« 返回题库列表2026最新CISSP英文真题解析|高频考点汇总+备考经验分享
问题 #1
If the computer system being used contains confidential information, users must not:
A. Leave their computer without first logging off.
B. Share their desks.
C. Encrypt their passwords.
D. Communicate
问题 #2
Separation of duties is valuable in deterring:
A. DoS
B. external intruder
C. fraud
D. trojan house
问题 #3
What principle requires that for particular sets of transactions, no single individual be allowed to execute all transactions within the set?
A. Use of rights
B. Balance of power
C. Separation of duties
D. Fair use
问题 #4
Separation of duty can be:
A. Dynamic only
B. Encrypted
C. Static only
D. Static or dynamic
问题 #5
What is the company benefit, in terms of risk, for people taking a vacation of a specified minimum length?
A. Reduces stress levels, thereby lowering insurance claims.
B. Improves morale, thereby decreasing errors.
C. Increases potential for discovering frauds.
D. Reduces dependence on critical individuals.
问题 #6
Which of the following would be less likely to prevent an employee from reporting an incident?
A. They are afraid of being pulled into something they don't want to be involved with
B. The process of reporting incidents is centralized
C. They are afraid of being accused of something they didn't do
D. They are unaware of the company's security policies and procedures"}
问题 #7
Employee involuntary termination processing should include
A. A list of all passwords used by the individual.
B. A report on outstanding projects.
C. The surrender of any company identification.
D. Signing a non-disclosure agreement.
问题 #8
Which trusted facility management concept implies that two operators must review and approve the work of each other?
A. Two-man control
B. Dual control
C. Double control
D. Segregation control
问题 #9
When two operators review and approve the work of each other, this is known as?
A. Dual control
B. Two-man control
C. Two-fold control
D. Twin control
问题 #10
What security procedure forces an operator into collusion with an operator of a different category to have access to unauthorized data?
A. Enforcing regular password changes
B. Management monitoring of audit logs
C. Limiting the specific accesses of operations personnel
D. Job rotation of people through different assignments
问题 #11
Which of the following user items can be shared?
A. Password
B. Home directory
C. None of the choices.
问题 #12
What should you do to the user accounts as soon as employment is terminated?
A. Disable the user accounts and erase immediately the data kept.
B. Disable the user accounts and have the data kept for a specific period of time.
C. None of the choices.
D. Maintain the user accounts and have the data kept for a specific period of time.
问题 #13
What is the main objective of proper separation of duties?
A. To prevent employees from disclosing sensitive information
B. To ensure access controls are in place
C. To ensure that no single individual can compromise a system
D. To ensure that audit trails are not tampered with
问题 #14
What are the benefits of job rotation?
A. All of the choices.
B. Trained backup in case of emergencies.
C. Protect against fraud.
D. Cross training to employees.
问题 #15
Which of the following control pairing include organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, friendly and unfriendly employee termination procedures, vacation scheduling, labeling
A. Preventive/Administrative Pairing
B. Preventive/Technical Pairing
C. Preventive/Physical Pairing
D. Detective/Administrative Pairing
问题 #16
Which of the following are functions that are compatible in a properly segregated environment?
A. Application programming and computer operation
B. Systems programming and job control analysis
C. Access authorization and database administration
D. Systems development and systems maintenance
问题 #17
Which of the following are functions that are compatible in a properly segregated environment?
A. Security administration and quality assurance
B. Security administration and data entry
C. Security administration and application programming
D. Application programming and data entry
问题 #18
Which of the following are functions that are compatible in a properly segregated environment?
A. Data entry and job scheduling
B. Database administration and systems security
C. Systems analyst and application programming
D. Security administration and systems programming
问题 #19
Which of the following are functions that are compatible in a properly segregated environment?
A. Application programming and computer operation
B. Systems programming and job control analysis
C. Access authorization and database administration
D. System development and systems maintenance
问题 #20
Controls are implemented to:
A. eliminate risk and reduce potential for loss
B. mitigate risk and eliminate the potential for loss
C. mitigate risk and reduce the potential for loss
D. eliminate risk and eliminate the potential for loss
问题 #21
A timely review of system access audit records would be an example of which of the basic security functions?
A. avoidance
B. deterrence
C. prevention
D. detection
问题 #22
A security control should
A. Allow for many exceptions.
B. Cover all contingencies.
C. Not rely on the security of its mechanism.
D. Change frequently.
问题 #23
What set of principles is the basis for information systems controls?
