CISSP Practice Set_01: Security Architecture & Engineering_2

Home » CISSP Practice Set_01: Security Architecture & Engineering_2

Security Architecture & Engineering

Domain 01 Practice Set: 01

CISSP DOMAIN 03: Security Architecture & Engineering (Assessment Mode)

CISSP Domain 3: These questions aim to test your understanding of critical security concepts and technologies involved in securing information and systems, aligning with the objectives of Domain 3 of the CISSP exam

Domain 03: Practice Set 01

Disclaimer: The practice exam questions provided are representative of the certification exam, but not the actual questions you will see on the certification exam. Practice exams are for self-assessment.

Page : 1/10

1. What does the concept of "Fail Secure" entail in security systems?

A) A system defaults to an open/allow state in the event of a failure.

B) A system defaults to a closed/deny state in the event of a failure.

C) A system continues to operate with limited functionality when a component fails.

D) A system automatically repairs itself and recovers from a failure without human intervention.

2. Which of the following best describes the concept of a "root of trust"?

A) A methodology for root cause analysis in cybersecurity incidents

B) The initial step in a multi-factor authentication process

C) A set of trusted cryptographic keys used in digital signatures

D) A foundational element in a secure system that is inherently trusted

3. Which of the following security models is specifically designed to prevent conflict of interest when accessing data?

A) Bell-LaPadula

B) Biba

C) Clark-Wilson

D) Brewer and Nash

4. Which principle of secure design emphasizes the need for a system to continue operating correctly even when components fail?

A) Least privilege

B) Fail-secure

C) Separation of duties

D) Fault tolerance

5. Which of the following is a characteristic of the Biba integrity model?

A) It prevents data from being read by unauthorized users.

B) It ensures that users can only perform actions that lower data integrity.

C) It focuses on preventing improper modifications of data and ensuring data integrity.

D) It allows users to access data only if they have the same security clearance level as the data classification.

Page : 2/10

6. What security mechanism can be used to detect unauthorized changes to software and data?

A) Antivirus software

B) Firewalls

C) Intrusion Detection Systems (IDS)

D) Cryptographic hashes

7. Which of the following scenarios is an example of a Man-in-the-Middle (MitM) attack?

A) An attacker encrypts sensitive data to demand a ransom for the decryption key.

B) An attacker exploits a vulnerability in the web application to inject malicious scripts.

C) An attacker intercepts and alters communications between two parties who believe they are directly communicating with each other.

D) An attacker uses a USB drive to install malware on a secured workstation.

8. In secure software development, what is the significance of input validation?

A) To increase the efficiency of the software by optimizing code

B) To ensure that only properly formatted data is entered into a system

C) To encrypt user input to protect against eavesdropping

D) To monitor network traffic for signs of malicious activity

9. Which mechanism is commonly used in operating systems to segregate the memory space used by different applications?

A) Sandboxing

B) Virtualization

C) Memory paging

D) Access control lists (ACLs)

10. Which of the following best describes the purpose of Security Assertion Markup Language (SAML)?

A) To encrypt sensitive data at rest

B) To facilitate secure network communications

C) To enable single sign-on (SSO) for web applications

D) To manage digital rights and content protection

Page : 3/10

11. What is the primary purpose of employing containerization in application deployment?

A) To enhance the graphical interface of applications for better user experience.

B) To increase the processing power available to applications.

C) To isolate application processes and dependencies into a portable and secure environment.

D) To automatically update applications to the latest version

12. What is the primary function of a Security Information and Event Management (SIEM) system?

A) To manage network configurations

B) To enforce endpoint security

C) To aggregate and analyze log data

D) To filter spam from email inboxes

13. Which of the following best describes the concept of "data at rest" encryption?

A) Encrypting data as it is transmitted over a network.

B) Encrypting data before it is stored on a storage medium.

C) Encrypting data as it is processed in memory.

D) Encrypting data based on user access levels.

14. What is the primary purpose of a Public Key Infrastructure (PKI)?

A) To support strong authentication

B) To ensure non-repudiation

C) To facilitate symmetric key exchange

D) To encrypt user data

15. What role does an intrusion detection system (IDS) play in a security architecture?

A) It filters spam emails to prevent phishing attacks.

B) It serves as the primary method for encrypting network traffic.

C) It detects and alerts on potential security threats within network traffic.

D) It physically secures data centers from unauthorized access.

