2026 CISSP英文题库及答案｜最新考试问题+真题PDF汇总

A. Increase the database's security controls and provide more granularity.

B. Implement access controls that display each user's permissions each time they access the database.

C. Change the database's classification label to a higher security status.

D. Decrease the security so that all users can access the information as needed.

A. threats × vulnerability × asset value = residual risk

B. SLE × frequency = ALE, which is equal to residual risk

C. (threats × asset value × vulnerability) × control gap = residual risk

D. (total risk - asset value) × countermeasures = residual risk

A. Users have a tendency to request additional permissions without asking for others to be taken away.

B. It is a violation of "least privilege."

C. It enforces the "need-to-know" concept.

D. It commonly occurs when users transfer to other departments or change positions.

A. To address fraudulent financial activities and reporting

B. To help organizations install, implement, and maintain CobiT controls

C. To serve as a guideline for IT security auditors to use when verifying compliance

D. To address regulatory requirements related to protecting private health information

A. Ensuring the protection of partner data

B. Ensuring the accuracy and protection of company financial information

C. Ensuring that security policies are defined and enforced

D. Ensuring the protection of customer, company, and employee data

A. Perform a low-level format on the hard disk

B. Use a degausser to re-align the magnetic storage material on the hard disk

C. Use a tool to overwrite files multiple times

D. Perform a high-level format on the hard disk

A. Object Request Brokers (ORBs)

B. Object Services

C. Application Objects

D. Application Services

A. Synchronous Data Link Control (SDLC)

B. Serial Line Internet Protocol (SLIP)

C. Point-to-Point Protocol (PPP)

D. High-Level Data Link Control (HDLC)

A. Data owner

B. Data custodian

C. Data user

D. Information systems auditor

A. Consists of multiple processing locations that can provide alternatives for

B. Distances from user to processing resource are transparent to the user.

C. Security is enhanced because of networked systems.

D. Data stored at multiple, geographically separate locations is easily available to the user.

A. Install an anti-virus gateway web proxy server

B. Install anti-virus on its e-mail servers

C. Install anti-virus central management console

D. Install anti-virus on its web servers

A. Confirming the presence of error messages in backup logs

B. Confirming the absence of error messages in backup logs

C. Testing the ability to backup data onto backup media

D. Testing the ability to restore data from backup media

A. According to procedures for the lowest sensitivity level

B. According to procedures for the highest sensitivity level

C. According to procedures in between the lowest and highest sensitivity levels

D. Data handling procedures do not apply to backup media, only original media

A. Implement PIN pads at card reader stations

B. Implement video surveillance at card reader stations

C. Implement man traps at card reader stations

D. Implement RFID sensors at card reader stations

A. The organization will have a continuous supply of electric power.

B. The organization will have to establish fuel supply contracts with at least two fuel suppliers.

C. Electric utility blackouts will result in short electric power outages for the organization.

D. An electric generator will be of no help in this situation.

A. A backup processing facility with adequate electrical wiring and air conditioning, but no hardware or software installed

B. A backup processing facility with most hardware and software installed, which can be operational within a matter of days

C. A backup processing facility with all hardware and software installed and 100% compatible with the original site, operational within hours

D. A mobile trailer with portable generators and air conditioning

A. Distributed

B. Centralized

C. Open system

D. Symmetric

A. A symmetric key algorithm that operates on a variable-length block of plaintext and transforms it into a fixed-length block of ciphertext

B. A symmetric key algorithm that operates on a fixed-length block of plaintext and transforms it into a fixed-length block of ciphertext

C. An asymmetric key algorithm that operates on a variable-length block of plaintext and transforms it into a fixed-length block of ciphertext

D. An asymmetric key algorithm that operates on a fixed-length block of plaintext and transforms it into a fixed-length block of ciphertext

A. A layered security approach is not necessary when using COTS products.

B. A good packet-filtering router will eliminate the need to implement a layered security architecture.

C. A layered security approach is intended to increase the work-factor for an attacker.', "D. A layered approach doesn't really improve the security posture of the organization.

