《CISSP 管理题目.doc》由会员分享,可在线阅读,更多相关《CISSP 管理题目.doc(8页珍藏版)》请在金锄头文库上搜索。
1、安全管理知识域练习题1. Related to information security, availability is the opposite of which of the following?a) delegationb) distributionc) documentationd) destructionD2. Related to information security, the guarantee that the message sent is the message received is an example of which of the following?a) i
2、ntegrityb) confidentialityc) availabilityd) identityA3. Which of the following is NOT an administrative control?a) Logical access control mechanismsb) Screening of personnelc) Development of policies, standards, procedures and guidelinesd) Change control proceduresA4. Which of the following describe
3、 elements that create reliability and stability in networks and systems and which assures that connectivity is accessible when needed?a) Availabilityb) Acceptabilityc) Confidentialityd) IntegrityA5. Which one of the following individuals has PRIMARY responsibility for determining the classification
4、level of information?a) Security managerb) Userc) Ownerd) AuditorC6. Which of the following groups represents the leading source of computer crime losses?a) hackersb) industrial saboteursc) foreign intelligence officersd) employeesD7. What is the main responsibility of information owner?a) making th
5、e determination to decide what level of classification the information requiresb) running regular backupsc) audit the users when they access to the informationd) periodically checking the validity and accuracy for all data in the information systemA8. What can be defined as an event that could cause
6、 harm to the information systems?a) A riskb) A threatc) A vulnerabilityd) A weaknessB9. Which of the following is less likely to assist in ensuring availability?a) Backups and redundant disk systemsb) Regular system and security auditsc) Reliable and interoperable security processes and network secu
7、rity mechanismsd) Acceptable log-ins and operating process performancesB10. Which of the following provides a minimum level of security acceptable for an environment?a) A baselineb) A standardc) A procedured) A guidelineA11. Who should provide access authorization to computerized information?a) Data
8、base administratorb) Security administratorc) Data ownerd) Network administratorC12. If risk is defined as the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the assets then risk has all of the following elements EXCEPT?a) An impa
9、ct on assets based on threats and vulnerabilitiesb) Controls addressing the threatsc) Threats to and vulnerabilities of processes and/or assetsd) Probabilities of the threatsB13. Who should measure the effectiveness of security related controls in an organization?a) the local security specialistb) t
10、he business managerc) the systems auditord) the central security managerC14. How is Annualized Loss Expectancy (ALE) derived from a treat?a) ARO x (SLE - EF)b) SLE x AROc) SLE/EFd) AV x EFB15. Which of the following would be the first criteria to consider to determine the classification of an inform
11、ation object?a) Valueb) Agec) Useful lifed) Personal associationA16. IT security measures should:a) Be complexb) Be tailored to meet organizational security goals.c) Make sure that every asset of the organization is well protected.d) Not be developed in a layered fashion.B17. Which of the following
12、is not a responsibility of a database administrator?a) Maintaining databasesb) Implementing access rules to databasesc) Reorganizing databasesd) Providing access authorization to databasesD18. Why do many organizations require every employee to take a mandatory vacation of a week or more?a) To reduc
13、e the opportunity for an employee to commit an improper or illegal act.b) To lead to greater productivity through a better quality of life for the employee.c) To provide proper cross training for another employee.d) To allow more employees to have a better understanding of the overall system.A19. Wh
14、ich of the following is the MOST important aspect relating to employee termination?a) The details of employee have been removed from active payroll files.b) Company property provided to the employee has been returned.c) User ID and passwords of the employee have been deleted.d) The related company s
15、taff are notified about the termination.C20. Which of the following embodies all the detailed actions that personnel are required to follow?a) Standardsb) Guidelinesc) Proceduresd) BaselinesC21. What is a difference between Quantitative and Qualitative Risk Analysis?a) qualitative uses strong mathematical formulas and quantitative notb) fully qualitative analysis if not possible, while quantitative is c) quantitative provides formal cost/benefit analysis and qualitative not d) there is no difference between qualitative and quantitative an