Page : 4/10

16. What is the main goal of employing steganography in cybersecurity?

A) To detect unauthorized access to sensitive information

B) To encrypt data using asymmetric cryptography

C) To hide the existence of information within another file or medium

D) To ensure the integrity of data by applying hash functions

17. What principle is enforced by the use of mandatory access control (MAC) models?

A) User discretion in setting access controls

B) Data confidentiality through encryption

C) Predefined access controls enforced by the system

D) Flexible access controls managed by the data owner

18. In the context of secure software development, what is the primary goal of threat modeling?

A) To identify potential threats to the software and develop countermeasures

B) To create a detailed documentation of the software architecture

C) To assess the performance of the software under high load

D) To ensure compliance with software licensing agreements

19. In the context of secure architecture, what is the main goal of a demilitarized zone (DMZ)?

A) To separate internal network traffic from external traffic

B) To provide a secure area for user authentication

C) To encrypt sensitive data in transit

D) To monitor and filter outgoing email traffic

20. In cryptography, what is the main purpose of using a nonce?

A) To verify the integrity of a message

B) To ensure non-repudiation

C) To prevent replay attacks

D) To increase the encryption key strength

Page : 5/10

21. What is the main purpose of implementing a Sandboxing technique in software development?

A) To increase the efficiency of the development process

B) To detect zero-day vulnerabilities

C) To isolate untested code and monitor its behavior

D) To enhance the user interface of the application

22. Which type of access control model is based on the classification of data and clearance levels of users?

A) Discretionary Access Control (DAC)

B) Role-Based Access Control (RBAC)

C) Mandatory Access Control (MAC)

D) Attribute-Based Access Control (ABAC) Correct Answer:

23. What is the primary purpose of using hardware security modules (HSMs) in a network infrastructure?

A) To increase network throughput

B) To perform secure cryptographic operations

C) To serve as primary network storage

D) To manage network configurations

24. Which security model is primarily concerned with ensuring that actions are taken in a series of steps that maintain a secure state?

A) Bell-LaPadula

B) Biba

C) Clark-Wilson

D) Brewer and Nash

25. What is a primary security concern that can be mitigated by using secure coding practices?

A) Phishing attacks

B) Denial of Service (DoS) attacks

C) SQL Injection

D) Social Engineering

Page : 6/10

26. What is the primary function of a digital signature?

A) To ensure the confidentiality of the document

B) To verify the integrity and authenticity of a message

C) To encrypt data for secure transmission

D) To provide a secure method for password storage

27. Which of the following is a primary security concern with virtualization technology?

A) The increased complexity of network infrastructure.

B) The difficulty in achieving high availability and redundancy.

C) The potential for a single point of failure affecting multiple virtual machines.

D) The increased cost of hardware to support virtualization.

28. Which of the following best describes a Zero Trust architecture?

A) A security model that requires all users, both inside and outside the organization's network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.

B) A network architecture that relies on a single, strong perimeter defense to protect network resources and assumes that everything inside the network is trustworthy.

C) A security strategy that focuses exclusively on external threats, operating under the assumption that internal networks are secure.

D) An approach that prioritizes physical security measures to prevent unauthorized access to the organization's premises and its network devices.

29. What is the primary purpose of a Data Loss Prevention (DLP) system?

A) To detect and prevent unauthorized access to the network

B) To prevent the deletion of sensitive data

C) To detect and prevent data breaches by monitoring, detecting, and blocking sensitive data handling in storage, use, and transmission.

D) To encrypt data transmissions over the Internet

30. What is the primary function of the Trusted Platform Module (TPM) in computer security?

A) To serve as a firewall and monitor incoming and outgoing network traffic

B) To encrypt entire disk drives to protect data at rest

C) To securely store cryptographic keys and perform cryptographic operations

D) To manage user identities and access controls within an organization

Page : 7/10

31. What is the function of a Certificate Authority (CA) in a Public Key Infrastructure (PKI)?

A) To provide secure, encrypted channels for communication over an insecure network like the Internet.

B) To issue and manage digital certificates, verifying the identity of the certificate holder and facilitating the use of public and private key pairs.

C) To act as a repository for storing and distributing public keys.

D) To encrypt data using a public key and decrypt data using a private key.

32. What principle is primarily enforced by the Clark-Wilson model?

A) Data confidentiality

B) Data integrity

C) User accountability

D) Least privilege

33. Which of the following encryption methods is used to secure data in transit and is based on a system where each party involved has a pair of cryptographic keys consisting of a public key and a private key?

A) Symmetric Encryption

B) Asymmetric Encryption

C) Hash Functions

D) Digital Signatures

34. Which of the following encryption algorithms is considered asymmetric?

A) AES

B) 3DES

C) RSA

D) RC4

35. What is the primary difference between symmetric and asymmetric encryption?

A) Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses a public key for encryption and a private key for decryption.

