2026 CISSP模拟题及答案｜最新考试真题+题库资料下载

A. The item's classification

B. The item's classification and category set

C. The item's category

D. The items' need to know

A. Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files.

B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack.

C. They both involve rewriting the medi

A.

D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.

A. Discretionary access control

B. Label-based access control

C. Mandatory access control

D. Non-discretionary access control

A. Quality of the data to be processed

B. Nature of the disaster

C. Criticality of the operations affected

D. Applications that are mainframe based

A. Physical control

B. Least privilege

C. Separation of duties

D. Collusion

A. Social engineering

B. Eavesdropping

C. Passive attacking

D. Dumpster diving

A. Ping of Death

B. Smurf

C. SYN flooding

D. Man-in-the-middle

A. boot sector

B. parasitic

C. stealth

D. polymorphic

A. dc=Shon Harris,cn=LogicalSecurity,dc=com

B. cn=Shon Harris,dc=LogicalSecurity,cn=com

C. cn=Shon Harris,cn=LogicalSecurity,dc=com

D. cn=Shon Harris,dc=LogicalSecurity,dc=com

A. An administrative control

B. A technical control

C. An environmental control

D. A physical control

A. Floppy disks can propagate such viruses.

B. These viruses can infect many types of environments.

C. Anti-virus software is usable to remove the viral code.

D. These viruses almost exclusively affect the operating system.

A. Software process assessments and software capability evaluations are essentially identical, and there are no major differences between the two.

B. Software capability evaluations determine the state of an organizations current software process and are used to gain support from within the organization for a software process improvement program; software process assessments are used to identify contractors who are qualified to develop software or to monitor the state of the software process in a current software project.

C. Software process assessments are used to develop a risk profile for source selection; software capability evaluations are used to develop an action plan for continuous process improvement.

D. Software process assessments determine the state of an organizations current software process and are used to gain support from within the organization for a software process improvement program; software capability evaluations are used to identify contractors who are qualified to develop software or to monitor the state of the software process in a current software project.

A. through access control mechanisms that require identification and authentication and through the audit function.

B. through logical or technical controls involving the restriction of access to systems and the protection of information

C. through logical or technical controls but not involving the restriction of access to systems and the protection of information.

D. through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

A. Reduces stress levels, thereby lowering insurance claims.

B. Improves morale, thereby decreasing errors.

C. Increases potential for discovering frauds.

D. Reduces dependence on critical individuals.

A. Recipients can verify the software's integrity after downloading.", 'B. Recipients can confirm the authenticity of the site from which they are downloading the patch.

C. Recipients can request future updates to the software by using the assigned hash value.

D. Recipients need the hash value to successfully activate the new software.

A. Distinguished name of the subject

B. Telephone number of the department

C. Secret key of the issuing CA

D. The key pair of the certificate holder

A. The period for to the user within he must make a revocation request upon a revocation reason

B. Minimum response time for performing a revocation by the CA

C. Maximum response time for performing a revocation by the CA

D. Time period between the arrival of a revocation reason and the publication of the revocation information

A. Certificate issuer and the Digital Signature Algorithm identifier', "B. User's private key and the identifier of the master key code", 'C. Name of secure channel and the identifier of the protocol type

D. Key authorization and identifier of key distribution center

A. Generating excessive broadcast packets.

B. Creating a high number of half-open connections.

C. Inserting repetitive Internet Relay Chat (IRC) messages.

D. A large number of Internet Control Message Protocol (ICMP) traces.

A. Records are collected during the regular conduct of business

B. Records are collected by senior or executive management

C. Records are collected at or near the time of occurrence of the act being investigated

D. Records are in the custody of the witness on a regular basis

A. The Total Quality Model (TQM)

B. The IDEAL Model

C. The Software Capability Maturity Model

D. The Spiral Model

A. The Waterfall model.

B. The modified Waterfall model.

C. The Spiral model.

D. The Critical Patch Model (CPM).

A. TCP

B. ICMP

C. UDP

D. IGMP

A. A bottom-up approach allows interface errors to be detected earlier

B. A top-down approach allows errors in critical modules to be detected earlier', "C. The test plan and results should be retained as part of the system's permanent documentation", 'D. Black box testing is predicated on a close examination of procedural detail

A. Order an immediate refill with Halon 1201 from the manufacture

B. Contact a Halon recycling bank to make arrangements for a refill

C. Order a different chlorofluorocarbon compound from the manufacture

D. Order an immediate refill with Halon 1301 from the manufacture

A. Users do not need to remember multiple passwords, but access to many systems can be obtained by cracking only one password, making it less secure.

