Home > CISSP > Quizzes > CISSP Domain 1: Security and Risk Management
CISSP Domain 1: Security and Risk Management
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 45% Most missed: “Montrie is required to destroy card verification value (CVV) codes after transac…”

Domain 1: Security and Risk Management Practice Questions
Questions from the following topics are included in this domain:
Basics of security and risk management
    Differing data roles and responsibilities
    Identifying administrative, physical, and technical controls
    Ethics of security professionals
    Administrative policies, procedures, and guidelines
    Object categorization and classification
    Importance of security training

CISSP Domain 1: Security and Risk Management
Time left 00:00
25 Questions

1. Wade is required to rebuild the organization and build an IT helpdesk infrastructure for customer support. Which framework and standards would help him BEST facilitate this?
2. Sofia, a senior manager, needs to get a Linux update installed on her team's server. Central IT has not performed the update even after being asked three times. Sofia selects a team member to install it and work around the IT department. This is BEST referred to as:
3. Coop, a security manager, practices decrypting secure documents. He has plain text of some of the files and needs to decrypt the rest. Which attack should he use?
4. Which of the following does NOT represent an asset for an organization?
5. Roger, the chief financial officer (CFO) of NUS Micro, just received an email from his boss requesting he immediately wire $50 million to China to close a business deal. He calls his boss but cannot reach him. The email looks genuine, including the email address and domain name. He wires the money, only to find out later that his boss did not make this request. This represents which type of attack?
6. The Risk Management Framework (RMF) is also known as which NIST SP?
7. Unexpectedly, Coco has been given 2 weeks of paid time off. What is the security purpose of this event?
8. Nina, a forensic accountant, suspects fraud within the organization, and implemented separation of duties (SoD) to mitigate the issues. Later investigation shows the fraud has appeared to continue. What is MOST LIKELY occurring?
9. Teecee is running the computer sales department and sees that her team has sold $600,000 of their yearly goal of $1,000,000. What are the key performance indicator (KPI) and the key goal indicator (KGI)?
10. Arthur, chief executive officer (CEO) of Funutek, wishes to implement online purchasing via their website. The chief marketing officer (CMO) likes the idea because the new system can double sales. The CSO fears internet attacks and suggests NOT moving forward. How should Arthur proceed?
11. According to the Cisco 2020 CISO Benchmark Report, cyber (security) fatigue is defined as virtually giving up on proactively defending against malicious actors. What is the number 1 source of cyber fatigue?
12. Which of these is NOT true?
13. Qiang has been assigned to find recovery sites as a result of the DR planning meeting. Her job is to find sites with heating, cooling, electricity, internet access, and power. The site will require no computers. Which type of recovery site is this?
14. Elimu has installed firewalls to protect his users from outside attacks. This is a good example of what?
15. Bud has just learned about hacking, knows a little about programming, and likes to bring misery to others. He decides to attempt hacking into his school website to change his grades. This puts him in which class of hackers?
16. Wilfried is the security administrator of a store and is preparing for the PCI-DSS audit. Which is NOT one of the PCI-DSS requirements?
17. Su-wei uses the Linux operating system, and freely copies it and gives it to friends. She is allowed to do this because of which of the following licenses?
18. Stefanos has just signed an SLA with NUS Systems. Which of the following is NOT part of the agreement?
19. Tara's computer started performing very slowly, and then a popup locked her computer and notified her that unless she paid $300, she would never have access to her data again. Which of the following BEST describes this attack?
20. Victoria has worked in several departments of the company, including marketing, quality, and production. An audit found she still has privileges in all of her past departments even though she works in finance. This is called:
21. Simon needs to calculate risk. Which formula will he use?
22. Naomi needs to calculate the TCO. Which of the following will she NOT use to complete the calculation?
23. The area of United States (US) copyright law that makes it a crime to copy and distribute stolen software is called:
24. Juan plans to perform testing on his website and generate random input to see if it is vulnerable to which type of attack?
25. Which of the following is it only recommended to follow?