Take our quiz!
Great job! You got 5 out of 5 questions correct.
Look below to see what you got right, what you got wrong, and why!
Question 1 of 5
Why is separation of duties important for security purposes?
- a. It ensures that multiple people can do the same job.
- b. It prevents an organization from losing important information when they lose important people.
- c. It prevents any single security person from being able to make major security changes without involving other individuals.
- d. It helps employees concentrate their talents where they will be most useful.
Question 2 of 5
What is the final step of a quantitative risk analysis?
- a. Determine asset value.
- b. Assess the annualized rate of occurrence.
- c. Derive the annualized loss expectancy.
- d. Conduct a cost/benefit analysis.
Question 3 of 5
An evil twin attack that broadcasts a legitimate SSID for an unauthorized network is an example of what category of threat?
- a. Spoofing
- b. Information disclosure
- c. Repudiation
- d. Tampering
Question 4 of 5
How can a data retention policy help to reduce liabilities?
- a. By ensuring that unneeded data isn’t retained
- b. By ensuring that incriminating data is destroyed
- c. By ensuring that data is securely wiped so it cannot be restored for legal discovery
- d. By reducing the cost of data storage required by law
Question 5 of 5
Which of the following is not a weakness in Kerberos?
- a. The KDC is a single point of failure.
- b. Compromise of the KDC would allow attackers to impersonate any user.
- c. Authentication information is not encrypted.
- d. It is susceptible to password guessing.
This question may be especially challenging since it asks the question in roundabout way. These questions are presented with statements like “which of the following is NOT”, which is misleading for those of us who are quick readers. The best approach with questions like this is to rephrase the question in your mind, and turn it into something like “all of these are good options EXCEPT” and then find the choice that doesn’t fit.
Negative tests demonstrate application behavior when there is unexpected or invalid data. Information on this can be found in Domain 6.
Excerpted from CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition, ©2015 John Wiley & Sons, All Rights Reserved.