B. They allow the user to make use of very simple passwords; it puts undue burden on IT to administer the system.

C. They force the user to make use of stronger passwords; it makes it easier for users but encourages little attention to security policies.

D. They remove the burden of remembering multiple passwords from users; users need to type the same password when confronted with authentication requests for different resources.

A. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP

B. Java interpreters do not provide the ability to limit system access that an applet could have on a client system

C. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system

D. Java does not check the bytecode at runtime or provide other safety mechanisms for program isolation from the client system.

A. When the fire involves paper products

B. When the fire is caused by flammable products

C. When the fire involves electrical equipment

D. When the fire is in an enclosed area

A. Simple striping or mirroring.

B. Hard striping or mirroring.

C. Simple hamming code parity or mirroring.

D. Simple striping or hamming code parity.

A. If backup servers do not function correctly, the test will fail

B. A cutover test tests only the live load and not the switchover

C. A cutover test tests only the switchover and not the live load

D. If backup servers do not function correctly, critical business processes may fail

A. It puts access control into the hands of those most accountable for the information, but requires security labels for enforcement.

B. It puts access control into the hands of those most accountable for the information, but leads to inconsistencies in procedures and criteri

A.

C. It puts access control into the hands of IT administrators, but leads to procedures and criteria that are too rigid and inflexible.

D. It puts access control into the hands of IT administrators, but forces them to overly rely upon the file owners to implement the access controls IT puts in place.

A. Uninterruptible power supply (UPS) and power distribution unit (PDU)

B. Electric generator

C. Uninterruptible power supply (UPS)

D. Uninterruptible power supply (UPS) and electric generator

A. Leak the results of the investigation to the media

B. Cover up the results of the investigation

C. Deliver the results of the investigation and recommendations for next steps to his superiors

D. Notify law enforcement

A. System performance output data

B. Last user who accessed the device

C. Number of unsuccessful access attempts

D. Number of successful access attempts

A. Permanent cookies are stored in memory and session cookies are stored on the

B. Session cookies are stored in memory and permanent cookies are stored on the hard drive

C. Sensitive information should be held in permanent cookies, not session

D. Session cookies are not erased when a computer is shut down

A. Reduce the clipping level

B. Find a more effective encryption mechanism

C. Increase employee awareness through warning banners and training

D. Implement spyware protection that is integrated into the current antivirus product

A. They are less accurate

B. They are harder to circumvent than other mechanisms

C. Biometric systems achieve high CER values

D. They have less Type I errors than Type II errors

A. The directory has a tree structure to organize the entries using a parent-child configuration.

B. Each entry has a unique name made up of attributes of a specific object.

C. The attributes used in the directory are dictated by the defined schem

A.

D. The unique identifiers are called fully qualified names.

A. It cannot analyze encrypted information.

B. It is costly to remove.

C. It is affected by switched networks.

D. It is costly to manage.

A. Content access control is based on the sensitivity of the data and context access control is based on the prior operations.

B. Content access control is based on the prior operations and context access control is based on the sensitivity of the dat

A.

C. Context pertains to the use of database views and content access control pertains to tracking the requestor previous access requests.

D. Context pertains to the use of the DAC model and content pertains to the use of the MAC model.

A. IEEE 802.5 protocol for Ethernet cannot support encryption.

B. Ethernet is a broadcast technology.

C. Hub and spoke connections are highly multiplexed.

D. TCP/IP is an insecure protocol.

A. Once a user is authenticated a profile is generated based on his security token, which outlines what he is authorized to do within the network.

B. Once a user is authenticated a pre-configured profile is assigned to him, which outlines what he is authorized to do within the network.