A. Link oriented

B. Procedure oriented

C. Pass-through oriented

D. End-to-end oriented

A. Systems processing Top Secret or classified information.

B. A Trusted Computer Base with a level of trust B2 or above.

C. A system that can be monitored in a supervisor state.

D. Systems that use exposed communication links.

A. It converts a message of a fixed length into a message digest of arbitrary length.

B. It is computationally infeasible to construct two different messages with the same digest

C. It converts a message of arbitrary length into a message digest of a fixed length

D. Given a digest value, it is computationally infeasible to find the corresponding message

A. The IPv4 and IPv5 Authentication Headers

B. The Authentication Header Encapsulating Security Payload

C. The Authentication Header and Digital Signature Tag

D. The Authentication Header and Message Authentication Code

A. Replace the file with the original version from master media

B. Proceed with automated disinfection

C. Research the virus to see if it is benign

D. Restore an uninfected version of the patched file from backup media

A. It has a greater throughput.

B. It detects intrusion faster.

C. It has greater network isolation.

D. It automatically configures the rule set.

A. A networked workstation so that the live password database can easily be accessed by the cracking program

B. A networked workstation so the password database can easily be copied locally and processed by the cracking program

C. A standalone workstation on which the password database is copied and processed by the cracking program

D. A password-cracking program is unethical; therefore it should not be used.

A. Quantity baseline

B. Maximum log size

C. Circular logging

D. Clipping levels

A. Process/Application Layer

B. Host-to-Host Layer

C. Internet Layer

D. Network Access Layer

A. A store-and-forward switch reads the whole packet and checks its validity before sending it to the next destination.

B. Both methods operate at layer two of the OSI reference model.

C. A cut-through switch reads only the header on the incoming data packet.

D. A cut-through switch introduces more latency than a store-and-forward switch.

A. DNS poisoning

B. C2MYAZZ

C. Snort

D. BO2K

A. Multi-mode fiber propagates light waves through many paths, single-mode fiber propagates a single light ray only.

B. Multi-mode fiber has a longer allowable maximum transmission distance than single-mode fiber.

C. Single-mode fiber has a longer allowable maximum transmission distance than multi-mode fiber.

D. Both types have a longer allowable maximum transmission distance than UTP Cat 5.

A. H (m) is collision free.

B. H (m) is difficult to compute for any given m.

C. The output is of fixed length.

D. H (m) is a one-way function.

A. Floating point co-processor

B. Smart card reader

C. Fingerprint reader

D. Trusted Platform Module (TPM)

A. Some users will lose their tokens, smart cards, or USB keys

B. Some users will store their tokens, smart cards, or USB keys with their computers, thereby defeating one of the advantages of two-factor authentication

C. Users will have trouble understanding how to use two-factor authentication

D. The cost of implementation and support can easily exceed the cost of the product itself

A. It is inconvenient to use retina scanning in a darkened room

B. Many users cannot hold their eye open long enough for a scan to complete

C. Users are uncomfortable holding their eye very near the biometric scanning device

D. The human retina changes significantly over time

A. Increase the False Accept Rate

B. Reduce the False Accept Rate

C. Increase the False Reject Rate

D. Reduce the False Reject Rate

A. S-WAP

B. WTLS

C. WSP

D. WDP

A. To prove its origin

B. To prove that it is not malicious

C. To prove that it can be trusted

D. To prove that it was downloaded properly

A. Keys should be backed up or escrowed in case of emergencies.

B. The more a key is used, the shorter its lifetime should be.

C. Less secure data allows for a shorter key lifetime.

D. Keys should be stored and transmitted by secure means.

A. 33,670

B. 520

C. 67,340

D. 260

A. Reduces stress levels, thereby lowering insurance claims.

B. Improves morale, thereby decreasing errors.

C. Increases potential for discovering frauds.

D. Reduces dependence on critical individuals.

A. Unauthorized people seeing confidential reports.

B. Unauthorized people destroying confidential reports.

C. Authorized operations people performing unauthorized functions.

D. Authorized operations people not responding to important console messages.

A. Hardening

B. Segmenting

C. Aggregating

D. Kerneling

A. RPC

B. IGMP

C. LPD

D. SPX

A. Control external entities requesting access through X.500 databases

B. Control external entities requesting access to internal objects

C. Control internal entities requesting access through X.500 databases

D. Control internal entities requesting access to external objects

A. Management password reset

B. Self-service password reset

C. Password synchronization

D. Assisted password reset

A. It is an example of a discretionary access control model.', "B. Detailed access controls indicate the type of data that users can access based on the data's level of privacy sensitivity.", 'C. It is an extension of role-based access control.

D. It should be used to integrate privacy policies and access control policies.

A. It is based on ACLs.

B. It is not application dependent.

C. It operates at the network layer.

D. It keeps track of the state of a connection.

A. Hypertext Markup Language (HTML)

B. Extensible Markup Language (XML)

C. LaTeX

D. Generalized Markup Language (GML)

A. Meta-directory

B. User attribute information stored in an HR database

C. Virtual container for data from multiple sources

D. A service that allows an administrator to configure and manage how identification takes place

A. A nonportable identity that can be used across business boundaries

B. A portable identity that can be used across business boundaries

C. An identity that can be used within intranet virtual directories and identity stores

D. An identity specified by domain names that can be used across business boundaries

A. Personal information is collected from victims through legitimate-looking Web sites in phishing attacks, while personal information is collected from victims via e-mail in pharming attacks.

