CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(37065 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. In a data classification scheme, the data is owned by the 

A. Information Technology (IT) managers. 

B. business managers. 

C. end users. 

D. system security managers. 

Answer:

Q2. Which of the following describes the concept of a Single Sign-On (SSO) system? 

A. Users are authenticated to one system at a time. 

B. Users are.identified to multiple systems with several credentials. 

C. Users are authenticated to.multiple systems with one login. 

D. Only one user is using the system at a time. 

Answer:

Q3. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined? 

A. After the system preliminary design has been developed and.the data security categorization has been performed 

B. After the business functional analysis and the data security categorization have been performed 

C. After the vulnerability analysis has been performed and before the system detailed design begins 

D. After the system preliminary design has been developed and before.the.data security categorization begins 

Answer:

Q4. The.Hardware Abstraction Layer (HAL).is implemented in the 

A. system software. 

B. system hardware. 

C. application software. 

D. network hardware. 

Answer:

Q5. Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy? 

A. Detection 

B. Prevention 

C. Investigation 

D. Correction 

Answer:

Q6. Refer.to the information below to answer the question. 

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. 

The effectiveness of the security program can PRIMARILY be measured through 

A. audit findings. 

B. risk elimination. 

C. audit requirements. 

D. customer satisfaction. 

Answer:

Q7. Data remanence refers to which of the following? 

A. The remaining photons left in a fiber optic cable after a secure transmission. 

B. The retention period required by law or regulation. 

C. The magnetic flux created when removing the network connection from a server or personal computer. 

D. The residual information left on magnetic storage media after a deletion or erasure. 

Answer:

Q8. Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)? 

A. Standards, policies, and procedures 

B. Tactical, strategic, and financial 

C. Management, operational, and technical 

D. Documentation, observation, and manual 

Answer:

Q9. When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints? 

A. Temporal Key Integrity Protocol (TKIP) 

B. Wi-Fi Protected Access (WPA) Pre-Shared Key (PSK) 

C. Wi-Fi Protected Access 2 (WPA2) Enterprise 

D. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) 

Answer:

Q10. Which of the following statements is TRUE regarding value boundary analysis as a functional software testing technique? 

A. It is useful for testing communications protocols and graphical user interfaces. 

B. It is characterized by the stateless behavior of a process implemented in a function. 

C. Test inputs are obtained from the derived threshold of the given functional specifications. 

D. An entire partition can be covered by considering only one representative value from that partition. 

Answer:

Q11. What security risk does the role-based access approach mitigate MOST effectively? 

A. Excessive access rights to systems and data 

B. Segregation of duties conflicts within business applications 

C. Lack of system administrator activity monitoring 

D. Inappropriate access requests 

Answer:

Q12. An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester? 

A. Limits and scope of the testing. 

B. Physical location of server room and wiring closet. 

C. Logical location of filters and concentrators. 

D. Employee directory and organizational chart. 

Answer:

Q13. Which of the following problems is not addressed by using OAuth (Open Standard to Authorization) 2.0.to integrate a third-party identity provider for a service? 

A. Resource Servers are required to use passwords to authenticate end users. 

B. Revocation of access of some users of the third party instead of all the users from the third party. 

C. Compromise of the third party means compromise of all the users in the service. 

D. Guest users need to authenticate with the third party identity provider. 

Answer:

Q14. Which of the following prevents improper aggregation of privileges in Role Based Access Control (RBAC)? 

A. Hierarchical inheritance 

B. Dynamic separation of duties 

C. The Clark-Wilson security model 

D. The Bell-LaPadula security model 

Answer:

Q15. A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation? 

A. The inherent risk is greater than the residual risk. 

B. The Annualized Loss Expectancy (ALE) approaches zero. 

C. The expected loss from the risk exceeds mitigation costs. 

D. The infrastructure budget can easily cover the upgrade costs. 

Answer:

START CISSP EXAM