C. Once the RADIUS client authenticates the user, the RADIUS server assigns him a pre-configured profile.

D. Once the RADIUS client authenticates the user, the client assigns the user a pre-configured profile.

A. Implement strong centrally generated passwords to control use of the vulnerable applications.

B. Implement a virtual private network (VPN) with controls on workstations joining the VPN.

C. Ensure that only authorized trained users have access to workstations through physical access control.

D. Ensure audit logging is enabled on all hosts and applications with associated frequent log reviews.

A. The first bit of the ip address would be set to zero

B. The first bit of the ip address would be set to one and the second bit set to zero

C. The first two bits of the ip address would be set to one, and the third bit set to zero

D. The first three bits of the ip address would be set to one

A. AVPs are the constructs that outline how two entities will communicate. Diameter has many more AVPs, which allow for the protocol to have more capabilities than RADIUS.

B. AVPs are the protocol parameters used between communicating entities. Diameter has less AVPs, which allow for the protocol to have more capabilities than RADIUS.

C. AVPs are the security mechanisms that provide confidentiality and integrity for data being passed back and forth between entities. Diameter has many more AVPs, which allow for the protocol to have more security capabilities than RADIUS.

D. AVPs are part of the TCP protocol. Diameter uses AVPs, because it uses TCP and RADIUS uses UDP.

A. Block cipher

B. Stream cipher

C. Running key cipher

D. Vernam cipher

A. Clipping levels set a baseline for normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred

B. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant

C. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to usercodes with a privileged status

D. Clipping levels enable a security administrator to view all reductions in security levels which have been made to usercodes which have incurred violations

A. Assigning information classifications

B. Dictating how data should be protected

C. Verifying the availability of data

D. Determining how long to retain data

A. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your user profile groups.

B. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your organizations structure.

C. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ticketing system.

D. It allows you to specify and enforce enterprise-specific security policies in a way that maps to your ACL.

A. Header has the same source and destination address and can be identified by a statistical anomaly-based IDS.

B. Header has no source and destination addresses and can be identified by a signature-based IDS.

C. Header has the same source and destination address and can be identified by a traffic-based IDS.

D. Header has the same source and destination address and can be identified by a signature-based IDS.

A. The identity of a remote communicating entity and the authenticity of the source of the data that are received.

B. The authenticity of a remote communicating entity and the path through which communications Are received.

C. The location of a remote communicating entity and the path through which communications Are received.

D. The identity of a remote communicating entity and the level of security of the path through Which data are received.

A. If the threshold is set too low, non-intrusive activities are considered attacks (false positives). If the threshold is set too high, then malicious activities are not identified (false negatives).

B. If the threshold is set too low, non-intrusive activities are considered attacks (false negatives). If the threshold is set too high, then malicious activities are not identified (false positives).

C. If the threshold is set too high, non-intrusive activities are considered attacks (false positives). If the threshold is set too low, then malicious activities are not identified (false negatives).

D. If the threshold is set too high, non-intrusive activities are considered attacks (false positives). If the threshold is set too high, then malicious activities are not identified (false negatives).

A. Some users will lose their tokens, smart cards, or USB keys

B. Some users will store their tokens, smart cards, or USB keys with their computers, thereby defeating one of the advantages of two-factor authentication

