CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(2340 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. What component of a web application that stores the session state in a cookie can be bypassed by an attacker? 

A. An initialization check 

B. An identification check 

C. An authentication check 

D. An authorization check 

Answer:

Q2. Disaster Recovery Plan (DRP) training material should be 

A. consistent so that all audiences receive the same training. 

B. stored in a fire proof safe to ensure availability when needed. 

C. only delivered in paper format. 

D. presented in a professional looking manner. 

Answer:

Q3. Which of the following is the BEST solution to provide redundancy for telecommunications links? 

A. Provide multiple links from the same telecommunications vendor. 

B. Ensure that the telecommunications links connect to the network in one location. 

C. Ensure.that the telecommunications links connect to the network in multiple locations. 

D. Provide multiple links from multiple telecommunications vendors. 

Answer:

Q4. What is the process called when impact values are assigned.to the.security objectives for information types? 

A. Qualitative analysis 

B. Quantitative analysis 

C. Remediation 

D. System security categorization 

Answer:

Q5. Which of the following BEST describes a Protection Profile (PP)? 

A. A document that expresses an implementation independent set of security requirements for an IT product that meets specific consumer needs. 

B. A document that is used to develop an IT security product from its security requirements definition. 

C. A document that expresses an implementation dependent set of security requirements which contains only the security functional requirements. 

D. A document that represents evaluated products where there is a one-to-one correspondence between a PP and a Security Target (ST). 

Answer:

Q6. Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what? 

A. Interface with the Public Key Infrastructure (PKI) 

B. Improve the quality of security software 

C. Prevent Denial of Service (DoS) attacks 

D. Establish a secure initial state 

Answer:

Q7. Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them? 

A. Data Custodian 

B. Executive Management 

C. Chief Information Security Officer 

D. Data/Information/Business Owners 

Answer:

Q8. Which of the following is the best practice for testing a Business Continuity Plan (BCP)? 

A. Test.before the IT Audit 

B. Test when environment changes 

C. Test after installation of security patches 

D. Test after implementation of system patches 

Answer:

Q9. If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result? 

A. User error 

B. Suspected tampering 

C. Accurate identification 

D. Unsuccessful identification 

Answer:

Q10. Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment? 

A. Integration with organizational directory services for authentication 

B. Tokenization of data 

C. Accommodation of hybrid deployment models 

D. Identification of data location 

Answer:

Q11. In a data classification scheme, the data is owned by the 

A. Information Technology (IT) managers. 

B. business managers. 

C. end users. 

D. system security managers. 

Answer:

Q12. As one component of a physical security system, an Electronic Access Control (EAC) token is BEST known for its ability to 

A. overcome the problems of key assignments. 

B. monitor the opening of windows and doors. 

C. trigger alarms when intruders are detected. 

D. lock down a facility during an emergency. 

Answer:

Q13. Multi-threaded applications are more at risk than single-threaded applications to 

A. race conditions. 

B. virus infection. 

C. packet sniffing. 

D. database injection. 

Answer:

Q14. What is the GREATEST challenge to identifying data leaks? 

A. Available technical tools that enable user activity monitoring. 

B. Documented asset classification policy and clear labeling of assets. 

C. Senior management cooperation in investigating suspicious behavior. 

D. Law enforcement participation to apprehend and interrogate suspects. 

Answer:

Q15. HOTSPOT 

In the network design below, where.is.the.MOST secure.Local Area Network (LAN).segment to deploy a.Wireless.Access.Point (WAP) that provides.contractors.access to the Internet and authorized enterprise services? 

Answer:  

START CISSP EXAM