CCISO Sample Questions (Part 1)

1.      The process of identifying and classifying assets is typically included in the

Options are:

• Business Impact Analysis (Correct)
• Asset configuration management process
• Disaster Recovery plan
• Threat analysis process

Answer: Business Impact Analysis

2.      Physical security measures typically include which of the following components?

Options are:

• Technical, Strong Password, Operational
• Physical, Technical, Operational (Correct)
• Strong password, Biometric, Common Access Card
• Operational, Biometric, Physical

Answer: Physical, Technical, Operational

3.      When analyzing and forecasting a capital expense budget what are not included?

Options are:

• Purchase of new mobile devices to improve operations
• Upgrade of mainframe
• Network connectivity costs (Correct)
• New datacenter to operate from

Answer: Network connectivity costs

4.      SQL injection is a very popular and successful injection attack method. Identify the basic SQLinjection text:

Options are:

• DROPTABLE USERNAME
•  o 1=1 – – (Correct)
• NOPS
• /../../../../

Answer:  o 1=1 – –

5.      When analyzing and forecasting an operating expense budget what are not included?

Options are:

• Software and hardware license fees
• New datacenter to operate from (Correct)
• Utilities and power costs
• Network connectivity costs

Answer: New datacenter to operate from

6.      The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

Options are:

• The requirement to post entries for a closed accounting period.
• The need to create and modify the chart of accounts and its allocations.
• The need to change accounting periods on a regular basis. (Correct)
• The lack of policies and procedures for the proper segregation of duties.

Answer: The need to change accounting periods on a regular basis.

7.      An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

Options are:

• Open
• None
• Shared key (Correct)
• Asynchronous

Answer: Shared key

8.      Which of the following is the MAIN security concern for public cloud computing?

Options are:

• Unable to patch systems as needed
• Unable to run anti-virus scans
• Unable to track log on activity
• Unable to control physical access to the servers (Correct)

Answer: Unable to control physical access to the servers

9.      Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

Options are:

• Provide IP and MAC address (Correct)
• Configure logging on each access point
• Install a firewall software on each wireless access point.
• Disable SSID Broadcast and enable MAC address filtering on all wireless access points

Answer: Provide IP and MAC address

10.  Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?

Options are:

• Financial statements
• Alignment with business goals
• ISO27000 accreditation (Correct)
• PCI attestation of compliance

Answer: ISO27000 accreditation

……….to be continued ……..