CCISO Sample Questions (Part 1)
1. The process of identifying and classifying assets is typically included in the
- Business Impact Analysis (Correct)
- Asset configuration management process
- Disaster Recovery plan
- Threat analysis process
Answer: Business Impact Analysis
2. Physical security measures typically include which of the following components?
- Technical, Strong Password, Operational
- Physical, Technical, Operational (Correct)
- Strong password, Biometric, Common Access Card
- Operational, Biometric, Physical
Answer: Physical, Technical, Operational
3. When analyzing and forecasting a capital expense budget what are not included?
- Purchase of new mobile devices to improve operations
- Upgrade of mainframe
- Network connectivity costs (Correct)
- New datacenter to operate from
Answer: Network connectivity costs
4. SQL injection is a very popular and successful injection attack method. Identify the basic SQLinjection text:
- DROPTABLE USERNAME
- o 1=1 – – (Correct)
Answer: o 1=1 – –
5. When analyzing and forecasting an operating expense budget what are not included?
- Software and hardware license fees
- New datacenter to operate from (Correct)
- Utilities and power costs
- Network connectivity costs
Answer: New datacenter to operate from
6. The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?
- The requirement to post entries for a closed accounting period.
- The need to create and modify the chart of accounts and its allocations.
- The need to change accounting periods on a regular basis. (Correct)
- The lack of policies and procedures for the proper segregation of duties.
Answer: The need to change accounting periods on a regular basis.
7. An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?
- Shared key (Correct)
Answer: Shared key
8. Which of the following is the MAIN security concern for public cloud computing?
- Unable to patch systems as needed
- Unable to run anti-virus scans
- Unable to track log on activity
- Unable to control physical access to the servers (Correct)
Answer: Unable to control physical access to the servers
9. Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?
- Provide IP and MAC address (Correct)
- Configure logging on each access point
- Install a firewall software on each wireless access point.
- Disable SSID Broadcast and enable MAC address filtering on all wireless access points
Answer: Provide IP and MAC address
10. Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?
- Financial statements
- Alignment with business goals
- ISO27000 accreditation (Correct)
- PCI attestation of compliance
Answer: ISO27000 accreditation
……….to be continued ……..