CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(28890 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. Which one of the following considerations has the LEAST impact when considering transmission security? 

A. Network availability 

B. Data integrity 

C. Network bandwidth 

D. Node locations 

Answer:

Q2. Which one of the following transmission media is MOST effective in preventing data interception? 

A. Microwave 

B. Twisted-pair 

C. Fiber optic 

D. Coaxial cable 

Answer:

Q3. DRAG DROP 

Place the following information classification steps in.sequential order. 

Answer:  

Q4. The goal of a Business Continuity Plan (BCP) training and awareness program is to 

A. enhance the skills required to create, maintain, and execute the plan. 

B. provide for a high level of recovery in case of disaster. 

C. describe the recovery organization to new employees. 

D. provide each recovery team with checklists and procedures. 

Answer:

Q5. When transmitting information over public networks, the decision to encrypt it should be based on 

A. the estimated monetary value of the information. 

B. whether there are transient nodes relaying the transmission. 

C. the level of confidentiality of the information. 

D. the volume of the information. 

Answer:

Q6. Which of the following does Temporal Key Integrity Protocol (TKIP) support? 

A. Multicast and broadcast messages 

B. Coordination of IEEE 802.11 protocols 

C. Wired Equivalent Privacy (WEP) systems 

D. Synchronization of.multiple devices 

Answer:

Q7. Which of the following is the MAIN reason that system re-certification and re-accreditation are needed? 

A. To assist data owners in making future sensitivity and criticality determinations 

B. To assure the software development team that all security issues have been addressed 

C. To verify that security protection remains acceptable to the organizational security policy 

D. To help the security team accept or reject new systems for implementation and production 

Answer:

Q8. A practice that permits the owner of a data object to grant other users access to that object would usually provide 

A. Mandatory Access Control (MAC). 

B. owner-administered control. 

C. owner-dependent access control. 

D. Discretionary Access Control (DAC). 

Answer:

Q9. Single Sign-On (SSO) is PRIMARILY designed to address which of the following? 

A. Confidentiality and Integrity 

B. Availability and Accountability 

C. Integrity and Availability 

D. Accountability and Assurance 

Answer:

Q10. What is the MOST important reason to configure unique user IDs? 

A. Supporting accountability 

B. Reducing authentication errors 

C. Preventing password compromise 

D. Supporting Single Sign On (SSO) 

Answer:

Q11. Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data? 

A. Immediately document the.finding and.report to senior management. 

B. Use system privileges to alter the permissions to secure the server 

C. Continue the testing to its completion and then inform IT management 

D. Terminate the penetration test and pass the finding to the server management team 

Answer:

Q12. The MAIN reason an organization conducts a security authorization process is to 

A. force the organization to make conscious risk decisions. 

B. assure the effectiveness of security controls. 

C. assure the correct security organization exists. 

D. force the organization to enlist management support. 

Answer:

Q13. Refer.to the information below to answer the question. 

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. 

Which.of.the.following.could.have.MOST.likely.prevented.the.Peer-to-Peer.(P2P).program.from.being.installed.on.the.computer? 

A. Removing employee's full access to the computer 

B. Supervising their child's use of the computer 

C. Limiting computer's access to only the employee 

D. Ensuring employee understands their business conduct guidelines 

Answer:

Q14. Which of the following questions can be answered using user and group entitlement reporting? 

A. When a particular file was last accessed by a user 

B. Change control activities for a particular group of users 

C. The number of failed login attempts for a particular user 

D. Where does a particular user have access within the network 

Answer:

Q15. The application of which of the following standards would BEST reduce the potential for data breaches? 

A. ISO 9000 

B. ISO 20121 

C. ISO 26000 

D. ISO 27001 

Answer:

START CISSP EXAM