Exam A

Professional Certification
and College Credit Course Exam

Course 2058—Exam A
Certified Information Systems Security
Professional (CISSP) Certification Exam
Preparation

Important: Please indicate on your Exam Answer Form

that this is Exam A

◆ Welcome to this Learning Tree Course Exam!

Passing this exam will help you earn Learning Tree Professional
Certification and college credit (college credit available in the U.S. only)

◆ The maximum allowed time for the 40 questions on this exam is 60

minutes

◆ Please use a dark colored pen or pencil to fill in the Exam Answer
Form

◆ When done, please place the exam and answer sheet in the exam
envelope

◆ Good luck!

◆ Note: This exam and its answer form must be returned to the
instructor or test proctor; exams and answer forms may not be
removed from the classroom or exam location or reproduced in
any form

© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.

2058/ExamA/B.2/605/B.1 1
1. A high-security fence should be at least ________ meters high.
A. 1.5
B. 2.5
C. 4
D. 6

2. What power fault is a momentary high voltage?

A. Fault
B. Brownout
C. Spike
D. Sag

3. Which is the best access control mechanism to eliminate piggybacking?

A. Exterior door
B. Turnstile
C. Mantrap
D. Magnetic locks

4. You are establishing a physical security environment for your new data center. The
fire-suppression agent you will need to prepare for potential electrical and computer fires is:
A. B
B. C
C. D
D. K

5. Fiber optic cable has which disadvantage when compared with copper cable?
A. It is more difficult to maintain
B. It has lower throughput
C. It is more expensive to install
D. It is less secure

6. A mesh network topology has which advantage over other network topologies?
A. Cheaper to implement
B. Built-in redundancy
C. Easier to expand
D. Simpler technology

© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.

2058/ExamA/B.2/605/B.1 2
7. Which is not an advantage of VLANs?
A. Enhanced internal security
B. Reduced installation and maintenance overhead
C. Efficient use of hardware
D. Distributed management

8. An incremental backup will:

A. Back up what has changed since the last full or incremental backup
B. Back up everything on the system
C. Back up what has changed since previous full or differential backup
D. Perform a synchronous replication

9. Which measurement is used to compare accuracy of biometric systems?

A. CER
B. FAR
C. FRR
D. FRA

10. Which business continuity/disaster recovery metric defines what data must be restored?
A. MTTR
B. RPO
C. RTO
D. MTPD

11. Your organization cannot sustain any outage of key database systems. The alternate site
option you would recommend for fault tolerance is:
A. Cold site
B. Warm site
C. Hot site
D. Duplicate data center

12. Which layer of the OSI reference model is concerned with end-to-end connectivity?
A. Data link
B. Network
C. Transport
D. Presentation

© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.

2058/ExamA/B.2/605/B.1 3
13. Which RAID mechanism provides full data duplication?
A. RAID 0
B. RAID 1
C. RAID 3
D. RAID 5

14. Multifactor authentication should be used when:

A. An organization has several systems that require passwords and needs them centralized
B. Individuals are given an option to provide one of many authentication credentials
C. Several users access the same system with the same account
D. Systems contain highly sensitive data

15. Which type of attack uses precalculated hashes and compares them to captured passwords?
A. Rainbow tables
B. Brute force
C. Social engineering
D. Side-channel

16. Mandatory access control uses a predetermined list of privileges as well as:
A. Discretionary access control lists
B. Static group memberships
C. An access control matrix
D. Sensitivity labels

17. The ESP header in IPSEC provides:

A. Availability
B. Integrity
C. Confidentiality
D. Quality of service

18. The Vigenère cipher:

A. Shifts each letter three places
B. Substitutes one letter for another
C. Is a polyalphabetic cipher
D. Ensures that the key and message are the same length

© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.

