5 key questions from the CISSP practice exam

Why is separation of duties important for security purposes?

• a. It ensures that multiple people can do the same job.
• b. It prevents an organization from losing important information when they lose ­important people.
• c. It prevents any single security person from being able to make major security changes without involving other individuals.
• d. It helps employees concentrate their talents where they will be most useful.

What is the final step of a quantitative risk analysis?

• a. Determine asset value.
• b. Assess the annualized rate of occurrence.
• c. Derive the annualized loss expectancy.
• d. Conduct a cost/benefit analysis.

An evil twin attack that broadcasts a legitimate SSID for an unauthorized network is an example of what category of threat?

• a. Spoofing
• b. Information disclosure
• c. Repudiation
• d. Tampering

How can a data retention policy help to reduce liabilities?

• a. By ensuring that unneeded data isn’t retained
• b. By ensuring that incriminating data is destroyed
• c. By ensuring that data is securely wiped so it cannot be restored for legal discovery
• d. By reducing the cost of data storage required by law

Which of the following is not a weakness in Kerberos?

• a. The KDC is a single point of failure.
• b. Compromise of the KDC would allow attackers to impersonate any user.
• c. Authentication information is not encrypted.
• d. It is susceptible to password guessing.