Home > CISSP > Quizzes > CISSP Domain 1: Security and Risk Management
CISSP Domain 1: Security and Risk Management
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 45% Most missed: “Montrie is required to destroy card verification value (CVV) codes after transac…”

Domain 1: Security and Risk Management Practice Questions
Questions from the following topics are included in this domain:
Basics of security and risk management
    Differing data roles and responsibilities
    Identifying administrative, physical, and technical controls
    Ethics of security professionals
    Administrative policies, procedures, and guidelines
    Object categorization and classification
    Importance of security training

CISSP Domain 1: Security and Risk Management
Time left 00:00
25 Questions

1. NIST outlines security controls to put in place of federal agencies in which Special Publication (SP)?
2. An organization is initiating the qualitative risk analysis process. Which of the following is NOT part of the process?
3. Which is BEST represented as the product of a threat and vulnerability?
4. Elina is interviewing risk consulting firms. What is the main item she should NOT look for in a qualified firm?
5. Juan plans to perform testing on his website and generate random input to see if it is vulnerable to which type of attack?
6. Eugenie is the production manager at FAUX Widgets, and the lights went out for the entire building. Which action does she execute FIRST?
7. As Bjorn leaves the office this day, Steffi tells him she overheard men starting to break in earlier that evening to steal documents. The men are later caught, and Bjorn is brought onto the witness stand in court to mention what he heard. This type of evidence is termed which of the following?
8. Sloane received a phone call from her administrator to confirm an email received from her. She then gets a phone call from her CFO that he received a message from her to transfer $1 million overseas. What has MOST LIKELY occurred?
9. Yaza is planning on selling COVID-19 masks online to the European Union (EU). Which regulation is the most important for her to consider?
10. Fritz works with a document providing him step-by-step instructions. Which of the following is he working with?
11. Karthik receives a threatening email stating that they have a video of him performing lewd acts while watching porn. They will release the videos unless he pays them $1,000. This type of attack is BEST called:
12. As part of a disaster strategy, Caty asks management for approval of deploying a warm site. Warm sites are which type of control functionality?
13. For most organizations, which is the most important asset when a firm enters into BCP or DRP mode?
14. Nina, a forensic accountant, suspects fraud within the organization and implemented SoD to mitigate the issues. Later investigation shows the fraud has appeared to continue. What is her BEST next step?
15. Bud has just learned about hacking, knows a little about programming, and likes to bring misery to others. He decides to attempt hacking into his school website to change his grades. This puts him in which class of hackers?
16. Benoit, the company CISO, is researching high-security systems that authenticate everything attempting connections to the corporate network. Such an architecture is called:
17. Randi is an engineering manager who hires Percy, a senior engineer, to manage the ASAN Corp account in Cleveland. Bud, also a senior engineer, hears complaints from the ASAN customers and reports them to Randi instead of Percy. What is Randi's BEST next step?
18. Bianca has already contacted SGI News regarding the use of her copyrighted images on their website, but they refuse to take them down. What is her BEST next step to have her images removed from the site?
19. Ons, a security manager, is working with her team to develop and update policies for staff and vendors. Controls in this area are considered which of the following?
20. Elimu has installed firewalls to protect his users from outside attacks. This is a good example of what?
21. Zosimo works for Maximo Smartphones, and for years, their new smartphone plans have been leaked to the public 2 years ahead of time, hurting sales. What is the BEST administrative control he can use to stop this?
22. Security education should be required for whom in an organization?
23. Dito works in the Detroit office of the organization, and Greg states a management opportunity is soon opening and guarantees that Dito will get the job. Dito would feel more comfortable if the verbal guarantee came with a(n):
24. Teecee is running the computer sales department and sees that her team has sold $600,000 of their yearly goal of $1,000,000. What are the key performance indicator (KPI) and the key goal indicator (KGI)?
25. What represents the indirect costs, direct costs, replacement costs, and upgrade costs for the entire life cycle of an asset?