2058/ExamA/B.2/605/B.1 4
19. Kerckhoff's principle is associated with:
A. Business continuity
B. Investigations
C. Forensics
D. Encryption

20. Which is a characteristic of hashing?

A. Reversible
B. Not subject to collisions
C. Used for confidentiality of messages
D. Computationally difficult to retrieve the original message

21. Which personnel security practice requires that individuals are only able to access what is
necessary for a legitimate purpose?
A. Least privilege
B. Dual control
C. Need to know
D. Separation of duties

22. Which personnel security practice requires employees to take time off so that employers can
detect potential fraud?
A. Job rotation
B. Lease privilege
C. Separation of duties
D. Mandatory vacations

23. Which is the best method to ensure storage media have been sanitized of highly sensitive
data?
A. Degaussing
B. Overwrite with special software
C. Erase the files
D. Physical destruction

© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.

2058/ExamA/B.2/605/B.1 5
24. Which security concern does RAID address?
A. Confidentiality
B. Authentication
C. Availability
D. Access control

25. Which model is focused on ensuring a system remains secure in each condition and that
after transitions the system remains secure?
A. Information flow
B. State machine
C. Process
D. Noninterference

26. A lattice-based model is concerned with:

A. Hierarchical security labels
B. Transitions resulting in secure states
C. Limits on system and information interaction
D. Information flow protection

27. Which is  a vulnerability of virtualized environments?

A. Single point of failure
B. Increased threat of hardware compromise
C. Reduced availability
D. Complexity requires greater monitoring

28. Which certification and accreditation criteria use two separate ratings—assurance and
functionality?
A. TCSEC
B. ITSEC
C. Common Criteria
D. ITIL

29. Which software-testing method looks at the code line-by-line?

A. White box
B. Gray box
C. Black box
D. Fuzzing

© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.

2058/ExamA/B.2/605/B.1 6
30. Which software-testing method takes the user's perspective?
A. White box
B. Gray box
C. Black box
D. Static

31. Which evaluation mechanism examines an organization's degree of formality and control in
software development?
A. BSIMM
B. C&A
C. OWASP
D. CMM

32. Which Capability Maturity Model level requires that an organization's processes be defined
and documented?
A. Level 2
B. Level 3
C. Level 4
D. Level 5

33. Which legal system consists of criminal, tort, and administrative laws and was developed in
England?
A. Civil
B. Common
C. Religious
D. Customary

34. Which legal term applies to a failure to act with reasonable care?
A. Negligence
B. Liability
C. Obligation
D. Due care

© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.

2058/ExamA/B.2/605/B.1 7
35. The Wassenaar Arrangement is an example of international cooperation in the area of:
A. International patents
B. Dual-use goods, such as encryption
C. Privacy information
D. Financial information retention

36. Which is a characteristic of Advanced Persistent Threat (APT)?

A. Crimes are committed against larger organizations
B. It is harder to detect than traditional threats
C. Substantial resources are available to perform continuous attacks
D. Computers are used to commit traditional crimes

37. Which documents provide step-by-step descriptions of tasks?

A. Baselines
B. Standards
C. Guidelines
D. Procedures

38. Which documents define minimal levels of protection that must be met for a particular
computing platform?
A. Baselines
B. Guidelines
C. Standards
D. Procedures

39. Your web business is worth $2 million per year. Your calculated exposure factor due to
attack is 1%. The calculated annual rate of occurrence is 0.25. What is your annual loss
expectancy?
A. $500,000
B. $50,000
C. $5,000
D. $500

© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.

2058/ExamA/B.2/605/B.1 8
40. You have an asset valued at $1 million. The exposure factor is 10%. The annual loss
expectancy is $20,000. What is the annual rate of occurrence (ARO)?
A. 10%
B. 20%
C. 30%
D. 50%

End of Exam
Thank you for participating in this course and completing this
exam! We are certain that this investment in your professional
development will be rewarded by your enhanced on-the-job
contributions and your accelerated career advancement.
We hope you enjoyed your educational experience with
Learning Tree, and we look forward to serving you again as you
continue your professional education.

© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.

2058/ExamA/B.2/605/B.1 9