A. Authentication, audit trails, and awareness briefings
B. Individual accountability, auditing, and separation of duties
C. Need to know, identification, and authenticity
D. Audit trails, limited tenure, and awareness briefings
问题 #24
An audit trail is a category of what control?
A. System, Manual
B. Detective, Technical
C. User, Technical
D. Detective, Manual
问题 #25
An IDS is a category of what control?
A. Detective, Manual
B. Detective, Technical
C. User, Technical
D. System, Manual
问题 #26
Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing?
A. Preventive/Administrative Pairing
B. Preventive/Technical Pairing
C. Preventive/Physical Pairing
D. Detective/Technical Pairing
问题 #27
Which one of the following can be identified when exceptions occur using operations security detective controls?
A. Unauthorized people seeing confidential reports.
B. Unauthorized people destroying confidential reports.
C. Authorized operations people performing unauthorized functions.
D. Authorized operations people not responding to important console messages.
问题 #28
Which of the following is not an example of an operation control?
A. backup and recovery
B. audit trails
C. contingency planning
D. operations procedures
问题 #29
Which of the following is not an example of an operational control?
A. backup and recovery
B. audit trails
C. contingency planning
D. operations procedures
问题 #30
Access control allows you to exercise directing influence over which of the following aspects of a system?
A. Behavior, user, and content provider.
B. Behavior, use, and content.
C. User logs and content.
D. None of the choices.
问题 #31
____________ is the means by which the ability to do something with a computer resource is explicitly enabled or restricted.
A. Access control
B. Type of access
C. System resource
D. Work permit
问题 #32
The ability to do something with a computer resource can be explicitly enabled or restricted through:
A. Physical and system-based controls.
B. Theoretical and system-based controls.
C. Mental and system-based controls.
D. Physical and trap-based controls.
问题 #33
The main categories of access control do NOT include:
A. Administrative Access Control
B. Logical Access Control
C. Random Access Control
D. Physical Access Control
问题 #34
You have very strict Physical Access controls. At the same time you have loose Logical Access Controls. What is true about this setting?
A. None of the choices.
B. It can 100% secure your environment.
C. It may secure your environment.
D. It may not secure your environment.
问题 #35
Which of the following is not a detective technical control?
A. Intrusion detection system
B. Violation reports
C. Honeypot
D. None of the choices.
问题 #36
A business continuity plan is an example of which of the following?
A. Corrective Control
B. Detective Control
C. Preventive Control
D. Compensating Control
问题 #37
________ Technical Controls warn of technical Access Control violations.
A. Elusive
B. Descriptive
C. Corrective
D. Detective
问题 #38
A two factor authentication method is considered a:
A. Technical control
B. Patching control
C. Corrective control
D. Logical control
问题 #39
Which of the following are NOT considered technical controls?
A. Access Control software
B. Man trap
C. Passwords
D. Antivirus Software
问题 #40
___________________ are the technical ways of restricting who or what can access system resources.
A. Preventive Manual Controls
B. Detective Technical Controls
C. Preventive Circuit Controls
D. Preventive Technical Controls
问题 #41
Which of the following is not a form of detective administrative control?
A. Rotation of duties
B. Required vacations
C. Separation of duties
D. Security reviews and audits
问题 #42
Preventive Technical Controls are usually built:
A. By using MD5.
B. Into an operating system.
C. By security officer.
D. By security administrator.
问题 #43
Preventive Technical Controls cannot:
A. Protect the OS from unauthorized modification.
B. Protect confidential information from being disclosed to unauthorized persons.
C. Protect the OS from unauthorized manipulation.
D. Protect users from being monitored.
问题 #44
How do Preventive Technical Controls protect system integrity and availability?
A. By limiting the number of threads only.
B. By limiting the number of system variables.
C. By limiting the number of function calls only.
D. By limiting the number of users and/or processes.
问题 #45
Which of the following is NOT a type of access control?
A. Intrusive
B. Deterrent
C. Detective
D. Preventive
问题 #46
As a type of access control, which of the following asks for avoiding occurrence?
A. Preventive
B. Deterrent
C. Intrusive
D. Detective
问题 #47
As a type of access control, which of the following asks for identifying occurrences?
A. Deterrent
B. Preventive
C. Detective
D. Intrusive
问题 #48
As a type of access control, which of the following asks for discouraging occurrence?
A. Detective
B. Intrusive
C. Deterrent
D. Preventive
问题 #49
As a type of access control, which of the following asks for restoring controls?
