CISSP Domain 2 Exam Questions –

Posted by SuperTechman

CISSP Domain 2 Practice Questions

What is the BEST way for an organization to protect corporate mobile devices such as smartphones, tablets, and laptop computers?

  •  Disable location for photos
  •  MDM policy
  •  Encrypt all data
  •  Password protection

Which of the following is NOT a trait of DRM?

  •  Product keys
  •  Watermarking
  •  Automatic failover
  •  Copy restriction

Andrew is the manager of the quality department and uses his RFID card to access the building, and later uses the same card to access his office. This would be considered which type of control?

  •  Physical
  •  Management
  •  Operational
  •  Technical

Obfuscation: The convoluting of code to such a degree that even if the source code is obtained, it is not easily decipherable.

Masking: A weak form of confidentiality assurance that replaces the original information with asterisks or X’s.

Matthew desires the best and most expensive security protection for his firm. Which of the following does he select?

  •  Passwords
  •  Fingerprint reader
  •  Smart cards
  •  Palm vein scanner

Crypto-shredding: The process of deliberately destroying the encryption keys that were used to encrypt the data originally.

Peter is setting up an IDS that is rule-based. A rule-based IDS does/contains which of the following?

  •  Recognizes new types of attacks
  •  Protocol recognition outside normal settings
  •  IF statements
  •  Can recognize patterns and multiple activities

Digital Rights Management (DRM): Focuses on security and encryption to prevent unauthorized copying limit distribution to only those who pay.

Homomorphic encryption: Enables processing of encrypted data without the need to decrypt the data. It allows the cloud customer to upload data to a cloud service provider for processing without the requirement to decipher the data first.

Nick needs to tighten security access into the server room and wants to add three-factor authentication. Which two should he combine along with a swipe card to enter the room?

  •  OTP
  •  Authenticator
  •  None
  •  Retina scan / PIN

Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category.

  • Data security controls
  • Data standards
  • Data custodians
  • Data classification

Kate, a security administrator, alerts her manager to unencrypted data that’s accessible to their customers and prospects. Why does her manager request she leave it unencrypted?

  •  The data is labeled sensitive
  •  The data is labeled public
  •  The data is labeled confidential
  •  The data is labeled top secret

The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities.

  • Clearing
  • Self-encrypting USB drives
  • Purging
  • Data modeling

Allows greater flexibility in applying encryption to specific file(s).

  • File encryption software
  • Categorization
  • Self-encrypting USB drives
  • Media encryption software

The critical point where a material’s intrinsic magnetic alignment changes direction.

  • Data remanence
  • Clearing
  • Media encryption software
  • Curie temperature

Ensure important datasets are developed, maintained, and accessible within their defined specifications.

  • Data classification
  • Data modeling
  • Data custodians
  • Data security controls

Wendy works for a U.S. government agency and comes across documents labeled with the following classifications. Which one has the lowest sensitivity?

  • Top Secret/SCI
  • Top Secret
  • Secret
  • Confidential

What European law currently covers the privacy of personal information?

What type of data is best protected using the TLS protocol?

  • Data in archived status
  • Data at rest
  • Data in motion
  • Data in use

Henry is replacing a legacy Telnet server and wishes to use a secure alternative. What protocol should he use?

Heidi is a security administrator tasked with finding users with weak passwords. Which attack would she attempt FIRST as part of this security audit?

  •  Rainbow tables
  •  Birthday
  •  Dictionary
  •  Brute force

Which one of the following data disposal methods is the LEAST secure way to remove data from magnetic media?

  • Destruction
  • Degaussing
  • Erasing
  • Purging

Craig needs an asset inventory system to help track hardware and software assets, as well as system updates and upgrades. Which of the following systems would assist her BEST?

  •  NESSUS
  •  CMDB
  •  SYSLOG
  •  SIEM

Which one of the following locations is an example of data in use?

  • Magnetic disk
  • SSD
  • RAM
  • Network transmission

Which one of the following data elements is an example of PII, when seen in isolation?

  • Work ZIP code
  • Gender
  • Home address
  • Age

John is the CEO of Generic Smartphones and is holding an emergency meeting with the CISO because their new unpublished phone designs were just published on the internet. He asks the CISO what more can be done since they already have an EDLP solution?

  •  Encrypt all network traffic
  •  Encrypt all hard drives
  •  Upgrade and enhance the EDLP solution
  •  Deploy an NDLP solution

What individual in an organization is responsible for updating the system security plan when a significant change occurs?

  • Asset owner
  • Business owner
  • Data processor
  • Data owner

Which one of the following characteristics is MOST important when assigning a data classification level?

