« 返回题库列表2026 CISSP考试题库和答案|最新真题PDF下载+高频考点解析
问题 #1
The basic function of an FRDS is to?
A. Protect file servers from data loss and a loss of availability due to disk failure.
B. Persistent file servers from data gain and a gain of availability due to disk failure.
C. Prudent file servers from data loss and a loss of acceptability due to disk failure.
D. Packet file servers from data loss and a loss of accountability due to disk failure.
问题 #2
Which of the following protocols does not operate at the data link layer (layer 2)?
A. PPP
B. RARP
C. L2F
D. ICMP
问题 #3
This tape format can be used to backup data systems in addition to its original intended audio used by:
A. Digital Audio tape (DAT)
B. Digital video tape (DVT)
C. Digital Casio Tape (DCT)
D. Digital Voice Tape (DVT)
问题 #4
By examining the "state" and "context" of the incoming data packets, it helps to track the protocols that are considered "connectionless", such as UDP-based applications and Remote Procedure Calls (RPC). This type of firewall system is used in?
A. First generation firewall systems.
B. Second generation firewall systems.
C. Third generation firewall systems.
D. Fourth generation firewall systems.
问题 #5
Guards are appropriate whenever the function required by the security program involves which of the following?
A. The use of discriminating judgment.
B. The use of physical force.
C. The operation of access control devices.
D. The need to detect unauthorized access.
问题 #6
A server cluster looks like a?
A': "Single server from the user's point of view. ", 'B': "Dual server from the user's point of view.", 'C': "Tripe server from the user's point of view.", 'D': "Quardle server from the user's point of view."}
问题 #7
Which of the following are functions that are compatible in a properly segregated environment?
A. Application programming and computer operation.
B. System programming and job control analysis.
C. Access authorization and database administration.
D. System development and systems maintenance.
问题 #8
Encryption is applicable to all of the following OSI/ISO layers except:
A. Network layer
B. Physical layer
C. Session layer
D. Data link layer
问题 #9
The Computer Security Policy Model the Orange Book is based on is which of the following?
A. Bell-LaPadula
B. Data Encryption Standard
C. Kerberos
D. Tempest
问题 #10
Which type of attack would a competitive intelligence attack best classify as?
A. Business attack
B. Intelligence attack
C. Financial attack
D. Grudge attack
问题 #11
Which of the following is responsible for the most security issues?
A. Outside espionage
B. Hackers
C. Personnel
D. Equipment failure
问题 #12
Which of the following goals is NOT a goal of Problem Management?
A. To eliminate all problems.
B. To reduce failures to a manageable level.
C. To prevent the occurrence or re-occurrence of a problem.
D. To mitigate the negative impact of problems on computing services and resources.
问题 #13
Examples of types of physical access controls include all except which of the following?
A. badges
B. locks
C. guards
D. passwords
问题 #14
Which of the following statements pertaining to the (ISC)2 Code of Ethics is incorrect?
A. All information systems security professionals who are certified by (ISC)2 recognize that such a certification is a privilege that must be both earned and maintained.
B. All information systems security professionals who are certified by (ISC)2 shall provide diligent and competent service to principals.
C. All information systems security professionals who are certified by (ISC)2 shall discourage such behavior as associating or preparing to associate with criminals or criminal behavior.
D. All information systems security professionals who are certified by (ISC)2 shall promote the understanding and acceptance of prudent information security measures.
问题 #15
Which DES modes can best be used for authentication?
A. Cipher Block Chaining and Electronic Code Book.
B. Cipher Block Chaining and Output Feedback.
C. Cipher Block Chaining and Cipher Feedback.
D. Output Feedback and Electronic Code Book.
问题 #16
In the OSI / ISO model, at what layer are some of the SLIP, CSLIP, PPP control functions are provided?
A. Link
B. Transport
C. Presentation
D. Application
问题 #17
Which of the following best describes the purpose of debugging programs?
A. To generate random data that can be used to test programs before implementing them
B. To ensure that program coding flaws are detected and corrected.
C. To protect, during the programming phase, valid changes from being overwritten by other changes.
D. To compare source code versions before transferring to the test environment.
问题 #18
With RAID Level 5 the spare drives that replace the failed drives are usually hot swappable, meaning the can be replaced on the server while the?