B. Phishing attacks point e-mail recipients to a form where victims input personal information, while pharming attacks use pop-up forms at legitimate Web sites to collect personal information from victims.', "C. Victims are pointed to a fake Web site with a domain name that looks similar to a legitimate site's in a phishing attack, while victims are directed to a fake Web site as a result of a legitimate domain name being incorrectly translated by the DNS server in a pharming attack.", 'D. Phishing is a technical attack, while pharming is a type of social engineering.

A. User activities are monitored and tracked without negatively affecting system performance.

B. User activities are monitored and tracked without the user knowing about the mechanism that is carrying this out.

C. Users are allowed access in a manner that does not negatively affect business processes.

D. Unauthorized access attempts are denied and logged without the intruder knowing about the mechanism that is carrying this out.

A. If not properly protected, these logs may not be admissible during a prosecution.

B. Audit logs contain sensitive data and should only be accessible to a certain subset of people.

C. Intruders may attempt to scrub the logs to hide their activities.

D. The format of the logs should be unknown and unavailable to the intruder.

A. decide what to do with each application.

B. decide what to do with each user.

C. decide what to do with each port.

D. decide what to do with each packet.

A. Classification level of data

B. Level of training that employees have received

C. Logical access controls provided by products

D. Legal and regulation issues

A. SSL

B. IPSec

C. S-HTTP

D. SSH-2

A. State-based

B. Statistical anomaly-based

C. Misuse detection system

D. Protocol signature-based

A. Uses IF/THEN programming within expert systems

B. Identifies protocols used outside of their common bounds

C. Compares patterns to several activities at once

D. Can detect new attacks

A. They are the same thing with different titles.', "B. They are administrative controls that enforce access control and protect the company's resources.", 'C. Separation of duties ensures that one person cannot perform a high-risk task alone, and job rotation can uncover fraud because more than one person knows the tasks of a position.

D. Job rotation ensures that one person cannot perform a high-risk task alone, and separation of duties can uncover fraud because more than one person knows the tasks of a position.

