CCISO Sample Questions (Part 2)

1.       Which wireless encryption technology makes use of temporal keys?

Options are:

  • Extensible Authentication Protocol (EAP)
  • Wireless Equivalence Protocol (WEP)
  • Wireless Application Protocol (WAP)
  • Wifi Protected Access version 2 (WPA2) (Correct)

Answer: Wifi Protected Access version 2 (WPA2)

2.      Which of the following statements about Encapsulating Security Payload (ESP) is true?

Options are:

  • It uses TCP port 22 as the default port and operates at the application layer.
  • It is a text-based communication protocol.
  • It is an IPSec protocol. (Correct)
  • It uses UDP port 22

Answer: It is an IPSec protocol.

3.      When dealing with risk, the information security practitioner may choose to:

Options are:

  • acknowledge (Correct)
  • assign
  • transfer
  • defer

Answer: acknowledge

4.      Involvement of senior management is MOST important in the development of:

Options are:

  • IT security procedures. (Correct)
  • IT security implementation plans.
  • IT security policies.
  • Standards and guidelines.

Answer: IT security procedures.

5.      An anonymity network is a series of?

Options are:

  • Virtual network tunnels (Correct)
  • War driving maps
  • Government networks in Tora
  • Covert government networks

Answer: Virtual network tunnels

6.      The process of creating a system which divides documents based on their security level to manage access to private data is known as

Options are:

  • privacy protection
  • data classification (Correct)
  • security coding
  • data security system

Answer: data classification

7.      The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Options are:

  • Establishing Enterprise-owned Botnets for preemptive attacks
  • Well established and defined digital forensics process
  • Collaboration with law enforcement (Correct)
  • Be able to retaliate under the framework of Active Defense

Answer: Collaboration with law enforcement

8.      What is the primary reason for performing vendor management?

Options are:

  • To establish a vendor selection process
  • To understand the risk coverage that are being mitigated by the vendor (Correct)
  • To define the partnership for long-term success
  • To document the relationship between the company and the vendor

Answer: To understand the risk coverage that are being mitigated by the vendor

9.      Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?

Options are:

  • Security regulations
  • Data classification
  • Information security policy (Correct)
  • Asset classification

Answer: Information security policy

10.  The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called

Options are:

  • Security certification
  • Alignment with business practices and goals.
  • Security system analysis
  • Security accreditation (Correct)

Answer: Security accreditation