CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(32865 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern? 

A. Availability 

B. Confidentiality 

C. Integrity 

D. Ownership 

Answer:

Q2. Refer.to the information below to answer the question. 

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. 

If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised? 

A. Availability 

B. Integrity 

C. Accountability 

D. Confidentiality 

Answer:

Q3. A Business Continuity Plan (BCP) is based on 

A. the policy and procedures manual. 

B. an existing BCP from a similar organization. 

C. a review of the business processes and procedures. 

D. a standard checklist of required items and objectives. 

Answer:

Q4. Which of the following is generally indicative of a replay attack when dealing with biometric authentication? 

A. False Acceptance Rate (FAR) is greater than 1 in 100,000 

B. False Rejection Rate (FRR) is greater than 5 in 100 

C. Inadequately specified templates 

D. Exact match 

Answer:

Q5. Who must approve modifications to an organization's production infrastructure configuration? 

A. Technical management 

B. Change control board 

C. System operations 

D. System users 

Answer:

Q6. What do Capability Maturity Models (CMM) serve as a benchmark for in an organization? 

A. Experience in the industry 

B. Definition of security profiles 

C. Human resource planning efforts 

D. Procedures in systems development 

Answer:

Q7. Which of the following BEST describes the purpose of performing security certification? 

A. To identify system threats, vulnerabilities, and acceptable level of risk 

B. To formalize the confirmation of compliance to security policies and standards 

C. To formalize the confirmation of completed risk mitigation and risk analysis 

D. To verify that system architecture and interconnections with other systems are effectively implemented 

Answer:

Q8. Refer.to the information below to answer the question. 

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access. 

Which of the following documents explains the proper use of the organization's assets? 

A. Human resources policy 

B. Acceptable use policy 

C. Code of ethics 

D. Access control policy 

Answer:

Q9. Changes to a Trusted Computing Base (TCB) system that could impact the security posture of that system and trigger a recertification activity are documented in the 

A. security impact analysis. 

B. structured code review. 

C. routine self assessment. 

D. cost benefit analysis. 

Answer:

Q10. During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take? 

A. Immediately call the police 

B. Work with the client to resolve the issue internally 

C. Advise.the.person performing the illegal activity to cease and desist 

D. Work with the client to report the activity to the appropriate authority 

Answer:

Q11. What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations? 

A. Parallel 

B. Walkthrough 

C. Simulation 

D. Tabletop 

Answer:

Q12. Refer.to the information below to answer the question. 

A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. 

Which of the following BEST describes the access control methodology used? 

A. Least privilege 

B. Lattice Based Access Control (LBAC) 

C. Role Based Access Control (RBAC) 

D. Lightweight Directory Access Control (LDAP) 

Answer:

Q13. Refer.to the information below to answer the question. 

A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes. 

What MUST the access control logs contain in addition to the identifier? 

A. Time of the access 

B. Security classification 

C. Denied access attempts 

D. Associated clearance 

Answer:

Q14. When transmitting information over public networks, the decision to encrypt it should be based on 

A. the estimated monetary value of the information. 

B. whether there are transient nodes relaying the transmission. 

C. the level of confidentiality of the information. 

D. the volume of the information. 

Answer:

Q15. Internet Protocol (IP) source address spoofing is used to defeat 

A. address-based authentication. 

B. Address Resolution Protocol (ARP). 

C. Reverse Address Resolution Protocol (RARP). 

D. Transmission Control Protocol (TCP) hijacking. 

Answer:

START CISSP EXAM