpoofingRepudiationTamperingElevation of privilege

      14 You are completing your business continuity planning effort and have decided that you want to accept one of the risks. What should you do next?Implement new security controls to reduce the risk level.Design a disaster recovery plan.Repeat the business impact assessment.Document your decision-making process.

      15 You are completing a review of the controls used to protect a media storage facility in your organization and would like to properly categorize each control that is currently in place. Which of the following control categories accurately describe a fence around a facility? (Select all that apply.)PhysicalDetectiveDeterrentPreventive

      16 Tony is developing a business continuity plan and is having difficulty prioritizing resources because of the difficulty of combining information about tangible and intangible assets. What would be the most effective risk assessment approach for him to use?Quantitative risk assessmentQualitative risk assessmentNeither quantitative nor qualitative risk assessmentCombination of quantitative and qualitative risk assessment

      17 Vincent believes that a former employee took trade secret information from his firm and brought it with him to a competitor. He wants to pursue legal action. Under what law could he pursue charges?Copyright lawLanham ActGlass-Steagall ActEconomic Espionage Act

      18 Which one of the following principles imposes a standard of care upon an individual that is broad and equivalent to what one would expect from a reasonable person under the circumstances?Due diligenceSeparation of dutiesDue careLeast privilege

      19 Brenda's organization recently completed the acquisition of a competitor firm. Which one of the following tasks would be LEAST likely to be part of the organizational processes addressed during the acquisition?Consolidation of security functionsIntegration of security toolsProtection of intellectual propertyDocumentation of security policies

      20 Kelly believes that an employee engaged in the unauthorized use of computing resources for a side business. After consulting with management, she decides to launch an administrative investigation. What is the burden of proof that she must meet in this investigation?Preponderance of the evidenceBeyond a reasonable doubtBeyond the shadow of a doubtThere is no standard

      21 Keenan Systems recently developed a new manufacturing process for microprocessors. The company wants to license the technology to other companies for use but wants to prevent unauthorized use of the technology. What type of intellectual property protection is best suited for this situation?PatentTrade secretCopyrightTrademark

      22 Which one of the following actions might be taken as part of a business continuity plan?Restoring from backup tapesImplementing RAIDRelocating to a cold siteRestarting business operations

      23 When developing a business impact analysis, the team should first create a list of assets. What should happen next?Identify vulnerabilities in each asset.Determine the risks facing the asset.Develop a value for each asset.Identify threats facing each asset.

      24 Mike recently implemented an intrusion prevention system designed to block common network attacks from affecting his organization. What type of risk management strategy is Mike pursuing?Risk acceptanceRisk avoidanceRisk mitigationRisk transference

      25 Laura has been asked to perform an SCA. What type of organization is she most likely in?Higher educationBankingGovernmentHealthcare

      26 Carl is a federal agent investigating a computer crime case. He identified an attacker who engaged in illegal conduct and wants to pursue a case against that individual that will lead to imprisonment. What standard of proof must Carl meet?Beyond the shadow of a doubtPreponderance of the evidence Beyond a reasonable doubtMajority of the evidence

      27 The International Information Systems Security Certification Consortium uses the logo shown here to represent itself online and in a variety of forums. What type of intellectual property protection may it use to protect its rights in this logo?CopyrightPatentTrade secretTrademark

      28 Mary is helping a computer user who sees the following message appear on his computer screen. What type of attack has occurred?AvailabilityConfidentialityDisclosureDistributed

      29 Which one of the following organizations would not be automatically subject to the privacy and security requirements of HIPAA if they engage in electronic transactions?Healthcare providerHealth and fitness application developerHealth information clearinghouseHealth insurance plan

      30 John's network begins to experience symptoms of slowness. Upon investigation, he realizes that the network is being bombarded with TCP SYN packets and believes that his organization is the victim of a denial-of-service attack. What principle of information security is being violated?AvailabilityIntegrityConfidentialityDenial

      31 Renee is designing the long-term security plan for her organization and has a three- to five-year planning horizon. Her primary goal is to align the security function with the broader plans and objectives of the business. What type of plan is she developing?OperationalTacticalSummaryStrategic

СКАЧАТЬ