Download CISSP Chapter 1 A+ Graded Exam Review Questions With 100% Correct And Verified Answers and more Exams Advanced Education in PDF only on Docsity! CISSP Chapter 1 A+ Graded Exam Review Questions With 100% Correct And Verified Answers Which of the following contains the primary goals and objectives of security? A. A network's border perimeter B. The CIA Triad C. A stand-alone system D. The internet - Correct Answer-B Vulnerabilities and risks are evaluated based on their threats against which of the following? A. One or more of the CIA Triad principles B. Data usefulness C. Due care D. Extent of liability - Correct Answer-A Which of the following is a principle of the CIA Triad that means authorized subjects are granted timely and uninterrupted access to objects? A. Identification B. Availability C. Encryption D. Layering - Correct Answer-B Which of the following is not considered a violation of confidentiality? A. Stealing passwords B. Eavesdropping C. Hardware destruction D. Social engineering - Correct Answer-C Which of the following is not true? A. Violations of confidentiality include human error. B. Violations of confidentiality include management oversight. C. Violations of confidentiality are limited to direct intentional attacks. D. Violations of confidentiality can occur when a transmission is not properly encrypted. - Correct Answer-C STRIDE is often used in relation to assessing threats against applications or operating systems. Which of the following is not an element of STRIDE? A. Spoofing B. Elevation of privilege C. Repudiation D. Disclosure - Correct Answer-D If a security mechanism offers availability, then it offers a high level of assurance that authorized subjects can _____________________ the data, objects, and resources. A. Control B. Audit C. Access D. Repudiate - Correct Answer-C _______________ refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed. A. Seclusion B. Concealment C. Privacy D. Criticality - Correct Answer-C All but which of the following items requires awareness for all individuals affected? A. Restricting personal email B. Recording phone conversations C. Gathering information about surfing habits D. The backup mechanism used to retain email messages - Correct Answer-D What element of data categorization management can override all other forms of access control? A. Classification B. Physical access C. Custodian responsibilities D. Taking ownership - Correct Answer-D What ensures that the subject of an activity or event cannot deny that the event occurred? A. CIA Triad B. Abstraction