CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(37950 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. Refer.to the information below to answer the question. 

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns. 

In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes? 

A. Text editors, database, and Internet phone applications 

B. Email, presentation, and database applications 

C. Image libraries, presentation and spreadsheet applications 

D. Email, media players, and instant messaging applications 

Answer:

Q2. Refer.to the information below to answer the question. 

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. 

Which of the following is true according to the star property (*property)? 

A. User D can write to.File 1 

B. User.B can write to File 1 

C. User A can write to File 1 

D. User C can.write to.File 1 

Answer:

Q3. Which of the following is ensured when hashing files during chain of custody handling? 

A. Availability 

B. Accountability 

C. Integrity 

D. Non-repudiation 

Answer:

Q4. HOTSPOT 

Which Web Services Security (WS-Security) specification.negotiates.how security tokens will be issued, renewed and validated? Click on the correct specification in the image below. 

Answer:  

Q5. Retaining system logs for six months or longer can be valuable for what activities?.

A. Disaster recovery and business continuity 

B. Forensics and incident response 

C. Identity and authorization management 

D. Physical and logical access control 

Answer:

Q6. By.carefully.aligning.the.pins.in.the.lock, which of the following defines the opening of a mechanical lock without the proper key? 

A. Lock pinging 

B. Lock picking 

C. Lock bumping 

D. Lock bricking 

Answer:

Q7. What is the BEST method to detect the most common improper initialization problems in programming languages? 

A. Use and specify a strong character encoding. 

B. Use automated static analysis tools that target this type of weakness. 

C. Perform input validation on any numeric inputs by assuring that they are within the expected range. 

D. Use data flow analysis to minimize the number of false positives. 

Answer:

Q8. Which of the following are required components for implementing software configuration management systems? 

A. Audit control and signoff 

B. User training and acceptance 

C. Rollback and recovery processes 

D. Regression testing and evaluation 

Answer:

Q9. Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents? 

A. Ineffective.data classification.

B. Lack of data access.controls 

C. Ineffective identity management controls 

D. Lack of Data Loss Prevention (DLP) tools 

Answer:

Q10. HOTSPOT 

Which Web Services Security (WS-Security) specification.maintains a single authenticated identity across multiple dissimilar environments?.Click.on the correct specification in the image.below. 

Answer:  

Q11. Which of the following BEST describes a Protection Profile (PP)? 

A. A document that expresses an implementation independent set of security requirements for an IT product that meets specific consumer needs. 

B. A document that is used to develop an IT security product from its security requirements definition. 

C. A document that expresses an implementation dependent set of security requirements which contains only the security functional requirements. 

D. A document that represents evaluated products where there is a one-to-one correspondence between a PP and a Security Target (ST). 

Answer:

Q12. A system is developed so that its business users can perform business functions but not user administration functions. Application administrators can perform administration functions but not user business functions. These capabilities are BEST described as 

A. least privilege. 

B. rule based access controls. 

C. Mandatory Access Control (MAC). 

D. separation of duties. 

Answer:

Q13. Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)? 

A. Application interface entry and endpoints 

B. The likelihood and impact of a vulnerability 

C. Countermeasures and mitigations for vulnerabilities 

D. A data flow diagram for the application and attack surface analysis 

Answer:

START CISSP EXAM