B) Symmetric encryption is used for digital signatures, while asymmetric encryption is not.

C) Asymmetric encryption is faster than symmetric encryption.

D) Symmetric encryption cannot be used for secure key exchange over an insecure channel

Page : 8/10

36. In the context of Public Key Infrastructure (PKI), what role does a Certificate Authority (CA) play?

A) It generates public and private keys for users.

B) It encrypts and decrypts data transmissions.

C) It issues and manages digital certificates.

D) It audits and logs certificate usage.

37. What is the primary security concern addressed by implementing an air gap in a network?

A) Data leakage through wireless networks

B) Unauthorized physical access to network devices

C) Malware infections spreading through the internet

D) Eavesdropping on network communication

38. Which of the following best describes the concept of "defense in depth"?

A) The use of multiple security measures to protect the IT infrastructure

B) The deployment of a single, comprehensive security solution to address all security needs

C) A strategy focused solely on perimeter security

D) Implementing the strongest possible encryption methods

39. Which of the following best describes the purpose of a hardware security module (HSM)?

A) To filter malicious web traffic

B) To manage digital keys and perform encryption and decryption functions

C) To detect and prevent intrusions on a network

D) To provide secure remote access to users

40. Which concept is essential for ensuring that a system can enforce and verify a security policy on data it processes?

A) Security through obscurity

B) Trusted computing base (TCB)

C) Open design principle

D) Security by design

Page : 9/10

41. What role does "Separation of Duties" play in information security?

A) It ensures that no single entity has control over all aspects of a security process.

B) It divides a network into different segments to isolate traffic.

C) It categorizes information into different classifications based on sensitivity.

D) It separates user data from application data to prevent co-mingling.

42. What is the primary security concern addressed by input validation in software applications?

A) Unauthorized data retrieval

B) Buffer overflow attacks

C) Cross-site scripting (XSS)

D) All of the above

43. Which of the following security capabilities is most directly associated with preventing eavesdropping on network communications?

A) Data masking

B) Network segmentation

C) Encryption

D) Antivirus software

44. Which of the following best describes the main goal of Mandatory Access Control (MAC)?

A) To allow users to define their security policies.

B) To prevent unauthorized access based on user roles.

C) To enforce centralized control over access decisions.

D) To dynamically assign roles based on user actions.

45. What is the main difference between hashing and encryption?

A) Hashing is reversible, while encryption is not.

B) Encryption is used for secure communication, while hashing is not.

C) Hashing produces a fixed-size output, while encryption output varies.

D) Encryption requires a key for the process, while hashing does not.

Page : 10/10

46. Which security model is primarily focused on ensuring that access controls are implemented correctly to keep data confidential?

A) Bell-LaPadula

B) Biba

C) Clark-Wilson

D) Brewer and Nash

47. What is the main purpose of employing a WAF (Web Application Firewall)?

A) To detect and prevent network-level DDoS attacks

B) To encrypt web traffic

C) To protect web applications by filtering and monitoring HTTP traffic

D) To manage network traffic and reduce latency

48. What is the primary function of a Trusted Platform Module (TPM) in a computing device?

A) To increase the processing power of the device

B) To serve as the primary storage component

C) To secure the device by storing cryptographic keys

D) To manage the device's operating system

49. Which statement best describes the role of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols?

A) They provide secure email communication.

B) They secure the transmission of data over the internet.

C) They are used for securing network boundaries.

D) They manage digital rights and content protection.

50. What does a Public Key Infrastructure (PKI) primarily support?

A) Symmetric key encryption

B) Asymmetric key encryption and digital signatures

C) User authentication via passwords

D) Network perimeter security

CISSP Practice Test, Quiz & Flashcards

5

CISSP Practice Sets

250

Questions

5.8

Test Submited by Users

info@sajinshivdas.com

Abu Dhabi, UAE

twitter
facebook
youtube
behance

Close Menu

Home
Cybersecurity Blog
Cybersecurity Tools
Computer Forensics
AboutUs

Security Architecture & Engineering

Domain 01 Practice Set: 01

CISSP DOMAIN 03: Security Architecture & Engineering (Assessment Mode)

Domain 03: Practice Set 01

Disclaimer: The practice exam questions provided are representative of the certification exam, but not the actual questions you will see on the certification exam. Practice exams are for self-assessment.

CISSP Practice Test, Quiz & Flashcards

More practice question and flash cards

Risk & Security Management

Asset Security

Security Architecture & Engineering

Communication & Network Security

Identity & Access Management

CISSP Practice Sets Status

5

250

5.8

info@sajinshivdas.com