59: What is the FIRST step that should be considered in a penetration test? A. The approval of change control management. B. The development of a detailed test plan. C. The formulation of specific management objectives. D. The communication process among team members.100: Which of the following provide network redundancy in a local network environment? A.) Mirroring B.) Shadowing C.) Dual backbones D.) Duplexing98: What is it called when a computer uses more than one CPU in parallel to execute instructions? A.) Multiprocessing B.) Multitasking C.) Multithreading D.) Parallel running70: What is the Maximum Tolerable Downtime (MTD): A.) Maximum elapsed time required to complete recovery of application data B.) Minimum elapsed time required to complete recovery of application data C.) Maximum elapsed time required to move back to primary site a major disruption D.) It is maximum delay businesses that can tolerate and still remain viable72: Which of the following questions is less likely to help in assessing physical and environmental protection? A.) Are entry codes changed periodically? B.) Are appropriate fire suppression and prevention devices installed and working? C.) Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? D.) Is physical access to data transmission lines controlled?89: Which of the following computer crime is more often associated with insiders? A.) IP spoofing B.) Password sniffing C.) Data diddling D.) Denial of Service (DOS)87: Which of the following measures would be the BEST deterrent to the theft of corporate information from a laptop which was left in a hotel room? A.) Store all data on disks and lock them in an in-room safe B.) Remove the batteries and power supply from the laptop and store them separately from the computer C.) Install a cable lock on the laptop when it is unattended D.) Encrypt the data on the hard drive99: What is the main purpose of undertaking a parallel run of a new system? A.) Resolve any errors in the program and file interfaces B.) Verify that the system provides required business functionality C.) Validate the operation of the new system against its predecessor D.) Provide a backup of the old system88: To support legacy applications that rely on risky protocols (e.g,, plain text passwords), which one of the following can be implemented to mitigate the risks on a corporate network? A. Implement strong centrally generated passwords to control use of the vulnerable applications. B. Implement a virtual private network (VPN) with controls on workstations joining the VPN. C. Ensure that only authorized trained users have access to workstations through physical access control. D. Ensure audit logging is enabled on all hosts and applications with associated frequent log reviews.90: The technique of skimming small amounts of money from multiple transactions is called the CISSP Actualtests.com - The Power of Knowing A. Scavenger technique B. Salami technique C. Synchronous attack technique D. Leakage technique91: What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account? A.) Data fiddling B.) Data diddling C.) Salami techniques D.) Trojan horses85: One method to simplify the administration of access controls is to group A. Capabilities and privileges B. Objects and subjects C. Programs and transactions D. Administrators and managers73: A common Limitation of information classification systems is the INABILITY to A. Limit the number of classifications. B. Generate internal labels on diskettes. C. Declassify information when appropriate. D. Establish information ownership.66: Qualitative loss resulting from the business interruption does not include: A.) Loss of revenue B.) Loss of competitive advantage or market share C.) Loss of public confidence and credibility D.) Public embarrassment92: What is the act of willfully changing data, using fraudulent input or removal of controls called? A. Data diddling B. Data contaminating C. Data capturing D. Data trashing84: This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and privileges that what is required for the tasks the user needs to fulfill. What best describes this scenario? A.) Excessive Rights B.) Excessive Access C.) Excessive Permissions D.) Excessive Privileges64: If your property insurance has Actual Cost Evaluation (ACV) clause your damaged property will be compensated: A.) Based on the value of the item on the date of loss B.) Based on new item for old regardless of condition of lost item C.) Based on value of item one month before loss D.) Based on value of item on the date of loss plus 10 percent86: Cryptography does not concern itself with: A.) Availability B.) Integrity C.) Confidentiality D.) Authenticity CISSP Actualtests.com - The Power of Knowing68: Valuable paper insurance coverage does not cover damage to which of the following? A.) Inscribed, printed and written documents B.) Manuscripts C.) Records D.) Money and Securities82: Which of the following rules is less likely to support the concept of least privilege? A.) The number of administrative accounts should be kept to a minimum B.) Administrators should use regular accounts when performing routing operations like reading mail C.) Permissions on tools that are likely to be used by hackers should be as restrictive as possible D.) Only data to and from critical systems and applications should be allowed through the firewall
Explore Features
Discover the full suite of AI-powered study tools.
Study Plan
Build a personalized study schedule powered by AI.
Record Lecture
Capture and generate enhanced notes from your lectures.
Notes
Automatically generate comprehensive notes from any course material.
Calendar
Plan personalized study sessions with AI-assisted scheduling
Tutor Me
Get comprehensive step-by-step explanations on any topic.
Spark.E Call
Have a live voice conversation with your AI tutor.
Spark.E Visuals
Analyze diagrams, charts, and images with AI-powered explanations.
Audio Recap
Generate podcast-style audio summaries of your study materials.
Explainer Video
Turn any topic into an AI-generated educational video.
Flashcards
Create smart flashcard decks from your study materials with one click.
QuizFetch
Auto-generated quizzes from your uploaded content.
Arcade
Learn through interactive study games.
Exam-Specific Questions
Practice with real exam formats and questions.
Practice Tests
Simulate full-length exams from your material.
Essay Grader
Receive personalized feedback and grading on your essays.
Plugins
Shape the way Spark.E teaches you.
Mini Apps
Explore interactive study apps or build your own.