CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(29625 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. What is the PRIMARY advantage of using automated application security testing tools? 

A. The application can be protected in the production environment. 

B. Large amounts of code can be tested using fewer resources. 

C. The application will fail less when tested using these tools. 

D. Detailed testing of code functions can be performed. 

Answer:

Q2. What is one way to mitigate the risk of security flaws in.custom.software? 

A. Include security language in the Earned Value Management (EVM) contract 

B. Include security assurance clauses in the Service Level Agreement (SLA) 

C. Purchase only Commercial Off-The-Shelf (COTS) products 

D. Purchase only software with no open source Application Programming Interfaces (APIs) 

Answer:

Q3. What is the BEST method to detect the most common improper initialization problems in programming languages? 

A. Use and specify a strong character encoding. 

B. Use automated static analysis tools that target this type of weakness. 

C. Perform input validation on any numeric inputs by assuring that they are within the expected range. 

D. Use data flow analysis to minimize the number of false positives. 

Answer:

Q4. What does secure authentication with logging provide? 

A. Data integrity 

B. Access accountability 

C. Encryption logging format 

D. Segregation of duties 

Answer:

Q5. Which one of these risk factors would be the LEAST important consideration in choosing a building site for a new computer facility? 

A. Vulnerability to crime 

B. Adjacent buildings and businesses 

C. Proximity to an airline flight path 

D. Vulnerability to natural disasters 

Answer:

Q6. If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of.Synchronize/Acknowledge (SYN/ACK) packets to the 

A. default gateway. 

B. attacker's address. 

C. local interface being attacked. 

D. specified source address. 

Answer:

Q7. The stringency of an Information Technology (IT) security assessment will be determined by the 

A. system's past security record. 

B. size of the system's database. 

C. sensitivity of the system's data. 

D. age of the system. 

Answer:

Q8. Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy? 

A. Discretionary Access Control (DAC) procedures 

B. Mandatory Access Control (MAC) procedures 

C. Data link encryption 

D. Segregation of duties 

Answer:

Q9. What maintenance activity is responsible for defining, implementing, and testing updates to application systems? 

A. Program change control 

B. Regression testing 

C. Export exception control 

D. User acceptance testing 

Answer:

Q10. HOTSPOT 

Which Web Services Security (WS-Security) specification.maintains a single authenticated identity across multiple dissimilar environments?.Click.on the correct specification in the image.below. 

Answer:  

Q11. A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the.Chief.Executive Officer.(CEO).and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred? 

A. Spoofing 

B. Eavesdropping 

C. Man-in-the-middle 

D. Denial of service 

Answer:

Q12. Which of the following is the BEST solution to provide redundancy for telecommunications links? 

A. Provide multiple links from the same telecommunications vendor. 

B. Ensure that the telecommunications links connect to the network in one location. 

C. Ensure.that the telecommunications links connect to the network in multiple locations. 

D. Provide multiple links from multiple telecommunications vendors. 

Answer:

Q13. For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data? 

A. Information Systems Security Officer 

B. Data Owner 

C. System Security Architect 

D. Security Requirements Analyst 

Answer:

Q14. What should happen when an emergency change to.a system.must be performed? 

A. The change must be given priority at the next meeting of the change control board. 

B. Testing and approvals must be performed quickly. 

C. The change must be performed immediately and then submitted to the change board. 

D. The change is performed and a notation is made in the system log. 

Answer:

Q15. Which of the following BEST represents the principle of open design? 

A. Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system. 

B. Algorithms must be protected to ensure the security and interoperability of the designed system. 

C. A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities. 

D. The security of a mechanism should not depend on the secrecy of its design or implementation. 

Answer:

START CISSP EXAM