A. Deterrent
B. Intrusive
C. Corrective
D. Preventive
问题 #50
What type of access control focuses on restoring resources?
A. Recovery
B. Preventive
C. Intrusive
D. Corrective
问题 #51
Access control is the collection of mechanisms that permits managers of a system to exercise influence over the use of:
A. A man guard
B. An IS system
C. A threshold
D. A Trap
问题 #52
What fencing height is likely to stop a determined intruder?
A. 3' to 4' high
B. 6' to 7' high
C. 8' high and above with strands of barbed wire
D. No fence can stop a determined intruder
问题 #53
Lock picking is classified under which one of the following lock mechanism attacks?
A. Illicit key
B. Circumvention
C. Manipulation
D. Shimming
问题 #54
The Physical Security domain addresses three areas that can be utilized to physically protect an enterprise's resources and sensitive information. Which of the following is not one of these areas?
A. Threats
B. Countermeasures
C. Vulnerabilities
D. Risks
问题 #55
Which issue when selecting a facility site deals with the surrounding terrain, building markings and signs, and high or low population in the area?
A. surrounding area and external entities
B. natural disasters
C. accessibility
D. visibility
问题 #56
Which of the following is not a physical control for physical security?
A. lighting
B. fences
C. training
D. facility construction materials
问题 #57
The main risks that physical security components combat are all of the following EXCEPT:
A. SYN flood
B. physical damage
C. theft
D. availability
问题 #58
What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters?
A. Central station alarm
B. Proprietary alarm
C. A remote station alarm
D. An auxiliary station alarm
问题 #59
Examples of types of physical access controls include all except which of the following?
A. badges
B. locks
C. guards
D. passwords
问题 #60
Which of the following is the most costly countermeasures to reducing physical security risks?
A. procedural controls
B. hardware devices
C. electronic systems
D. personnel
问题 #61
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?
A. Wave pattern motion detectors
B. Capacitance detectors
C. Field-powered devices
D. Audio detectors
问题 #62
Which of the following questions is less likely to help in assessing physical access controls?
A. Does management regularly review the list of persons with physical access to sensitive facilities?
B. Is the operating system configured to prevent circumvention of the security software and application controls?
C. Are keys or other access devices needed to enter the computer room and media library?
D. Are visitors to sensitive areas signed in and escorted?
问题 #63
The concentric circle approach is used to
A. Evaluate environmental threats.
B. Assess the physical security facility,
C. Assess the communications network security.
D. Develop a personnel security program.
问题 #64
The MAIN reason for developing closed-circuit television (CCTV) as part of your physical security program is to
A. Provide hard evidence for criminal prosecution.
B. Apprehend criminals.
C. Deter criminal activity.
D. Increase guard visibility.
问题 #65
Closed circuit TV is a feature of:
A. Detective Physical Controls
B. Corrective Physical Controls
C. Corrective Logical Controls
D. Logical Physical Controls
问题 #66
Motion detector is a feature of:
A. Corrective Logical Controls.
B. Logical Physical Controls.
C. Corrective Physical Controls.
D. Detective Physical Controls.
问题 #67
Which of the following is a physical control?
A. Monitoring of system activity
B. Environmental controls
C. Identification and authentication methods
D. Logical access control mechanisms
问题 #68
Which of the following is a detective control?
A. Segregation of duties
B. Back-up procedures
C. Audit trails
D. Physical access control
问题 #69
The basic Electronic Access Control (EAC) components required for access doors are an electromagnetic lock,
A. A credential reader, and a door closed sensor.
B. A card reader, and a door open sensor.
C. A biometric reader, and a door open sensor.
D. A card reader, and door motion detector.
问题 #70
Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives?
A. Preventive/Technical Pairing
B. Preventive/Administrative Pairing
C. Preventive/Physical Pairing
D. Detective/Administrative Pairing
问题 #71
Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and the backing up of files are some of the examples of:
A. Administrative controls
B. Logical controls
C. Technical controls
D. Physical controls
问题 #72
Which of the following is NOT a type of motion detector?
A. photoelectric sensor
B. wave pattern
C. capacitance
D. audio detector
问题 #73
Guards are appropriate whenever the function required by the security program involves which of the following?
A. The use of discriminating judgment
B. The use of physical force
C. The operation of access control devices
D. The need to detect unauthorized access
问题 #74
Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building?
