CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(2010 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. Refer.to the information below to answer the question. 

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. 

Which of the following will MOST likely allow the organization to keep risk at an acceptable level? 

A. Increasing the amount of audits performed by third parties 

B. Removing privileged accounts from operational staff 

C. Assigning privileged functions to appropriate staff 

D. Separating the security function into distinct roles 

Answer:

Q2. To protect auditable information, which of the following MUST be configured to only allow 

read access? 

A. Logging configurations 

B. Transaction log files 

C. User account configurations 

D. Access control lists (ACL) 

Answer:

Q3. Refer.to the information below to answer the question. 

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. 

Given the number of priorities, which of the following will MOST likely influence the selection of top initiatives? 

A. Severity of risk 

B. Complexity of strategy 

C. Frequency of incidents 

D. Ongoing awareness 

Answer:

Q4. Refer.to the information below to answer the question. 

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. 

The security program can be considered effective when 

A. vulnerabilities are proactively identified. 

B. audits are regularly performed and reviewed. 

C. backups are regularly performed and validated. 

D. risk is lowered to an acceptable level. 

Answer:

Q5. An advantage of link encryption in a communications network is that it 

A. makes key management and distribution easier. 

B. protects data from start to finish through the entire network. 

C. improves the efficiency of the transmission. 

D. encrypts all information, including headers and routing information. 

Answer:

Q6. The FIRST step in building a firewall is to 

A. assign the roles and responsibilities of the firewall administrators. 

B. define the intended audience who will read the firewall policy. 

C. identify mechanisms to encourage compliance with the policy. 

D. perform a risk analysis to identify issues to be addressed. 

Answer:

Q7. Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)? 

A. Make changes following principle and design guidelines. 

B. Stop the application until the vulnerability is fixed. 

C. Report the vulnerability to product owner. 

D. Monitor the application and review code. 

Answer:

Q8. Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review? 

A. It has normalized severity ratings. 

B. It has many worksheets and practices to implement. 

C. It aims to calculate the risk of published vulnerabilities. 

D. It requires a robust risk management framework to be put in place. 

Answer:

Q9. Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents? 

A. Ineffective.data classification.

B. Lack of data access.controls 

C. Ineffective identity management controls 

D. Lack of Data Loss Prevention (DLP) tools 

Answer:

Q10. An online retail company has formulated a record retention schedule for customer transactions. Which of the following is a valid.reason a customer transaction is kept beyond the retention schedule? 

A. Pending legal hold 

B. Long term data mining needs 

C. Customer makes request to retain 

D. Useful for future business initiatives 

Answer:

Q11. How does Encapsulating Security Payload (ESP) in transport mode affect the Internet Protocol (IP)? 

A. Encrypts and optionally authenticates the IP header, but not the IP payload 

B. Encrypts and optionally authenticates the IP payload, but not the IP header 

C. Authenticates the IP payload and selected portions of the IP header 

D. Encrypts and optionally authenticates the complete IP packet 

Answer:

Q12. In order for a security policy to be effective within an organization, it MUST include 

A. strong statements that clearly define the problem. 

B. a list of all standards that apply to the policy. 

C. owner information and date of last revision. 

D. disciplinary measures for non compliance. 

Answer:

Q13. Why MUST a Kerberos server be well protected from unauthorized access? 

A. It contains the keys of all clients. 

B. It always operates at root privilege. 

C. It contains all the tickets for services. 

D. It contains the Internet Protocol (IP) address of all network entities. 

Answer:

START CISSP EXAM