(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests. Mike Chapple
Читать онлайн книгу.
the annual maintenance fees for the CISSP credential are $125 per year. This fee covers the renewal for all (ISC)2 certifications held by an individual.
The CISSP CPE requirement mandates earning at least 120 CPE credits during each three-year renewal cycle. Associates of (ISC)2 must earn at least 15 CPE credits each year. (ISC)2 provides an online portal where certificate holders may submit CPE completion for review and approval. The portal also tracks annual maintenance fee payments and progress toward recertification.
Using This Book to Practice
This book is composed of 12 chapters. Each of the first eight chapters covers a domain, with a variety of questions that can help you test your knowledge of real-world, scenario, and best-practice security knowledge. The final four chapters are complete practice exams that can serve as timed practice tests to help determine whether you're ready for the CISSP exam.
We recommend taking the first practice exam to help identify where you may need to spend more study time and then using the domain-specific chapters to test your domain knowledge where it is weak. Once you're ready, take the other practice exams to make sure you've covered all the material and are ready to attempt the CISSP exam.
Using the Online Practice Tests
All the questions in this book are also available in Sybex's online practice test tool. To get access to this online format, go to www.wiley.com/go/sybextestprep and start by registering your book. You'll receive a PIN code and instructions on where to create an online test bank account. Once you have access, you can use the online version to create your own sets of practice tests from the book questions and practice in a timed and graded setting.
Chapter 1 Security and Risk Management (Domain 1)
SUBDOMAINS
1.1 Understand, adhere to, and promote professional ethics
1.2 Understand and apply security concepts
1.3 Evaluate and apply security governance principles
1.4 Determine compliance and other requirements
1.5 Understand legal and regulatory issues that pertain to information security in a holistic context
1.6 Understand requirements for investigation types (i.e., administrative, criminal, civil, regulatory, industry standards)
1.7 Develop, document, and implement security policy, standards, procedures, and guidelines
1.8 Identify, analyze, and prioritize Business Continuity (BC) requirements
1.9 Contribute to and enforce personnel security policies and procedures
1.10 Understand and apply risk management concepts
1.11 Understand and apply threat modeling concepts and methodologies
1.12 Apply Supply Chain Risk Management (SCRM) concepts
1.13 Establish and maintain a security awareness, education, and training program
1 Alyssa is responsible for her organization's security awareness program. She is concerned that changes in technology may make the content outdated. What control can she put in place to protect against this risk?GamificationComputer-based trainingContent reviewsLive training
2 Gavin is creating a report to management on the results of his most recent risk assessment. In his report, he would like to identify the remaining level of risk to the organization after adopting security controls. What term best describes this current level of risk?Inherent riskResidual riskControl riskMitigated risk
3 Francine is a security specialist for an online service provider in the United States. She recently received a claim from a copyright holder that a user is storing information on her service that violates the third party's copyright. What law governs the actions that Francine must take?Copyright ActLanham ActDigital Millennium Copyright ActGramm Leach Bliley Act
4 FlyAway Travel has offices in both the European Union (EU) and the United States and transfers personal information between those offices regularly. They have recently received a request from an EU customer requesting that their account be terminated. Under the General Data Protection Regulation (GDPR), which requirement for processing personal information states that individuals may request that their data no longer be disseminated or processed?The right to accessPrivacy by designThe right to be forgottenThe right of data portability
5 After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?AcceptTransferReduceReject
6 Which one of the following elements of information is not considered personally identifiable information that would trigger most United States (U.S.) state data breach laws?Student identification numberSocial Security numberDriver's license numberCredit card number
7 Renee is speaking to her board of directors about their responsibilities to review cybersecurity controls. What rule requires that senior executives take personal responsibility for information security matters?Due diligence rulePersonal liability rulePrudent man ruleDue process rule
8 Henry recently assisted one of his co-workers in preparing for the CISSP exam. During this process, Henry disclosed confidential information about the content of the exam, in violation of Canon IV of the Code of Ethics: “Advance and protect the profession.” Who may bring ethics charges against Henry for this violation?Anyone may bring charges.Any certified or licensed professional may bring charges.Only Henry's employer may bring charges.Only the affected employee may bring charges.
9 Wanda is working with one of her organization's European Union business partners to facilitate the exchange of customer information. Wanda's organization is located in the United States. What would be the best method for Wanda to use to ensure GDPR compliance?Binding corporate rulesPrivacy ShieldStandard contractual clausesSafe harbor
10 Yolanda is the chief privacy officer for a financial institution and is researching privacy requirements related to customer checking accounts. Which one of the following laws is most likely to apply to this situation?GLBASOXHIPAAFERPA
11 Tim's organization recently received a contract to conduct sponsored research as a government contractor. What law now likely applies to the information systems involved in this contract?FISMAPCI DSSHIPAAGISRA
12 Chris is advising travelers from his organization who will be visiting many different countries overseas. He is concerned about compliance with export control laws. Which of the following technologies is most likely to trigger these regulations?Memory chipsOffice productivity applicationsHard drivesEncryption software
13 Bobbi is investigating a security incident and discovers that an attacker began with a normal user account but managed to exploit a system vulnerability to provide that account with administrative rights. What type of attack took place under the STRIDE threat model?SpoofingRepudiationTamperingElevation of privilege
14 You are completing your business continuity planning effort and have decided that you want to accept one of the risks. What should you do next?Implement new security controls to reduce the risk level.Design a disaster recovery plan.Repeat the business impact assessment.Document your decision-making process.
15 You are completing a review of the controls used to protect a media storage facility in your organization and would like to properly categorize each control that is currently in place. Which of the following control categories accurately describe a fence around a facility? (Select all that apply.)PhysicalDetectiveDeterrentPreventive
16 Tony is developing a business continuity plan and is having difficulty prioritizing resources because of the difficulty of combining information about tangible and intangible