  • Size of the data
  • Format of the data
  • Identity of data owner
  • Value of the data

Samantha learned on Linux systems that passwords are stored in a file called /etc/shadow. She uses the sudo command to view the contents of the file, and although she sees her username, she does not see her password. This is because?

  •  Passwords are kept within the /etc/passwd file
  •  A hash representation of her password is displayed
  •  Passwords are kept within the SAM file
  •  Passwords are kept within the /etc/password file

Which one of the following encryption technologies can be used to protect the data contained in a file sent via email in a manner that will remain encrypted after receipt?

What is the process of removing sensitive data from a system or storage device with the
intent that the data cannot be reconstructed by any known technique?

  • Purging
  • Encryption
  • Destruction
  • Clearing

Who has the PRIMARY responsibility to ensure that security objectives are aligned with
organization goals?

  • Senior management
  • Information security department
  • Audit committee
  • All users

Jessica’s security manager asks her to provide data as to whether they should stay on their RADIUS AAA server or move to TACACS. What are two differences between TACACS and RADIUS?

  •  TACACS transmits data via UDP, and RADIUS transmits data via TCP.
  •  TACACS encrypts all the data. RADIUS encrypts the username and password only.
  •  None
  •  TACACS encrypts all the data. RADIUS encrypts the password only. / TACACS transmits data via TCP, and RADIUS transmits data via UDP.

Your company outsourced the development of the customer relationship management system. The software development vendor requests customer profiles for stress testing. To simulate the real stress and performance, which of the following is the best testing data?

  • Large amount of actual customer data
  • Small amount of anonymized customer data
  • Large amount of pseudo-anonymized customer data
  • Small amount of tokenized customer data

Michael, a security manager, creates a naming system for various data depending on security needs. What is this process called?

  •  Prioritization
  •  Enumeration
  •  Categorization
  •  Classification

Ensuring the integrity of business information is the PRIMARY concern of

  • Encryption Security
  • Procedural Security.
  • Logical Security
  • On-line Security

Daniel, a systems administrator is investigating performance issues and verified that log files exist to help resolve slowness issues. What is her next step?

  •  Testing
  •  Processing
  •  Verification
  •  Validation

Which must bear the primary responsibility for determining the level of protection needed for
information systems resources?

  • IS security specialists
  • Senior Management
  • Seniors security analysts
  • system auditors

Shane has completed the asset inventory for his department and has assigned owners to the assets. What is his BEST next step?

  •  Handle assets based on classification
  •  Review and assess assets
  •  Classify the assets based on value
  •  Protect assets based on classification

A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functioning drives than equipment that is no longer operational. Which method of data sanitization would provide the most secure means of preventing unauthorized data loss, while also receiving the most money from the vendor?

  • Pinning
  • Single-pass wipe
  • Multi-pass wipes
  • Degaussing

An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution?

  • Compression
  • Caching
  • Replication
  • Deduplication

What is the BEST approach to anonymizing personally identifiable information (PII) in a test environment?

  • Swapping data
  • Randomizing data Most Voted
  • Encoding data
  • Encrypting data

After a user’s thumbprint has been enrolled for future authentication, what does their print get stored as?

  •  Image of their thumbprint
  •  Password
  •  Electronic image
  •  Hash

A control category that reacts after an incident is called:

  •  Directive
  •  Deterrent
  •  Corrective
  •  Preventative

Large United States companies that do not offer data subjects the right to be forgotten may not do which of the following?

  •  Operate anywhere in the world due to OECD
  •  Operate in the USA due to OECD
  •  Conduct business with European clientele due to GDPR
  •  Operate in the UAE

A USB drive is found lying on the floor near a user’s desk who only has access to unclassified documents. By default, we should assume this drive to have what clearance?

  •  Classified
  •  Unclassified
  •  Secret
  •  Top secret

What do the best performing biometric authentication systems have?

  •  The greatest type I error rate
  •  Low crossover error rate
  •  High crossover error rate
  •  The least type II error rate

Which of the following is a good example of a tablet’s antivirus?

  •  HIDS
  •  HIPS
  •  NIDS
  •  NIPS

Which of the following is NOT an SSO system?

  •  RADIUS
  •  CIRCUMFERENCE
  •  Kerberos
  •  DIAMETER

An SSO system is characterized by which of the following options?

  •  Provides a single username and password to access each system
  •  Provides a single username with various passwords to access resources
  •  Provides multiple usernames and passwords to access resources
  •  Provides a single username and password to access the entire network

Which of the following is considered defensible destruction of data?

  •  Wiping and encryption
  •  Curie destruction / SSD Cypto erase
  •  None
  •  Clearing

A social engineering attack where the hacker gains PII from garbage is known as?

  •  Garbage dumpster
  •  Dumpster pull
  •  Dumpster diving
  •  Garbage picking


Source link