ISC2 CISSP Certified Information Systems Security Professional Exam Practice Test

Answer : B

The ultimate objective of information classification is to ensure that information assets receive an appropriate level of protection in accordance with their importance and sensitivity to the organization. Information classification is the process of assigning labels or categories to information based on criteria such as confidentiality, integrity, availability, and value. Information classification helps the organization to identify the risks and threats to the information, and to apply the necessary controls and safeguards to protect it.Information classification also helps the organization to comply with the legal, regulatory, and contractual obligations related to the information12.Reference:1: Information Classification - Why it matters?32: ISO 27001 & Information Classification: Free 4-Step Guide4

Answer : D

The high-level audit phase that is represented by the option D is planning. An audit is a systematic and independent examination and evaluation of the evidence, records, or activities of an entity, such as a process, a system, or an organization, to determine the compliance, effectiveness, or efficiency of the entity, and to provide assurance, recommendations, or improvements for the entity. The audit process consists of several phases, such as planning, execution, reporting, and follow-up. The planning phase is the first and the most important phase of the audit process, as it involves defining the objectives, scope, and criteria of the audit, and determining the roles, responsibilities, and resources of the audit team. The planning phase also involves conducting the preliminary risk assessment, the background research, and the stakeholder analysis of the audit entity, and developing the audit plan, the audit checklist, and the audit schedule .Reference: [CISSP CBK, Fifth Edition, Chapter 6, page 572]; [100 CISSP Questions, Answers and Explanations, Question 19].

Answer : A

Security architecture is the design and implementation of the security controls, mechanisms, and processes that protect the confidentiality, integrity, and availability of the information and systems of an organization. Security architecture is aligned with the business goals, objectives, and requirements of the organization, and supports the security policies, standards, and guidelines of the organization. Security architecture follows a systematic and structured approach, which consists of the following phases or steps:

Governance: Establish the security vision, mission, principles, and policies of the organization, and define the roles, responsibilities, and authorities of the security stakeholders and functions.

Strategy and program management: Develop the security strategy and objectives of the organization, and plan, coordinate, and manage the security projects and initiatives that support the security strategy and objectives.

Project delivery: Design, implement, and integrate the security solutions and components that meet the security requirements and specifications of the organization, and deliver the expected security outcomes and benefits.

Operations: Operate, monitor, and maintain the security solutions and components, and ensure their optimal performance and functionality. Also, identify, analyze, and respond to the security incidents, events, or changes that may affect the security posture or risk level of the organization. The correct order of execution for security architecture is governance, strategy and program management, project delivery, and operations, as each phase builds on the previous one and provides the input and feedback for the next one.Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4: Security Architecture and Engineering, page 219.Official (ISC) CISSP CBK Reference, Fifth Edition, Domain 3: Security Architecture and Engineering, page 375.

Answer : A

The primary concern regarding the database information, aside from the potential records which may have been viewed, is the unauthorized database changes. The unauthorized database changes are the modifications or the alterations of the database information or structure, such as the data values, the data types, the data formats, the data relationships, or the data schemas, by an unauthorized individual or a malicious actor, such as the one who accessed the system hosting the database. The unauthorized database changes can compromise the integrity, the accuracy, the consistency, and the reliability of the database information, and can cause serious damage or harm to the organization's operations, decisions, or reputation. The unauthorized database changes can also affect the availability, the performance, or the functionality of the database, and can create or exploit the vulnerabilities or the weaknesses of the database. Integrity of security logs, availability of the database, and confidentiality of the incident are not the primary concerns regarding the database information, aside from the potential records which may have been viewed, as they are related to the evidence, the accessibility, or the secrecy of the security incident, not the modification or the alteration of the database information.Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7, Security Operations, page 865.Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 7, Security Operations, page 881.

Answer : D

The best reason for the use of security metrics is to quantify the effectiveness of security processes. Security metrics are measurable indicators that provide information about the performance, efficiency, and quality of security activities, controls, and outcomes. Security metrics can help to evaluate the current state of security, identify strengths and weaknesses, monitor progress and trends, and support decision making and improvement. Security metrics can also help to demonstrate the value and return on investment of security to the stakeholders, and to communicate the security objectives and expectations to the users. Security metrics can be based on various criteria, such as compliance, risk, cost, time, or customer satisfaction. Security metrics can be classified into different types, such as implementation metrics, effectiveness/efficiency metrics, and impact metrics. Security metrics can be collected, analyzed, and reported using various methods and tools, such as surveys, audits, logs, dashboards, or scorecards. Ensuring that the organization meets its security objectives, providing an appropriate framework for IT governance, and speeding up the process of quantitative risk assessment are all possible benefits or uses of security metrics, but they are not the best reason for the use of security metrics. Security metrics are not the only means to ensure that the organization meets its security objectives, as security objectives can also be influenced by other factors, such as policies, standards, procedures, or culture. Security metrics are not the only component of IT governance, as IT governance also involves other elements, such as leadership, strategy, structure, processes, or roles. Security metrics are not the only factor that can speed up the process of quantitative risk assessment, as quantitative risk assessment also depends on other inputs, such as asset value, threat frequency, vulnerability severity, or control effectiveness.

Answer : C

The business case justification is crucial as it outlines the reasons for making the change, including the benefits, costs, and impacts on the organization.It helps stakeholders understand why the change is necessary and aids in gaining their support34Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7: Security Operations, p. 457;Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 7: Security Operations, p. 868.

Answer : D

Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to establish a secure initial state. A TPM is a hardware device that provides cryptographic functions and secure storage for keys, certificates, passwords, and other sensitive data. A TPM can also measure and verify the integrity of the system components, such as the BIOS, boot loader, operating system, and applications, before they are executed. This process is known as trusted boot or measured boot, and it ensures that the system is in a known and trusted state before allowing access to the user or network.A TPM can also enable features such as disk encryption, remote attestation, and platform authentication12.Reference:1: What is a Trusted Platform Module (TPM)?32: Trusted Platform Module (TPM) Fundamentals4