CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(29490 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. A large university needs to enable student.access to university resources from their homes. Which of the following provides the BEST option for low maintenance and ease of deployment? 

A. Provide students with Internet Protocol Security (IPSec) Virtual Private Network (VPN) client software. 

B. Use Secure Sockets Layer (SSL) VPN technology. 

C. Use Secure Shell (SSH) with public/private keys. 

D. Require students to purchase home router capable of VPN. 

Answer:

Q2. By allowing storage communications to run on top of Transmission Control 

Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the 

A. confidentiality of the traffic is protected. 

B. opportunity to sniff network traffic exists. 

C. opportunity for device identity spoofing is eliminated. 

D. storage devices are protected against availability attacks. 

Answer:

Q3. What is an effective practice when returning electronic storage media to third parties for repair? 

A. Ensuring the media is not labeled in any way that indicates the organization's name. 

B. Disassembling the media and removing parts that may contain sensitive data. 

C. Physically breaking parts of the media that may contain sensitive data. 

D. Establishing a contract with the third party regarding the secure handling of the media. 

Answer:

Q4. An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor? 

A. Provide the encrypted passwords and analysis tools to the auditor for analysis. 

B. Analyze the encrypted passwords for the auditor and show them the results. 

C. Demonstrate that non-compliant passwords cannot be created in the system. 

D. Demonstrate that non-compliant passwords cannot be encrypted in the system. 

Answer:

Q5. An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester? 

A. Limits and scope of the testing. 

B. Physical location of server room and wiring closet. 

C. Logical location of filters and concentrators. 

D. Employee directory and organizational chart. 

Answer:

Q6. Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique? 

A. It is useful for testing communications protocols and graphical user interfaces. 

B. It is characterized by the stateless behavior of a process implemented in a function. 

C. Test inputs are obtained from the derived boundaries of the given functional specifications. 

D. An entire partition can be covered by considering only one representative value from that partition. 

Answer:

Q7. Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches? 

A. Simple Mail Transfer Protocol (SMTP) blacklist 

B. Reverse Domain Name System (DNS) lookup 

C. Hashing algorithm 

D. Header analysis 

Answer:

Q8. Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents? 

A. Ineffective.data classification.

B. Lack of data access.controls 

C. Ineffective identity management controls 

D. Lack of Data Loss Prevention (DLP) tools 

Answer:

Q9. In Business Continuity Planning (BCP), what is the importance of documenting business processes? 

A. Provides senior management with decision-making tools 

B. Establishes and adopts ongoing testing and maintenance strategies 

C. Defines who will perform which functions during a disaster or emergency 

D. Provides an understanding of the organization's interdependencies 

Answer:

Q10. Which of the following is a detective access control mechanism? 

A. Log review 

B. Least privilege C. Password complexity 

D. Non-disclosure agreement 

Answer:

Q11. Refer.to the information below to answer the question. 

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. 

Which of the following is true according to the star property (*property)? 

A. User D can write to.File 1 

B. User.B can write to File 1 

C. User A can write to File 1 

D. User C can.write to.File 1 

Answer:

Q12. How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system? 

A. Take another backup of the media in question then delete all irrelevant operating system files. 

B. Create a comparison database of cryptographic hashes of the files from a system with the same operating system and patch level. 

C. Generate a message digest (MD) or secure hash on the drive image to detect tampering of the media being examined. 

D. Discard harmless files for the operating system, and known installed programs. 

Answer:

Q13. Refer.to the information below to answer the question. 

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. 

In the plan, what is the BEST approach to mitigate future internal client-based attacks? 

A. Block all client side web exploits at the perimeter. 

B. Remove all non-essential client-side web services from the network. 

C. Screen for harmful exploits of client-side services before implementation. 

D. Harden the client image before deployment. 

Answer:

Q14. Which of the following elements.MUST a compliant EU-US Safe Harbor Privacy Policy contain? 

A. An explanation of how long the data subject's collected information will be retained for and how it will be eventually disposed. 

B. An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject. 

C. An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to. 

D. An explanation of all the technologies employed by the collecting organization in gathering information on the data subject. 

Answer: B

Q15. While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following.is the correct procedure for handling such 

equipment? 

A. They should be recycled to save energy. 

B. They should be recycled according to NIST SP 800-88..

C. They should be inspected and sanitized following the organizational policy. 

D. They should be inspected and categorized properly to sell them for reuse. 

Answer:

START CISSP EXAM