Keeping in mind that these are objectives that are provided for information only within the CBK as they only
apply to the committee and not to the individuals. Which of the following statements pertaining to the (ISC)2
Code of Ethics is NOT true?

Which of the following is NOT defined in the Internet Architecture Board (IAB) Ethics and the Internet (RFC
1087) as unacceptable and unethical activity?

What would be the Annualized Rate of Occurrence (ARO) of the threat “user input error”, in the case where a
company employs 100 data entry clerks and every one of them makes one input error each month?

Which of the following is MOST appropriate to notify an internal user that session monitoring is being
conducted?

Which of the following is NOT part of user provisioning?

If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be
compensated:

The ISC2 Code of Ethics does not include which of the following behaviors for a CISSP:

Good security is built on which of the following concept?

Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of
contents is which of the following?

Related to information security, availability is the opposite of which of the following?