C. Users will have trouble understanding how to use two-factor authentication

D. The cost of implementation and support can easily exceed the cost of the product itself

A. Employees can move from one network to another

B. Peer-to-peer networks would not be allowed

C. Security staff could carry out sniffing

D. Users would not be allowed to move their wireless devices and still stay connected to the network

A. Some components are easier to operate

B. Distributed applications have a simpler architecture than other types of applications

C. Some application components are owned and operated by other organizations

D. Distributed applications are easier to secure

A. The organization will have a continuous supply of electric power.

B. The organization will have to establish fuel supply contracts with at least two fuel suppliers.

C. Electric utility blackouts will result in short electric power outages for the organization.

D. An electric generator will be of no help in this situation.

A. Mandatory access control (MAC)

B. Discretionary access control (DAC)

C. Non-interference

D. Role based access control (RBAC)

A. Access matrix

B. Mandatory access control (MAC)

C. Discretionary access control (DAC)

D. Role based access control (RBAC)

A. The system must be evaluated according to established evaluation criteria

B. A formal management decision is required before the system can be used

C. Penetration tests must be performed against the system

D. A code review must be performed against the system

A. Swapping

B. Paging

C. Killing old processes

D. Running the garbage collector

A. Approximately 7,000k chars/sec

B. Approximately 56k bits/sec

C. Approximately 170k chars/sec

D. Approximately 1,544M bits/sec

A. Application firewalls

B. Source code control

C. Outside code reviews

D. Peer code reviews

A. Active contents controls can make direct system calls

B. The underlying language is simple and intuitive to apply.

C. Only a few assembler instructions are needed to do damage.

D. Office templates are fully API compliant.

A. According to procedures for the lowest sensitivity level

B. According to procedures for the highest sensitivity level

C. According to procedures in between the lowest and highest sensitivity levels

D. Data handling procedures do not apply to backup media, only original media

A. To decrypt a symmetric encryption key

B. To encrypt a symmetric encryption key

C. To permit two parties who have never communicated to establish public encryption keys

D. To permit two parties who have never communicated to establish a secret encryption key

A. Many factors, including current health and respiration rate, make sampling difficult

B. Computers are not yet fast enough to adequately sample a voice print

C. Voice recognition does not handle accents well

D. Impatience changes voice patterns, which leads to increased False Reject Rates

A. Passwords must not be the same as user id or login id.

B. Passwords must be changed at least once every 60 days, depending on your environment.

C. Password aging must be enforced on all systems.

D. Password must be easy to memorize.

A. JVM

B. Bytecode

C. Interpreter

D. Just-in-time compiler

A. It is an operational assurance requirement that is specified in the Orange Book.

B. It is required for B2 class systems in order to protect against covert storage channels.

C. It is required for B2 class systems to protect against covert timing channels.

D. It is required for B3 class systems to protect against both covert storage and covert timing channels.

A. Good software development is a function of the number of expert programmers in the organization.

B. The maturity of an organizations software processes cannot be measured.

C. The quality of a software product is a direct function of the quality of its associated software development and maintenance processes.

D. Software development is an art that cannot be measured by conventional means.

A. A central processing unit (CPU)

B. A microprocessor

C. An arithmetic logic unit (ALU)

D. An automated information system (AIS)

A. To restrict lower-level subjects from accessing low-level information

B. To make a copy of an object and modify the attributes of the second copy

C. To create different objects that will react in different ways to the same input

D. To create different objects that will take on inheritance attributes from their class

A. The application software cannot bypass system security features.

B. Do not adversely affect implementation of the security policy.

C. To do the operating system are always subjected to independent validation and verification.

D. In technical documentation maintain an accurate description of the Trusted Computer Base.

A. Neural networks

B. Suboptimal computing

C. Evolutionary computing

D. Biological computing

A. Transaction Standards, to include Code Sets; Unique Health Identifiers; Security and Electronic Signatures and Privacy

B. Transaction Standards, to include Code Sets; Security and Electronic Signatures and Privacy

C. Unique Health Identifiers; Security and Electronic Signatures and Privacy

D. Security and Electronic Signatures and Privacy

A. Overwriting the media with new application data

B. Degaussing the media

C. Applying a concentration of hydriodic acid (55% to 58% solution) to the gamma ferric oxide disk surface

D. Making sure the disk is re-circulated as quickly as possible to prevent object reuse

A. It uses signed certificates to authenticate the server's public key.", 'B. A 128 bit value is used during the handshake protocol that is unique to the connection.