A. System is up and running.
B. System is down and running.
C. System is in-between and running.
D. System is centre and running.
问题 #19
What is the process that RAID Level 0 uses as it creates one large disk by using several disks?
A. Striping
B. Mirroring
C. Integrating
D. Clustering
问题 #20
Which of the following is used to create and delete views and relations within tables?
A. SQL Data Definition Language
B. SQL Data Manipulation Language
C. SQL Data Relational Language
D. SQL Data Identification Language
问题 #21
Which division of the Orange Book deals with discretionary protection (need-to-know)?
问题 #22
The Diffie-Hellman algorithm is used for?
A. Encryption
B. Digital signature
C. Key exchange
D. Non-repudiation
问题 #23
Primary run when time and tape space permits, and is used for the system archive or baselined tape sets is the?
A. Full backup method.
B. Incremental backup method.
C. Differential backup method.
D. Tape backup method.
问题 #24
Which of the following teams should not be included in an organization's contingency plan?
A. Damage assessment team.
B. Hardware salvage team.
C. Tiger team.
D. Legal affairs team.
问题 #25
When an organization takes reasonable measures to ensure that it took precautions to protect its network and resources is called:
A. Reasonable Action
B. Security Mandate
C. Due Care
D. Prudent Countermeasures
问题 #26
What two things below are associated with security policy?(Choose Two)
A. Support of upper management
B. Support of department managers
C. Are tactical in nature
D. Are strategic in nature
E. Must be developed after procedures
F. Must be developed after guidelines
问题 #27
Total risk is equal to:(Choose All That Apply)
A. Threat
B. Vulnerability
C. Frequency
D. Asset value
E. Asset loss
问题 #28
Government data classifications include which of the following:(Choose three)
A. Open
B. Unclassified
C. Confidential
D. Private
E. Secret
F. Top Secret
问题 #29
Job rotation is important because:
A. It insures your employees are cross-trained.
B. It increases job satisfaction.
C. It reduces the opportunity for fraud
问题 #30
Your co-worker is studying for the CISSP exam and has come to you with a question. What is ARP poisoning?
A. Flooding of a switched network
B. A denial of service that uses the DNS death ping
C. Turning of IP to MAC resolution
D. Inserting a bogus IP and MAC address in the ARP table
E. Modifying a DNS record
问题 #31
What is the best description for CHAP Challenge Handshake Authentication Protocol?
A. Passwords are sent in clear text
B. Passwords are not sent in clear text
C. Passwords are not used, a digital signature is sent
D. It is substandard to PAP
问题 #32
CSMA/CD computers cannot communicate without a token.(True/False)
问题 #33
__________ sends out a message to all other computers indicating it is going to send out data.
A. CSMA/CD
B. CSMA/CA
C. CSMA/HB
D. PPP
E. SLIP
问题 #34
Which of the following best describes ISDN BRI(Choose two)
A. 2 B channels
B. 4 B channels
C. 23 B channels
D. 1 D channel
E. 2 D channels
问题 #35
The top speed of ISDN BRI is 256 KBS.(True/False)
问题 #36
Which of the following should NOT be implemented to protect PBX's?(Choose all that apply)
A. Change default passwords and configurations
B. Make sure that maintenance modems are on 24/7
C. Review telephone bill regularly
D. Block remote calling after business hours
E. Post PBX configuration and specs on the company website
问题 #37
Which of the following best describes the difference between a circuit based and application based firewall?
A. Application based is more flexible and handles more protocols
B. Circuit based provides more security
C. Application based builds a state table
D. Circuit based looks at IP addresses and ports
E. Circuit based firewalls are only found in Cisco routers
问题 #38
_________ is the fraudulent use of telephone services.
A. Rolling
B. Warzing
C. Wardriving
D. Wardialing
E. Phreaking
问题 #39
What is another name for a VPN?
A. Firewall
B. Tunnel
C. Packet switching
D. Pipeline
E. Circuit switching
问题 #40
Which of the following is a connection-orientated protocol?
A. IP
B. UDP
C. TCP
D. ICMP
E. SNMP
F. TFTP
问题 #41
Which of the following is not considered firewall technology?
A. Screened subnet
B. Screened host
C. Duel gateway host
D. Dual homed host
问题 #42
Which type of network topology passes all traffic through all active nodes?
A. Broadband
B. Star
C. Baseband
D. Token Ring
问题 #43
The act of validating a user with a unique and specific identifier is called what?
