CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(37800 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use.Open Authentication (OAuth) 2.0 to authenticate external users to the organization's services.

.As part of the authentication process, which of the following.must.the end user provide? 

A. An access token 

B. A username and password 

C. A username 

D. A password 

Answer:

Q2. Which one of the following is a threat related to the use of web-based client side input validation? 

A. Users would be able to alter the input after validation has occurred 

B. The web server would not be able to validate the input after transmission 

C. The client system could receive invalid input from the web server 

D. The web server would not be able to receive invalid input from the client 

Answer:

Q3. A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data? 

A. Public Key Infrastructure (PKI) and digital signatures 

B. Trusted server certificates and passphrases 

C. User ID and password 

D. Asymmetric encryption and User ID 

Answer:

Q4. DRAG DROP 

Place the following information classification steps in.sequential order. 

Answer:  

Q5. Which of the following is a recommended alternative to an integrated email encryption system? 

A. Sign emails containing sensitive data 

B. Send sensitive data in separate emails 

C. Encrypt sensitive data separately in attachments 

D. Store sensitive information to be sent in encrypted drives 

Answer:

Q6. An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation? 

A. Clients can authenticate themselves to the servers. 

B. Mutual authentication is available between the clients and servers. 

C. Servers are able to issue digital certificates to the client. 

D. Servers can authenticate themselves to the client. 

Answer:

Q7. An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information? 

A. Implement packet filtering on the network firewalls 

B. Require strong authentication for administrators 

C. Install Host Based Intrusion Detection Systems (HIDS) 

D. Implement logical network segmentation at the switches 

Answer:

Q8. Which of the following is the MOST difficult to enforce when using cloud computing? 

A. Data access 

B. Data backup 

C. Data recovery 

D. Data disposal 

Answer:

Q9. When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following? 

A. Perform a service provider PCI-DSS assessment on a yearly basis. 

B. Validate.the service provider's PCI-DSS compliance status on a regular basis. 

C. Validate.that the service providers security policies are in alignment with those.of the organization. 

D. Ensure that the service provider.updates and tests its Disaster Recovery Plan (DRP).on a yearly basis. 

Answer:

Q10. Which of the following is the MOST crucial for a successful audit plan? 

A. Defining the scope of the audit to be performed 

B. Identifying the security controls to be implemented 

C. Working with the system owner on new controls 

D. Acquiring evidence of systems that are not compliant 

Answer:

Q11. The BEST method of demonstrating a company's security level to potential customers is 

A. a report from an external auditor. 

B. responding to a customer's security questionnaire. 

C. a formal report from an internal auditor. 

D. a site visit by a customer's security team. 

Answer:

Q12. What is an important characteristic of Role Based Access Control (RBAC)? 

A. Supports Mandatory Access Control (MAC) 

B. Simplifies the management of access rights 

C. Relies on rotation of duties 

D. Requires.two factor authentication 

Answer:

Q13. What is the PRIMARY reason for ethics awareness and related policy implementation? A. It affects the workflow of an organization. 

B. It affects the reputation of an organization. 

C. It affects the retention rate of employees. 

D. It affects the morale of the employees. 

Answer:

Q14. Passive Infrared Sensors (PIR) used in a non-climate controlled environment should 

A. reduce the detected object temperature in relation to the background temperature. 

B. increase the detected object temperature in relation to the background temperature. 

C. automatically compensate for variance in background temperature. 

D. detect objects of a specific temperature independent of the background temperature. 

Answer:

Q15. Refer.to the information below to answer the question. 

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. 

Aside from the potential records which may have been viewed, which of the following should be the PRIMARY concern regarding the database information? 

A. Unauthorized database changes 

B. Integrity of security logs 

C. Availability of the database 

D. Confidentiality of the incident 

Answer:

START CISSP EXAM