Home > Blogs > CISSP Questions of the Week

CISSP Questions of the Week

These CISSP Questions of the Week questions and answers were developed by Shon Harris and the Logical Security development team. We hope you find this to be a helpful resource. Simply select the "Click Here" under each question to find the answer.

1. Which of the following have incorrect definition mapping when it comes to disaster recovery steps?

   i.   Develop the continuity planning policy statement. Write a policy that provides the guidance necessary to develop a BCP and that assigns authority to the necessary roles to carry out these tasks.
   ii.  Conduct the business impact analysis (BIA). Identify critical functions and systems and allow the organization to prioritize them based on necessity. Identify vulnerabilities, threats, and calculate risks.
   iii. Identify preventive controls. Once threats are recognized, identify and implement controls and countermeasures to reduce the organization's risk level in an economical manner.
   iv.  Develop recovery strategies. Write procedures and guidelines for how the organization can still stay functional in a crippled state.
   v.   Develop the contingency plan. Formulate methods to ensure systems and critical functions can be brought online quickly.
   vi.  Test the plan and conduct training and exercises. Test the plan to identify deficiencies in the BCP, and conduct training to properly prepare individuals on their expected tasks.
   vii. Maintain the plan. Put in place steps to ensure the BCP is a living document that is updated regularly.

        A. iv, v
        B. ii, iv
        C. i, ii, iii
        D. i, vii, v

       Click Here for the Answer


2. Which of the following has objectives that include the creation of a framework for establishing jurisdiction and extradition of the accused?

   A. Global Council Convention on Cybercrime
   B. Council of Europe Convention on Cybercrime
   C. Forensics United Council
   D. Interpol

       Click Here for the Answer


3. Which of the following is not considered an operational assurance responsibility?

   A. Separation of privileged and user program code
   B. Auditing and monitoring capabilities
   C. Trusted recovery when the product experiences unexpected circumstances
   D. Unit and integration testing

       Click Here for the Answer

Become an InformIT Member

Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.