A. Validation
B. Registration
C. Authentication
D. Authorization
E. Identification
问题 #44
Why is fiber the most secure means of transmission?
A. High speed multiplexing
B. Interception of traffic is more difficult because it is optically based
C. Higher data rates make it more secure
D. Multiplexing prevents traffic analysis
E. Built-in fault tolerance
问题 #45
The IAB defines which of the following as a violation of ethics?
A. Performing a DoS
B. Downloading an active control
C. Performing a penetration test
D. Creating a virus
E. Disrupting Internet communications
问题 #46
A chain of custody shows who ______ _________ and _________.(Choose three)
A. Who controlled the evidence
B. Who transcribed the evidence
C. Who validated the evidence
D. Who presented the evidence
E. Secured the evidence
F. Obtained the evidence
问题 #47
Good forensics requires the use of a bit level copy?(True/False)
问题 #48
Which agency shares the task of investigating computer crime along with the FBI?
A. Secret Service
B. CIA
C. Department of justice
D. Police force
E. NSA
问题 #49
This type of password recovery is considered more difficult and must work through all possible combinations of numbers and characters.
A. Passive
B. Active
C. Dictionary
D. Brute force
E. Hybrid
问题 #50
_______ are added to Linux passwords to increase their randomness.
A. Salts
B. Pepper
C. Grains
D. MD5 hashes
E. Asymmetric algorithms
问题 #51
The Linux root user password is typically kept in where?(Choose two)
A. etc/shadow
B. cmd/passwd
C. etc/passwd
D. windows/system32
E. var/sys
F. var/password
问题 #52
The goal of cryptanalysis is to ____________.
A. Determine the number of encryption permutations required
B. Reduce the system overhead for a crypto-system
C. Choose the correct algorithm for a specified purpose
D. Forge coded signals that will be accepted as authentic
E. Develop secure crypto-systems
问题 #53
If an employee is suspected of computer crime and evidence need to be collected, which of the following departments must be involved with the procedure?
A. Public relations
B. Law enforcement
C. Computer security
D. Auditing
E. HR
问题 #54
What is it called when a system has apparent flaws that were deliberately available for penetration and exploitation?
A. A jail
B. Investigation
C. Enticement
D. Data manipulation
E. Trapping
问题 #55
Why are computer generated documents not considered reliable?
A. Difficult to detect electron tampering
B. Stored in volatile media
C. Unable to capture and reproduce
D. Too delicate
E. Because of US law, Section 7 paragraph 154
问题 #56
What is the name of the software that prevents users from seeing all items or directories on a computer and is most commonly found in the UNIX/Linux environment?
A. Shell Kits
B. Root Kits
C. Ethereal
D. Shadow data
E. Netbus
问题 #57
What is a commercial application of steganography that is used to identify pictures or verify their authenticity?
A. A MAC
B. A digital checksum
C. A MD5 hash
D. A digital signature
E. A watermark
问题 #58
What are the basic questions that must be asked at the beginning of any investigation?(Choose all that apply)
A. Who
B. Cost
C. What
D. When
E. Where
F. How
G. Time frame
H. Budget
问题 #59
Risk can be eliminated.(True/False)
问题 #60
Employees are a greater risk to employers than outsiders. T/F(True/False)
问题 #61
When an organization takes reasonable measures to ensure that it took precautions to protect its network and resources is called:
A. Reasonable Action
B. Security Mandate
C. Due Care
D. Prudent Countermeasures
问题 #62
Total risk is equal to:(Choose All That Apply)
A. Threat
B. Vulnerability
C. Frequency
D. Asset value
E. Asset loss
问题 #63
Government data classifications include which of the following:(Choose three)
A. Open
B. Unclassified
C. Confidential
D. Private
E. Secret
F. Top Secret
问题 #64
Your co-worker is studying for the CISSP exam and has come to you with a question. What is ARP poisoning?
A. Flooding of a switched network
B. A denial of service that uses the DNS death ping
C. Turning of IP to MAC resolution
D. Inserting a bogus IP and MAC address in the ARP table
E. Modifying a DNS record
问题 #65
__________ sends out a message to all other computers indicating it is going to send out data.
A. CSMA/CD
B. CSMA/CA
C. CSMA/HB
D. PPP
E. SLIP
问题 #66
The top speed of ISDN BRI is 256 KBS.(True/False)
问题 #67
Which of the following should NOT be implemented to protect PBX's?(Choose all that apply)
A. Change default passwords and configurations
B. Make sure that maintenance modems are on 24/7
C. Review telephone bill regularly
D. Block remote calling after business hours
E. Post PBX configuration and specs on the company website
问题 #68
_________ is the fraudulent use of telephone services.
A. Rolling
B. Warzing
C. Wardriving
D. Wardialing
E. Phreaking
问题 #69
What is another name for a VPN?