A. Basement
B. Ground floor
C. Third floor
D. Sixth floor
问题 #75
Which of the following risk will most likely affect confidentiality, integrity and availability?
A. Physical damage
B. Unauthorized disclosure of information
C. Loss of control over system
D. Physical theft
问题 #76
Which is the last line of defense in a physical security sense?
A. people
B. interior barriers
C. exterior barriers
D. perimeter barriers
问题 #77
The recording of events with a closed-circuit TV camera is considered a:
A. Preventative control
B. Detective control
C. Compensating control
D. Corrective Control
问题 #78
Sensor is:
A. Logical, Physical
B. Corrective, Logical
C. Detective, Physical
D. Corrective, Physical
问题 #79
A controlled light fixture mounted on a 5-meter pole can illuminate an area 30 meter in diameter. For security lighting purposes, what would be the proper distance between fixtures?
A. 25 meters
B. 30 meters
C. 35 meters
D. 40 meters
问题 #80
Critical areas should be lighted:
A. Eight feet high and two feet out
B. Eight feet high and four feet out
C. Ten feet high and four feet out
D. Ten feet high and six feet out
问题 #81
Which of the following statements regarding an off-site information processing facility is TRUE?
A. It should have the same amount of physical access restrictions as the primary processing unit
B. It should be located in proximity to the originating site so that it can quicl be made operational
C. It should be easily identified from the outside so in the event of an emergency it can be easily found
D. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive
问题 #82
Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires?
A. common-mode noise
B. traverse-mode noise
C. transversal-mode noise
D. crossover-mode noise
问题 #83
Which of the following is NOT a precaution you can take to reduce static electricity?
A. power line conditioning
B. anti-static sprays
C. maintain proper humidity levels
D. anti-static flooding
问题 #84
Devices that supply power when the commercial utility power system fails are called which of the following?
A. power conditioners
B. uninterruptible power supplies
C. power filters
D. power dividers
问题 #85
A prolonged high voltage is a:
A. spike
B. blackout
C. surge
D. fault
问题 #86
A prolonged power supply that is below normal voltage is a:
A. brownout
B. blackout
C. surge
D. fault
问题 #87
A prolonged power outage is a:
A. brownout
B. blackout
C. surge
D. fault
问题 #88
A momentary power outage is a:
A. spike
B. blackout
C. surge
D. fault
问题 #89
What can be defined as a momentary low voltage?
A. Spike
B. Sag
C. Fault
D. Brownout
问题 #90
Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can thre
A. Noise
B. Humidity
C. Brownouts
D. UPS
问题 #91
Under what conditions would use of a "Class C" hand-held fire extinguisher be preferable to use of a "Class A" hand-held fire extinguisher?
A. When the fire is in its incipient stage
B. When the fire involves electrical equipment
C. When the fire is located in an enclosed area
D. When the fire is caused by flammable products
问题 #92
Which of the following is a class C fire?
A. electrical
B. liquid
C. common combustibles
D. soda acid
问题 #93
Which of the following is not a EPA-approved replacement for Halon?
A. Water
B. Argon
C. NAF-S-III
D. Bromine
问题 #94
Which of the following suppresses combustion through a chemical reaction that kills the fire?
A. Halon
B. Co2
C. water
D. soda acid
问题 #95
Which of the following is a class A fire?
A. common combustibles
B. liquid
C. electrical
D. Halon
问题 #96
To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room?
A. Order an immediate refill with Halon 1201 from the manufacture
B. Contact a Halon recycling bank to make arrangements for a refill
C. Order a different chlorofluorocarbon compound from the manufacture
D. Order an immediate refill with Halon 1301 from the manufacture
问题 #97
Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher?
A. When the fire involves paper products
B. When the fire is caused by flammable products
C. When the fire involves electrical equipment
D. When the fire is in an enclosed area
问题 #98
Which of the following is true about a "dry pipe" sprinkler system?
A. It is a substitute for carbon dioxide systems
B. It maximizes chances of accidental discharge of water
C. it minimizes chances of accidental discharge of water
D. It uses less water than "wet pipe" systems
问题 #99
Which fire class can water be most appropriate for?
A. Class A fires
B. Class B fires
C. Class C fires
D. Class D fires
问题 #100
What category of water sprinkler system is currently the most recommended water system for a computer room?
A. Dry Pipe sprinkler system
B. Wet Pipe sprinkler system
C. Pre-action sprinkler system
D. Deluge sprinkler system
闽公网安备 35012102500533号
|
闽ICP备18010967号-7