Professional Documents
Culture Documents
Cissp 240116 210252
Cissp 240116 210252
Cissp 240116 210252
A. Data controls
B. Software controls
C. Application controls
D. Host controls
2. In almost all cases, organizations and their security teams should be able to define sets or patterns of
user activities that are acceptable and expected, in most, if not all circumstances. What is this process
known as?
3. When considering modern implementations of access control, which model maps users to
applications and then roles?
A. RBAC
B. Limited RBAC
C. RuBAC
D. DAC
4. We are, perhaps, familiar with the concepts of platform as a service (PaaS) and infrastructure as a
service (IaaS), but these have been extended to include those in the following list of possible answer
choices. All of these are defined under ISO/IEC 17788 except which one?
A. Ring
C. Tree
6. The systems lifecycle model suggests that three different perspectives in time add to the complexity of
the software’s environment. Which of the following is not one of them?
C. Post-replacement
D. Pre-operational design
7. Tricking a central processing unit (CPU) into executing a different set of instructions than the designers
intended is known as what kind of code execution?
A. Object
B. Executable
C. Intermediate
D. Arbitrary
8. What is the common name for a phreaking tool that generates the 2600 Hz tones that phone trunk
systems used to communicate?
A. A black box
B. A blue box
C. A white box
D. A red box
9. When a user initially logs into their email account and the service provider sends a text message with
a one time use code to their cell phone. What type of authentication has been implemented?
10. Who is responsible for establishing the policies and procedures governing the generation, collection,
A. Information steward
11. Under which circumstances can law enforcement seize physical assets of a cloud service provider?