CISSP Exam Questions for Self-Study (Domain 7)

Note:  Pardon the messiness of the questions.  These questions come from my podcast and will be cleaning the questions up over the coming weeks.

Question:

  • As it relates to Logging and Monitoring, what are some of the key purposes behind capturing logs?
    1. Provides an Audit Trail; Allows for Legal Actions; Promotes Accountability
    2. Provides an Audit Trail; Keeps Employees Concerned; Promotes Dependability
    3. Allows for Compliance to Track Employees; Keeps Employees Concerned; Promotes Accountability
    4. None of the Above
  • Answer:  [A] Provides an Audit Trail; Allows for Legal Actions; Promotes Accountability

 

 

Question

  • When considering the Data Life Cycle what are the phases/cycle that data is generated:
    1. Collection, Inspection, Storage, Archiving, Deletion
    2. Gathering, Examination, Storage, Archiving, Deletion
    3. Collection, Examination, Backups, Archiving, Deletion
    4. Collection, Examination, Storage, Archiving, Deletion
  • Answer:  [D] Collection, Examination, Storage, Archiving, Deletion

QUESTION 1

A critical first step in disaster recovery and contingency planning is which of the following?

  • A. Complete a business impact analysis
  • B. Determine offsite backup facility alternatives
  • C. Organize and create relevant documentation
  • D. Plan testing and drills

CORRECT ANSWER - A. Complete a business impact analysis 

The first step in disaster recovery and contingency planning is implementing a business impact analysis (BIA). The step involves identifying all possible threats and measuring the effect each can have on the company. This also includes identifying critical company functions and resources and calculating outage times.

 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-7-quiz-Business-Continuity?q0=1&q1=2&q4=0&q6=1&q7=0&q9=1&q13=3&x=95&y=8>

 

 

QUESTION 2

There are different types of offsite facilities, either subscription-based or company-owned. Which type of subscription-based backup facility is used most often?

  • A. Cold
  • B. Warm
  • C. Hot
  • D. Redundant

 

CORRECT ANSWER - B. Warm 

Warm sites offer an even mix of advantages and disadvantages. These backup locations have power and network available, but only a portion of the hardware and software installed. A positive attribute of a warm site is that they are less expensive than a hot site. A downside is that testing capabilities are not available as they are with hot sites. A redundant site is not subscription-based, but owned by the company.

 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-7-quiz-Business-Continuity?q0=1&q1=2&q4=0&q6=1&q7=0&q9=1&q13=3&x=95&y=8>

 

 

QUESTION 3

In disaster recovery, each level of employee should have clearly defined responsibilities. Which of the following is a responsibility of senior executives?

  • A. Develop testing plans
  • B. Establish project goals and develop plans
  • C. Identify critical business systems
  • D. Oversee budgets and the overall project

 

CORRECT ANSWER - D. Oversee budgets and the overall project 

Senior executives have several key responsibilities within disaster recovery, which include: support and approve plans; sponsor all aspects of plans; verify testing phases are being carried out; and oversee budgets. Having the dedicated and consistent support of senior management is critical in the success of disaster recovery and contingency planning.

 

From <https://searchsecurity.techtarget.com/quiz/CISSP-Domain-7-quiz-Business-Continuity?q0=1&q1=2&q4=0&q6=1&q7=0&q9=1&q13=3&x=95&y=8>

 

 

QUESTION 1

Two or more honeypots on a network:

  • Honeyfarm
  • Honeynet
  • Honeypot
  • Remanence

 

CORRECT ANSWER - Honeynet 

 

From <https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9>

 

 

QUESTION 2

A centralized collection of honeypots and analysis tools:

  • Remanence
  • Honeyfarm
  • Honeypot
  • Smart cards

 

CORRECT ANSWER - Honeyfarm 

 

From <https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9>

 

 

QUESTION 3

A form of software virtualization that lets programs and processes run in their own isolated virtual environment:

  • Rim lock
  • Mortise lock
  • Cipher lock
  • Sandboxing

 

CORRECT ANSWER - Sandboxing  

 

From <https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9>

 

QUESTION 1

A group of technologies which aggregate information about access controls and selected system activity to store for analysis and correlation:

  • Intrusion prevention system (IPS)
  • Chain of custody
  • Security information and event management (SIEM)
  • Indemnification

 

CORRECT ANSWER - Security information and event management (SIEM) 

 

From <https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9>

 

 

QUESTION 2

States that when a crime is committed, the perpetrators leave something behind and take something with them, hence the exchange:

  • Balanced magnetic switch (BMS)
  • Data leak prevention
  • Records and information management (RIM)
  • Locard's exchange principle

 

CORRECT ANSWER - Locard's exchange principle 

 

From <https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9>

 

 

QUESTION 3

Essential activities to protect business information and can be established in compliance with laws, regulations, or corporate governance:

  • Protocol anomaly-based IDS
  • Smart cards
  • Time domain reflectometry (TDR)
  • Records and information management (RIM)

 

CORRECT ANSWER - Records and information management (RIM) 

 

From <https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9>

 

 

QUESTION 4

A technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity:

  • Intrusion prevention systems
  • Intrusion detection systems
  • Data leak prevention systems
  • Infrared linear beam sensors

 

CORRECT ANSWER - Intrusion detection systems 

 

From <https://searchsecurity.techtarget.com/quiz/Get-ready-for-CISSP-Domain-7-Cyberattack-prevention-quiz?q0=0&x=84&y=9>

 

 

Close

Don't you want to pass the CISSP....the FIRST time?

Get my FREE CISSP training videos (Domains 1 - 4) so I can show you how to pass the CISSP Exam...the FIRST time! .