ISC2 CISSP Exam Practice Test Instant Access

Question 1

Which of the fallowing statements is MOST accurate regarding information assets?

AInternational Organization for Standardization (ISO) 27001 compliance specifies which information assets must be included in asset inventory.

BS3 Information assets include any information that is valuable to the organization,

CBuilding an information assets register is a resource-intensive job.

DInformation assets inventory is not required for risk assessment.

Answer : B

Question 2

What is the MAIN purpose of conducting a business impact analysis (BIA)?

ATo determine the critical resources required to recover from an incident within a specified time period

BTo determine the effect of mission-critical information system failures on core business processes

CTo determine the cost for restoration of damaged information system

DTo determine the controls required to return to business critical operations

Answer : B

Question 3

What is the MAIN purpose of a security assessment plan?

AProvide guidance on security requirements, to ensure the identified security risks are properly addressed based on the recommendation

BProvide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments.

CProvide technical information to executives to help them understand information security postures and secure funding.

DProvide education to employees on security and privacy, to ensure their awareness on policies and procedures

Answer : B

Question 4

At which phase of the software assurance life cycle should risks associated with software acquisition strategies be identified?

AFollow-on phase

BPlanning phase

CMonitoring and acceptance phase

DContracting phase

Answer : C

Question 5

Which of the following are the B EST characteristics of security metrics?

AThey are generalized and provide a broad overview

BThey use acronyms and abbreviations to be concise

CThey use bar charts and Venn diagrams

DThey are consistently measured and quantitatively expressed

Answer : D

Question 6

Which of the following determines how traffic should flow based on the status of the infrastructure true?

AApplication plane

BData plane

CControl plane

DTraffic plane

Answer : D

Question 7

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-system gracefully handle invalid input?

ANegative testing

BIntegration testing

CUnit testing

DAcceptance testing

Answer : B

ISC2 Certified Information Systems Security Professional Exam Practice Test