A. Diameter

B. Watchdog

C. RADIUS

D. TACACS+

A. Capability table

B. Constrained interface

C. Role-based value

D. ACL

A. Stored in databases, stored in flat files, and transmitted over public and private networks

B. Stored in databases, and transmitted over public networks

C. Stored in databases, stored in flat files, and transmitted over public networks

D. Stored in databases, and transmitted over public and private networks

A. TCP sequence number attack

B. IP spoofing attack

C. Piggybacking attack

D. Teardrop attack

A. Annualized Loss Expectancy

B. Single Loss Expectancy

C. Annualized Rate of Occurrence

D. Information Risk Management

A. Install an anti-virus gateway web proxy server

B. Install anti-virus on its e-mail servers

C. Install anti-virus central management console

D. Install anti-virus on its web servers

A. Operating system audit trails and system logs

B. Operating system audit trails and network packets

C. Network packets and system logs

D. Operating system alarms and system logs

A. ASCII

B. Numerical

C. Unicode

D. Hexadecimal

A. Disable the user accounts and have the data kept for a specified period of time

B. Maintain the user accounts and have the data kept for a specified period of time

C. Disable the user accounts and erase immediately the data kept

D. No Answer is Correct

A. SYN flood attack

B. Smurf attack

C. Ping of Dead Attack

D. Denial of Service (DOS) Attack

A. Processing rules and enforcement rules.

B. Integrity-bouncing rules.

C. Certification rules and enforcement rules.

D. Certification rules and general rules.

A. Where high availability is vital.

B. Where the consequences of disclose are very high.

C. Where countermeasures are easy to implement

D. Where data base integrity is crucial

A. Increased circuits, cache memory, and multiprogramming

B. Dual mode computation

C. Direct memory access I/O

D. Increases in processing power

A. More than one process uses the same resource.

B. It allows cookies to remain persistent in memory.

C. It allows for side-channel attacks to take place.

D. Two processes can carry out a denial-of-service.

A. Chinese Wall

B. Access tuple

C. Read up and write down rule

D. Subject and application binding

A. The security kernel implements and enforces the reference monitor.

B. The reference monitor is the core of the trusted computing base, which is made up of the security kernel.

C. The reference monitor implements and enforces the security kernel.

D. The security kernel, aka abstract machine, implements the reference monitor concept.

A. I/O operational execution

B. Process deactivation

C. Execution domain switching

D. Virtual memory to real memory mapping

A. A two-dimensional model that uses communication interrogatives intersecting with different levels

B. A security-oriented model that gives instructions in a modular fashion

C. Used to build a robust enterprise architecture versus a technical security architecture

D. Uses six perspectives to describe a holistic information infrastructure

A. A virtual instance of an operating system

B. A piece of hardware that runs multiple operating system environments simultaneously

C. A physical environment for multiple guests

D. An environment that can be fully utilized while running legacy applications

A. drafts of documents

B. copies of documents

C. permanent records

D. temporary documents

A. Covert storage channel

B. Inference attack

C. Noninterference

D. Aggregation

A. Specifies the security requirements and protections of the products to be evaluated.

B. Is also known as the Orange Book.

C. Is also known as the Target of Evaluation (TOE).

D. Specifies the mandatory protection in the product to be evaluated.

A. Virtualization simplifies operating system patching.

B. Virtualization can be used to build a secure computing platform.

C. Virtualization can provide fault and error containment.

D. Virtual machines offer powerful debugging capabilities.

A. Virtual mapping

B. Encapsulation of objects

C. Time multiplexing

D. Naming distinctions

A. Use complex controls to ensure integrity and confidentiality when processes need to use the same shared memory segments.

B. Limit processes to interact only with the memory segments assigned to them.

C. Swap contents from RAM to the hard drive as needed.

D. Run an algorithm to identify unused committed memory and inform the operating system that the memory is available.

A. PROM can only be programmed once, while EEPROM can be programmed multiple times.

B. A UV light is used to erase data on EEPROM, while onboard programming circuitry and signals erase data on EPROM.

C. The process used to delete data on PROM erases one byte at a time, while to erase data on an EPROM chip, you must remove it from the hardware.

D. The voltage used to write bits into the memory cells of EPROM burns out the fuses that connect individual memory cells, while UV light is used to write to the memory cells of PROM.

A. Initial

B. Repeatable

C. Defined

D. Managed

A. Approach this investigation objectively, without regard to the history of this employee’s conduct

B. Approach this investigation subjectively, given the history of this employee’s conduct

C. Assume the employee is guilty and search for evidence to support this

D. Assume the employee is innocent and search for evidence to refute this

A. Floating point co-processor

B. Smart card reader

C. Fingerprint reader

D. Trusted Platform Module (TPM)

A. Threads

B. Registers

C. Address buses

D. Process tables

A. Fail-soft defaults to the sensitivity of the are

A.

B. Fail-safe defaults to locked.

C. Fail-secure defaults to unlocked.

D. Fail-secure defaults to double locked.

A. Unsuccessful access attempts should be logged but only need to be reviewed by a security guard.

B. Only successful access attempts should be logged and reviewed.

C. Only unsuccessful access attempts during unauthorized hours should be logged and reviewed.

D. All unsuccessful access attempts should be logged and reviewed.

A. The glass has embedded wires.

B. They are made of glass-clad polycarbonate.

C. The window material is acrylic glass.

D. A solar window film has been added to them.

A. A fixed focal length lens allows you to move between various fields of view with a single lens.

B. To cover a large area and not focus on specific items, use a large lens opening.

C. An auto-iris lens should be used in an area with fixed lighting.

D. A shallow depth of focus allows you to focus on smaller details.

A. Digital Light Processing

B. Cathode ray tube

C. Annunciator

D. Charged-coupled devices

A. The pipes of a dry pipe system are filled with water when pressurized air within the pipes is reduced.

B. The pipes of a preaction system are filled with water when pressurized air within the pipes is reduced.

C. The sprinkler heads of a deluge system are wide open to allow a larger volume of water to be released in a shorter period.

D. The pipes in a wet pipe system always contain water.

A. If the camera must be able to move in response to commands

B. If the environment has fixed lighting

C. If objects to be viewed are wide angle, such as a parking lot, or narrow, such as a door

D. The amount of light present in the environment

A. Because they detect changes in subtle environmental characteristics, electromechanical systems are more sensitive than volumetric.

B. Electromechanical systems are less sensitive than volumetric systems, which detect subtle changes in environmental characteristics.

C. Electromagnetic systems deal with environmental changes such as ultrasonic frequencies, while volumetric systems can employ pressure mats or metallic foil in windows.

D. Electromagnetic systems are more sensitive because they detect a change or break in a circuit, while volumetric systems detect environmental changes.

A. Layered defense model

B. Target hardening

C. Crime Prevention Through Environmental Design

D. Natural access control

A. Capacitance detector

B. Passive infrared system

C. Wave-pattern motion detectors

D. Photoelectric system

A. Acoustical detection system

B. Proximity detector

C. Photoelectric system

D. Vibration sensor