Documente Academic
Documente Profesional
Documente Cultură
Professional Certification
and College Credit Course Exam
Course 2058—Exam A
Certified Information Systems Security
Professional (CISSP) Certification Exam
Preparation
Passing this exam will help you earn Learning Tree Professional
Certification and college credit (college credit available in the U.S. only)
◆ Please use a dark colored pen or pencil to fill in the Exam Answer
Form
◆ When done, please place the exam and answer sheet in the exam
envelope
◆ Good luck!
◆ Note: This exam and its answer form must be returned to the
instructor or test proctor; exams and answer forms may not be
removed from the classroom or exam location or reproduced in
any form
© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.
2058/ExamA/B.2/605/B.1 1
1. A high-security fence should be at least ________ meters high.
A. 1.5
B. 2.5
C. 4
D. 6
4. You are establishing a physical security environment for your new data center. The
fire-suppression agent you will need to prepare for potential electrical and computer fires is:
A. B
B. C
C. D
D. K
5. Fiber optic cable has which disadvantage when compared with copper cable?
A. It is more difficult to maintain
B. It has lower throughput
C. It is more expensive to install
D. It is less secure
6. A mesh network topology has which advantage over other network topologies?
A. Cheaper to implement
B. Built-in redundancy
C. Easier to expand
D. Simpler technology
© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.
2058/ExamA/B.2/605/B.1 2
7. Which is not an advantage of VLANs?
A. Enhanced internal security
B. Reduced installation and maintenance overhead
C. Efficient use of hardware
D. Distributed management
10. Which business continuity/disaster recovery metric defines what data must be restored?
A. MTTR
B. RPO
C. RTO
D. MTPD
11. Your organization cannot sustain any outage of key database systems. The alternate site
option you would recommend for fault tolerance is:
A. Cold site
B. Warm site
C. Hot site
D. Duplicate data center
12. Which layer of the OSI reference model is concerned with end-to-end connectivity?
A. Data link
B. Network
C. Transport
D. Presentation
© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.
2058/ExamA/B.2/605/B.1 3
13. Which RAID mechanism provides full data duplication?
A. RAID 0
B. RAID 1
C. RAID 3
D. RAID 5
15. Which type of attack uses precalculated hashes and compares them to captured passwords?
A. Rainbow tables
B. Brute force
C. Social engineering
D. Side-channel
16. Mandatory access control uses a predetermined list of privileges as well as:
A. Discretionary access control lists
B. Static group memberships
C. An access control matrix
D. Sensitivity labels
© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.
2058/ExamA/B.2/605/B.1 4
19. Kerckhoff's principle is associated with:
A. Business continuity
B. Investigations
C. Forensics
D. Encryption
21. Which personnel security practice requires that individuals are only able to access what is
necessary for a legitimate purpose?
A. Least privilege
B. Dual control
C. Need to know
D. Separation of duties
22. Which personnel security practice requires employees to take time off so that employers can
detect potential fraud?
A. Job rotation
B. Lease privilege
C. Separation of duties
D. Mandatory vacations
23. Which is the best method to ensure storage media have been sanitized of highly sensitive
data?
A. Degaussing
B. Overwrite with special software
C. Erase the files
D. Physical destruction
© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.
2058/ExamA/B.2/605/B.1 5
24. Which security concern does RAID address?
A. Confidentiality
B. Authentication
C. Availability
D. Access control
25. Which model is focused on ensuring a system remains secure in each condition and that
after transitions the system remains secure?
A. Information flow
B. State machine
C. Process
D. Noninterference
28. Which certification and accreditation criteria use two separate ratings—assurance and
functionality?
A. TCSEC
B. ITSEC
C. Common Criteria
D. ITIL
© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.
2058/ExamA/B.2/605/B.1 6
30. Which software-testing method takes the user's perspective?
A. White box
B. Gray box
C. Black box
D. Static
31. Which evaluation mechanism examines an organization's degree of formality and control in
software development?
A. BSIMM
B. C&A
C. OWASP
D. CMM
32. Which Capability Maturity Model level requires that an organization's processes be defined
and documented?
A. Level 2
B. Level 3
C. Level 4
D. Level 5
33. Which legal system consists of criminal, tort, and administrative laws and was developed in
England?
A. Civil
B. Common
C. Religious
D. Customary
34. Which legal term applies to a failure to act with reasonable care?
A. Negligence
B. Liability
C. Obligation
D. Due care
© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.
2058/ExamA/B.2/605/B.1 7
35. The Wassenaar Arrangement is an example of international cooperation in the area of:
A. International patents
B. Dual-use goods, such as encryption
C. Privacy information
D. Financial information retention
38. Which documents define minimal levels of protection that must be met for a particular
computing platform?
A. Baselines
B. Guidelines
C. Standards
D. Procedures
39. Your web business is worth $2 million per year. Your calculated exposure factor due to
attack is 1%. The calculated annual rate of occurrence is 0.25. What is your annual loss
expectancy?
A. $500,000
B. $50,000
C. $5,000
D. $500
© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.
2058/ExamA/B.2/605/B.1 8
40. You have an asset valued at $1 million. The exposure factor is 10%. The annual loss
expectancy is $20,000. What is the annual rate of occurrence (ARO)?
A. 10%
B. 20%
C. 30%
D. 50%
End of Exam
Thank you for participating in this course and completing this
exam! We are certain that this investment in your professional
development will be rewarded by your enhanced on-the-job
contributions and your accelerated career advancement.
We hope you enjoyed your educational experience with
Learning Tree, and we look forward to serving you again as you
continue your professional education.
© LEARNING TREE INTERNATIONAL, INC. This course exam should not be reproduced in any form.
The course exams should be returned to the test proctor and must not be removed from the classroom.
2058/ExamA/B.2/605/B.1 9