CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(37350 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. Which of the following is the MOST beneficial to review when performing an IT audit? 

A. Audit policy 

B. Security log 

C. Security policies 

D. Configuration settings 

Answer:

Q2. Which of the following could elicit a.Denial of.Service (DoS).attack against a credential management system? 

A. Delayed revocation or destruction of credentials 

B. Modification of Certificate Revocation List 

C. Unauthorized renewal or re-issuance 

D. Token use after decommissioning 

Answer:

Q3. Contingency plan exercises are intended to do which of the following? 

A. Train personnel in roles and responsibilities 

B. Validate service level agreements 

C. Train maintenance personnel 

D. Validate operation metrics 

Answer:

Q4. When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed? 

A. Create a user profile. 

B. Create a user access matrix. 

C. Develop an Access Control List (ACL). 

D. Develop a Role Based Access Control (RBAC) list. 

Answer:

Q5. Refer.to the information below to answer the question. 

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. 

When determining appropriate resource allocation, which of the following is MOST important to monitor? 

A. Number of system compromises 

B. Number of audit findings 

C. Number of staff reductions 

D. Number of additional assets 

Answer:

Q6. Which of the following has the GREATEST impact on an organization's security posture? 

A. International and country-specific compliance requirements 

B. Security.violations by employees and contractors 

C. Resource constraints due to increasing costs of supporting security 

D. Audit findings related to employee access and permissions process 

Answer:

Q7. The type of authorized interactions a subject can have with an object is 

A. control. 

B. permission. 

C. procedure. 

D. protocol. 

Answer:

Q8. The use of strong authentication, the encryption of Personally Identifiable Information (PII) on database servers, application security reviews, and the encryption of data transmitted across networks provide 

A. data integrity. 

B. defense in depth. 

C. data availability. 

D. non-repudiation. 

Answer:

Q9. If compromised, which of the following would lead to the exploitation of multiple virtual machines? 

A. Virtual device drivers 

B. Virtual machine monitor 

C. Virtual machine instance 

D. Virtual machine file system 

Answer:

Q10. Which of the following is an appropriate source for test data? 

A. Production.data that is secured and maintained only in the production environment. 

B. Test data that has no similarities to production.data. 

C. Test data that is mirrored and kept up-to-date with production data. 

D. Production.data that has been.sanitized before loading into a test environment. 

Answer:

Q11. An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause? 

A. Improper deployment of the Service-Oriented Architecture.(SOA) 

B. Absence of a Business Intelligence.(BI) solution 

C. Inadequate cost modeling 

D. Insufficient Service Level Agreement.(SLA).

Answer:

Q12. What type of encryption is used to protect sensitive data in transit over a network? 

A. Payload encryption and transport encryption 

B. Authentication Headers (AH) 

C. Keyed-Hashing for Message Authentication 

D. Point-to-Point Encryption (P2PE) 

Answer:

Q13. Which of the following explains why record destruction requirements are included in a data retention policy? 

A. To comply with legal and business requirements 

B. To save cost for storage and backup 

C. To meet destruction.guidelines 

D. To validate data ownership 

Answer:

Q14. Which security action should be taken FIRST when computer personnel are terminated from their jobs? 

A. Remove their computer access 

B. Require them to turn in their badge 

C. Conduct an exit interview 

D. Reduce their physical access level to the facility 

Answer:

Q15. When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include 

A. hardened building construction with consideration of seismic factors. 

B. adequate distance from and lack of access to adjacent buildings. 

C. curved roads approaching the data center. 

D. proximity to high crime areas of the city. 

Answer:

START CISSP EXAM