CCISO Sample Questions (Part 2)
1. Which wireless encryption technology makes use of temporal keys?
Options are:
- Extensible Authentication Protocol (EAP)
- Wireless Equivalence Protocol (WEP)
- Wireless Application Protocol (WAP)
- Wifi Protected Access version 2 (WPA2) (Correct)
Answer: Wifi Protected Access version 2 (WPA2)
2. Which of the following statements about Encapsulating Security Payload (ESP) is true?
Options are:
- It uses TCP port 22 as the default port and operates at the application layer.
- It is a text-based communication protocol.
- It is an IPSec protocol. (Correct)
- It uses UDP port 22
Answer: It is an IPSec protocol.
3. When dealing with risk, the information security practitioner may choose to:
Options are:
- acknowledge (Correct)
- assign
- transfer
- defer
Answer: acknowledge
4. Involvement of senior management is MOST important in the development of:
Options are:
- IT security procedures. (Correct)
- IT security implementation plans.
- IT security policies.
- Standards and guidelines.
Answer: IT security procedures.
5. An anonymity network is a series of?
Options are:
- Virtual network tunnels (Correct)
- War driving maps
- Government networks in Tora
- Covert government networks
Answer: Virtual network tunnels
6. The process of creating a system which divides documents based on their security level to manage access to private data is known as
Options are:
- privacy protection
- data classification (Correct)
- security coding
- data security system
Answer: data classification
7. The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
Options are:
- Establishing Enterprise-owned Botnets for preemptive attacks
- Well established and defined digital forensics process
- Collaboration with law enforcement (Correct)
- Be able to retaliate under the framework of Active Defense
Answer: Collaboration with law enforcement
8. What is the primary reason for performing vendor management?
Options are:
- To establish a vendor selection process
- To understand the risk coverage that are being mitigated by the vendor (Correct)
- To define the partnership for long-term success
- To document the relationship between the company and the vendor
Answer: To understand the risk coverage that are being mitigated by the vendor
9. Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?
Options are:
- Security regulations
- Data classification
- Information security policy (Correct)
- Asset classification
Answer: Information security policy
10. The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called
Options are:
- Security certification
- Alignment with business practices and goals.
- Security system analysis
- Security accreditation (Correct)
Answer: Security accreditation