ISC2 Certified Information Systems Security Professional CISSP Exam Practice Test

Answer : C

Authentication by ownership is stronger than authentication by knowledge because it is more difficult to duplicate. Authentication by ownership is a type of authentication that relies on something that the user possesses, such as a smart card, a token, or a biometric feature. Authentication by knowledge is a type of authentication that relies on something that the user knows, such as a password, a PIN, or a security question. Authentication by ownership is more difficult to duplicate than authentication by knowledge, as it requires physical access, specialized equipment, or sophisticated techniques to copy or forge the authentication factor. Authentication by knowledge is easier to duplicate than authentication by ownership, as it may be guessed, cracked, or stolen by various methods, such as brute force, social engineering, or phishing. Authentication by ownership is not necessarily easier to change, simpler to control, or more convenient to keep on the user's person than authentication by knowledge, as these factors may depend on the specific implementation and context of the authentication system.Reference:Official (ISC)2 Guide to the CISSP CBK, Fifth Edition, Chapter 5: Identity and Access Management, page 247.

Answer : B

Statistical analysis is used to detect steganography. Steganography is the technique of hiding information within another information, such as embedding a secret message in an image, audio, or video file. Statistical analysis is a method of examining the characteristics and patterns of the data, such as the frequency, distribution, and correlation of the values. Statistical analysis can reveal anomalies or deviations from the expected or normal behavior of the data, which may indicate the presence of hidden information. For example, statistical analysis can compare the histogram of an image file with and without steganography, and detect any significant changes in the color or brightness values.Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 6: Cryptography and Symmetric Key Algorithms, page 295.Free daily CISSP practice questions, Question 5.

Answer : D

Data remanence refers to the residual information left on magnetic storage media after a deletion or erasure. Data remanence is a security risk, as it may allow unauthorized or malicious parties to recover the deleted or erased data, which may contain sensitive or confidential information. Data remanence can be caused by the physical properties of the magnetic storage media, such as hard disks, floppy disks, or tapes, which may retain some traces of the data even after it is overwritten or formatted. Data remanence can also be caused by the logical properties of the file systems or operating systems, which may not delete or erase the data completely, but only mark the space as available or remove the pointers to the data.Data remanence can be prevented or reduced by using secure deletion or erasure methods, such as cryptographic wiping, degaussing, or physical destruction56Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 7: Security Operations, p. 443;Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 7: Security Operations, p. 855.

Answer : B

Security continuous monitoring is the program in which it is most important to include the collection of security process data. Security process data is the data that reflects the performance, effectiveness, and compliance of the security processes, such as the security policies, standards, procedures, and guidelines. Security process data can include metrics, indicators, logs, reports, and assessments. Security process data can provide several benefits, such as:

Improving the security and risk management of the system by providing the visibility and awareness of the security posture, vulnerabilities, and threats

Enhancing the security and decision making of the system by providing the evidence and information for the security analysis, evaluation, and reporting

Increasing the security and improvement of the system by providing the feedback and input for the security response, remediation, and optimization

Security continuous monitoring is the program in which it is most important to include the collection of security process data, because it is the program that involves maintaining the ongoing awareness of the security status, events, and activities of the system. Security continuous monitoring can enable the system to detect and respond to any security issues or incidents in a timely and effective manner, and to adjust and improve the security controls and processes accordingly. Security continuous monitoring can also help the system to comply with the security requirements and standards from the internal or external authorities or frameworks.

The other options are not the programs in which it is most important to include the collection of security process data, but rather programs that have other objectives or scopes. Quarterly access reviews are programs that involve reviewing and verifying the user accounts and access rights on a quarterly basis. Quarterly access reviews can ensure that the user accounts and access rights are valid, authorized, and up to date, and that any inactive, expired, or unauthorized accounts or rights are removed or revoked. However, quarterly access reviews are not the programs in which it is most important to include the collection of security process data, because they are not focused on the security status, events, and activities of the system, but rather on the user accounts and access rights. Business continuity testing is a program that involves testing and validating the business continuity plan (BCP) and the disaster recovery plan (DRP) of the system. Business continuity testing can ensure that the system can continue or resume its critical functions and operations in case of a disruption or disaster, and that the system can meet the recovery objectives and requirements. However, business continuity testing is not the program in which it is most important to include the collection of security process data, because it is not focused on the security status, events, and activities of the system, but rather on the continuity and recovery of the system. Annual security training is a program that involves providing and updating the security knowledge and skills of the system users and staff on an annual basis. Annual security training can increase the security awareness and competence of the system users and staff, and reduce the human errors or risks that might compromise the system security. However, annual security training is not the program in which it is most important to include the collection of security process data, because it is not focused on the security status, events, and activities of the system, but rather on the security education and training of the system users and staff.

Answer : A

Preventive controls are the most suitable for a system identified as critical in terms of data and function to the organization, because they aim to prevent or deter threats from compromising the system's confidentiality, integrity, and availability. Examples of preventive controls include encryption, authentication, access control, firewalls, antivirus software, and backup systems. Monitoring, cost, and compensating controls are not as effective as preventive controls for protecting critical systems, because they either detect, measure, or mitigate the impact of threats after they have occurred, rather than preventing them in the first place. Reference: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1: Security and Risk Management, page 22. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 1: Security and Risk Management, page 35.

Answer : B

Code reviews are the best way to check for good security programming practices, as well as auditing for possible backdoors, in a software system. Code reviews involve examining the source code of the software for any errors, vulnerabilities, or malicious code that could compromise the security or functionality of the system. Code reviews can be performed manually by human reviewers, or automatically by tools that scan and analyze the code. The other options are not as effective as code reviews, as they either do not examine the source code directly (A and C), or only detect syntactic or semantic errors, not logical or security flaws (D).Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8, page 463;Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 8, page 555.

Answer : A

The World Trade Organization's (WTO) agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) requires authors of computer software to be given the right to refuse or permit commercial rentals. TRIPS is an international treaty that sets the minimum standards and rules for the protection and enforcement of intellectual property rights, such as patents, trademarks, or copyrights. TRIPS requires authors of computer software to be given the right to refuse or permit commercial rentals, which means that they can control whether their software can be rented or leased to others for profit. This right is intended to prevent the unauthorized copying or distribution of the software, and to ensure that the authors receive fair compensation for their work. The other options are not the rights that TRIPS requires authors of computer software to be given, but rather different or irrelevant concepts. The right to disguise the software's geographic origin is not a right, but rather a violation, of TRIPS, as it can mislead or deceive the consumers or authorities about the source or quality of the software. The ability to tailor security parameters based on location is not a right, but rather a feature, of some software, such as encryption or authentication software, that can adjust the security settings or functions according to the location or jurisdiction of the user or device. The ability to confirm license authenticity of their works is not a right, but rather a benefit, of some software, such as digital rights management or anti-piracy software, that can verify or validate the license or ownership of the software.Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, p. 40;Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 5, p. 302.