A. Firewall
B. Tunnel
C. Packet switching
D. Pipeline
E. Circuit switching
问题 #70
Which of the following can be used to defeat a call-back security system?
A. Call waiting
B. Passive wiretapping
C. Active wiretapping
D. Brute force password attacks
E. Call forwarding
问题 #71
Which type of network topology passes all traffic through all active nodes?
A. Broadband
B. Star
C. Baseband
D. Token Ring
问题 #72
Why is fiber the most secure means of transmission?
A. High speed multiplexing
B. Interception of traffic is more difficult because it is optically based
C. Higher data rates make it more secure
D. Multiplexing prevents traffic analysis
E. Built-in fault tolerance
问题 #73
A chain of custody shows who ______ _________ and _________.(Choose three)
A. Who controlled the evidence
B. Who transcribed the evidence
C. Who validated the evidence
D. Who presented the evidence
E. Secured the evidence
F. Obtained the evidence
问题 #74
Which agency shares the task of investigating computer crime along with the FBI?
A. Secret Service
B. CIA
C. Department of justice
D. Police force
E. NSA
问题 #75
This type of password recovery is considered more difficult and must work through all possible combinations of numbers and characters.
A. Passive
B. Active
C. Dictionary
D. Brute force
E. Hybrid
问题 #76
The Linux root user password is typically kept in where?(Choose two)
A. etc/shadow
B. cmd/passwd
C. etc/passwd
D. windows/system32
E. var/sys
F. var/password
问题 #77
What is it called when a system has apparent flaws that were deliberately available for penetration and exploitation?
A. A jail
B. Investigation
C. Enticement
D. Data manipulation
E. Trapping
问题 #78
What is the name of the software that prevents users from seeing all items or directories on a computer and is most commonly found in the UNIX/Linux environment?
A. Shell Kits
B. Root Kits
C. Ethereal
D. Shadow data
E. Netbus
问题 #79
What does the term "red boxing" mean?
A. Denial of Service
B. Telephone voltage manipulation
C. Sounds of coins dropping
D. Tone manipulation
E. A salami attack
问题 #80
Which of the following is the proper lifecycle of evidence?
A. A Collection, storage, present in court, destroy
B. Collection, transportation, storage, return to owner
C. Collection, present in court, transportation, return to owner
D. Collection, analysis, storage, present in court, return to owner
E. Collection, storage, transportation, present in court, return to owner
问题 #81
A copy of a computer disk would be what type of evidence?
A. Secondary
B. Best
C. Hearsay
D. Direct
E. Indirect
问题 #82
A copyright protects _________.
A. The trade secrets of a company
B. A persons private papers
C. An invention
D. An expression or an idea
E. Distinguishing or unique characters, colors, or words
问题 #83
________ is a ________ attack that eavesdrops on communication. (Choose two)
A. Passive
B. Active
C. Brute force
D. Wiretapping
E. Password cracking
问题 #84
What types of laws are considered standards of performance or conduct expected by government agencies from companies, industries, and certain officials.(Chose all that apply)
A. Civil
B. Criminal
C. Administrative
D. Regulatory
E. Tort
问题 #85
Sandra's employer is considering placing login banners on all company computers to indicate to the users about the permitted use of company computers. What is this called?
A. Employee privacy law
B. Employee policies
C. Employee regulations
D. User policies
E. Acceptable use policy
问题 #86
________ deemed proprietary to a company and can be information that provides a competitive edge.
A. Trade secrets are
B. Copyrights are
C. Restricted information is
D. Information marked strictly private is
问题 #87
Sandra is studying for her CISSP exam. Sandra has come to you for help and wants to know what the last step in the change control process is?
A. Validated and approved
B. Test and implement
C. Review and approve
D. Report change to management
E. Inform user of change
问题 #88
Who is ultimately responsible for the security of an organization?