C. It uses only 40 bits of secret key within a 128 bit key length.

D. Every message sent by the SSL includes a sequence number within the message contents.

A. Over-subscription of the traffic on a backbone

B. A source quench packet

C. a FIN scan

D. A buffer overflow

A. The AC units must be controllable from outside the area

B. The AC units must keep negative pressure in the room so that smoke and other gases are forced out of the room

C. The AC units must be n the same power source as the equipment in the room to allow for easier shutdown

D. The AC units must be dedicated to the information processing facilities

A. Accounts should be monitored regularly.

B. You should have a procedure in place to verify password strength.

C. You should ensure that there are no accounts without passwords.

D. All of the choices.

A. /etc/shadow

B. /etc/host.equiv

C. /etc/passwd

D. None of the choices.

A. White-box testing is performed by an independent programmer team

B. Black-box testing uses the bottom-up approach

C. White-box testing examines the program internal logical structure

D. Black-box testing involves the business units

A. It limits end users use of applications in such a way that only particular screens are visible

B. Only specific records can be requested choice

C. Particular uses of application can be recorded for audit purposes

D. Is non-transparent to the endpoint applications so changes are needed to the applications involved

A. Monitor summary tables for regular use.

B. Control meta data from being used interactively.

C. Monitor the data purging plan.

D. Reconcile data moved between the operations environment and data warehouse.

A. Eliminating repeating groups by putting them into separate tables

B. Eliminating redundant data

C. Eliminating attributes in a table that are not dependent on the primary key of that table

D. Eliminating duplicate key fields by putting them into separate tables

A. A RADIUS server can act as a proxy server, forwarding client requests to other authentication domains.

B. Most of RADIUS clients have a capability to query secondary RADIUS servers for redundancy

C. Most RADIUS servers have built-in database connectivity for billing and reporting purposes

D. Most RADIUS servers can work with DIAMETER servers.

A. Implement column-based access controls

B. Export the table to a data warehouse, including only the fields that the users are permitted to see

C. Clone the table, including only the fields that the users are permitted to see

D. Create a view that contains only the fields that the users are permitted to see

A. Active/Passive server cluster with replication

B. Tape backup and restore to a hot site

C. Tape backup and restore to a cold site

D. Server cluster with shared storage

A. Management will be able to make decisions about the cost of mitigating controls and contingency plans

B. Management will be able to determine which processes are the most critical

C. Management will be able to establish a training budget

D. Management will be able to compare recovery costs with those in similar organizations

A. Lack of successful recoveries using reciprocal agreements.

B. Legal liability of the host site in the event that the recovery fails.

C. Dissimilar equipment used by disaster recovery organization members.

D. Difficulty in enforcing the reciprocal agreement.

A. The first bit of the ip address would be set to zero

B. The first bit of the ip address would be set to one and the second bit set to zero

C. The first two bits of the ip address would be set to one, and the third bit set to zero

D. The first three bits of the ip address would be set to one

A. This is ethical because it was created to test and enhance the performance of a virus protection tool', "B. It's unethical because the virus creating tool may become available to the public.", 'C. All of the above

D. None of the above

A. DESX

B. Triple DES in the EEE mode

C. Double DES with an encryption and decryption with different keys

D. Triple DES in the EDE mode

A. A secret key that is shared between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point

B. A public/private key pair that is shared between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point

C. Frequency shift keying (FSK) of the message that is sent between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point

D. A digital signature that is sent between a mobile station (e.g., a laptop with a wireless Ethernet card) and a base station access point

A. To decrypt a symmetric encryption key

B. To encrypt a symmetric encryption key

C. To permit two parties who have never communicated to establish public encryption keys

D. To permit two parties who have never communicated to establish a secret encryption key

A. Decrease the security level on the information to ensure accessibility and usability of the information.

B. Require specific written approval each time an individual needs to access the information.

C. Increase the security controls on the information.

D. Decrease the classification label on the information.

A. Only the military has true security.

B. Businesses usually care more about data integrity and availability, whereas the military is more concerned with confidentiality.

C. The military requires higher levels of security because the risks are so much higher.

D. The business sector usually cares most about data availability and confidentiality, whereas the military is most concerned with integrity.

A. To make sure the process is fair and that no one is left out.', "B. It shouldn't. It should be a small group brought in from outside the organization because otherwise the analysis is biased and unusable.", 'C. Because people in different departments understand the risks of their department. Thus, it ensures the data going into the analysis is as close to reality as possible.

D. Because the people in the different departments are the ones causing the risks, so they should be the ones held accountable.

A. Originated by VISA and MasterCard as an Internet credit card protocol.

B. Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures.

C. Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer.

D. Originated by VISA and MasterCard as an Internet credit card protocol using SSL.

A. A set of public-key cryptography standards that support algorithms such as Diffie-Hellman and RSA as well as algorithm independent standards

B. A set of public-key cryptography standards that support only "standard" algorithms such as Diffie-Hellman and RSA

C. A set of public-key cryptography standards that support only algorithmindependent implementations

D. A set of public-key cryptography standards that support encryption algorithms such as Diffie-Hellman and RSA, but does not address digital signatures

A. Stored in databases, stored in flat files, and transmitted over public and private networks

B. Stored in databases, and transmitted over public networks

C. Stored in databases, stored in flat files, and transmitted over public networks

D. Stored in databases, and transmitted over public and private networks