CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(36165 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. Which of the following assures that rules are followed in an identity management architecture? 

A. Policy database 

B. Digital signature 

C. Policy decision point 

D. Policy enforcement point 

Answer:

Q2. A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle? 

A. Onward transfer 

B. Collection Limitation 

C. Collector Accountability 

D. Individual Participation 

Answer:

Q3. In Business Continuity Planning (BCP), what is the importance of documenting business processes? 

A. Provides senior management with decision-making tools 

B. Establishes and adopts ongoing testing and maintenance strategies 

C. Defines who will perform which functions during a disaster or emergency 

D. Provides an understanding of the organization's interdependencies 

Answer:

Q4. In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan? 

A. Communication 

B. Planning 

C. Recovery 

D. Escalation 

Answer:

Q5. Which of the following defines the key exchange for Internet Protocol Security (IPSec)? 

A. Secure Sockets Layer (SSL) key exchange 

B. Internet Key Exchange (IKE) 

C. Security Key Exchange (SKE) 

D. Internet Control Message Protocol (ICMP) 

Answer:

Q6. DRAG DROP 

Order the below steps to create an effective vulnerability management process. 

Answer:  

Q7. Which one of the following is a fundamental objective in handling an incident? 

A. To restore control of the affected systems 

B. To confiscate the suspect's computers 

C. To prosecute the attacker 

D. To perform full backups of the system 

Answer:

Q8. Which of the following is the BEST countermeasure to brute force login attacks? 

A. Changing all canonical passwords 

B. Decreasing the number of concurrent user sessions 

C. Restricting initial password delivery only in person 

D. Introducing a delay after failed system access attempts 

Answer:

Q9. Following the completion of a network security assessment, which of the following can BEST be demonstrated? 

A. The effectiveness of controls can be accurately measured 

B. A penetration test of the network will fail 

C. The network is compliant to industry standards 

D. All unpatched vulnerabilities have been identified 

Answer:

Q10. Which of the following.is.required to determine classification and ownership? 

A. System and data resources are properly identified 

B. Access violations are logged and audited 

C. Data file references are identified and linked 

D. System security controls are fully integrated 

Answer:

Q11. The goal of software assurance in application development is to 

A. enable the development of High Availability (HA) systems. 

B. facilitate the creation of Trusted Computing Base (TCB) systems. 

C. prevent the creation of vulnerable applications. 

D. encourage the development of open source applications. 

Answer:

Q12. A practice that permits the owner of a data object to grant other users access to that object would usually provide 

A. Mandatory Access Control (MAC). 

B. owner-administered control. 

C. owner-dependent access control. 

D. Discretionary Access Control (DAC). 

Answer:

Q13. Which one of the following is a common risk with network configuration management? 

A. Patches on the network are difficult to keep current. 

B. It is the responsibility of the systems administrator. 

C. User ID and passwords are never set to expire. 

D. Network diagrams are not up to date. 

Answer:

Q14. What is the PRIMARY difference between security policies and security procedures? 

A. Policies are used to enforce violations, and procedures create penalties 

B. Policies point to guidelines, and procedures are more contractual in nature 

C. Policies are included in awareness training, and procedures give guidance 

D. Policies are generic in nature, and procedures contain operational details 

Answer:

Q15. Which of the following is the PRIMARY issue when collecting detailed log information? 

A. Logs may be unavailable when required B. Timely review of the data is potentially difficult 

C. Most systems and applications do not support logging 

D. Logs do not provide sufficient details of system and individual activities 

Answer:

START CISSP EXAM