A. Management
B. Senior management
C. The chief security officer
D. Department heads
E. Employees
问题 #89
Which of the following falls under the categories of configuration management?(Choose three)
A. Operating system configuration
B. Software configuration
C. Hardware configuration
D. Logical configuration
E. Physical configuration
问题 #90
Macro viruses infect what type of files.
A. Microsoft office files
B. Mail servers
C. E-mail messages
D. Web browsers
E. Linux Kernel files
问题 #91
What is another name for rows and columns within relational databases?(Choose two)
A. Attributes
B. Keys
C. Tuples
D. Views
E. Attributes
问题 #92
Which of the following can reproduce itself without the help of system applications or resources?
A. Trojan
B. Logic bomb
C. Virus
D. Worm
E. Backdoor
问题 #93
What is the final stage of the system development life cycle?
A. Certification
B. Validation
C. Evaluation
D. Implementation
E. Maintenance
F. Installation
问题 #94
A polymorphic virus is _____________.
A. A virus that makes copies of itself and then makes changes to those copies
B. A virus that can make itself stealth
C. A virus that is written in a macro language
D. A virus that is written in visual basic
E. A virus that infects the boot sector of a hard drive
问题 #95
Which one of the following is identified by a business impact analysis?(Choose three)
A. Determining regulatory requirements
B. Analyzing the threats associated with each functional area
C. Determining the risk associated with each threat
D. Identifying the major functional areas of information
E. Determining the team members that will be associated with disaster planning
问题 #96
_______ are the step-by-step instructions used to satisfy control requirements.
A. Policy
B. Procedure
C. Guideline
D. Standard
E. Outline
问题 #97
Which of the following are controls that can be used to secure faxing of sensitive data?(Choose all that apply)
A. Disable automatic printing
B. Print "sensitive document banner" on each page
C. Fax encryptor
D. Send to email boxes instead of printing
E. Restrict the use of fax machines that use a ribbon or duplication cartridge
问题 #98
Which of the following are considered administrative controls?(Choose all that apply)
A. Rotation of duties
B. Separation of duties
C. Implementation of WEP keys
D. Enforcing mandatory vacations
问题 #99
Why should organizations enforce separation of duties?
A. It ensures compliance with federal union rules
B. It helps verify that all employees know their job tasks
C. It provides for a better work environment
D. It encourages collusion
E. It is considered valuable in deterring fraud
问题 #100
What is the most secure way to dispose of data held on a CD?
A. Reformatting
B. Sanitizing
C. Physical destruction
D. Degaussing
问题 #101
What is the most accepted way to dispose data held on a floppy disk?
A. Reformatting
B. Sanitizing
C. Physical destruction
D. Degaussing
问题 #102
Which of the following is NOT an attack against operations?
A. Morris Worm
B. SYN Denial of Service
C. Buffer Overflow
D. Brute force
E. Known plain text attack
问题 #103
Which one of the following tools can be used to launch a Distributed Denial of service attack against a network?
A. Satan
B. Saint
C. Trinoo
D. Nmap
E. Netcat
问题 #104
Which one of the following network attacks takes advantages of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?
A. Teardrop
B. Smurf
C. Ping of Death
D. SYN flood
E. SNMP Attack
问题 #105
____________ is the first step of access control.
A. Identification
B. Authorization
C. Validation
D. Interrogation
E. Accountability logging
问题 #106
What is a Type 2 authentication factor?
A. Something you know
B. Something you are
C. Something you have
问题 #107
_______ requires that two entities work together to complete a task?
A. Rotation of duties
B. Separation of duties
C. Dual controls
D. Enforced mandatory vacations
E. Workplace rules
问题 #108
Computer security is generally considered the responsibility of everyone in the organization.(True/False)
问题 #109
Which access control method uses security policies and security awareness training to stop or deter an unauthorized activity from occurring?
A. Administrative
B. Preventative
C. Detective
D. Authoritative
E. Corrective
问题 #110
The Secure Hash Algorithm (SHA) is specified in?
A. Digital Encryption Standard
B. Digital Signature Standard
C. Digital Encryption Standard
D. Advanced Encryption Standard
E. NSA 1403
问题 #111
Which of the following is an example of a symmetric key algorithm?(Choose all that apply)
A. Rijndael
B. RSA
C. Diffie-Hellman
D. Knapsack
E. IDEA
闽公网安备 35012102500533号
|
闽ICP备18010967号-7