CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(6525 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with client-side scripting. Which of the following provides the GREATEST protection against the same attack occurring again? 

A. Encrypt communications between the servers 

B. Encrypt the web server traffic 

C. Implement server-side filtering 

D. Filter outgoing traffic at the perimeter firewall 

Answer:

Q2. Which of the following statements is TRUE for point-to-point microwave transmissions? 

A. They are not subject to interception due to encryption. 

B. Interception only depends on signal strength. 

C. They are too highly multiplexed for meaningful interception. 

D. They are subject to interception by an antenna within proximity. 

Answer:

Q3. Refer.to the information below to answer the question. 

Desktop computers in an organization were sanitized.for re-use.in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed. 

Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning. Which destruction method below provides the BEST assurance that the data has been removed? 

A. Knurling 

B. Grinding 

C. Shredding.

D. Degaussing 

Answer:

Q4. Which of the following has the GREATEST impact on an organization's security posture? 

A. International and country-specific compliance requirements 

B. Security.violations by employees and contractors 

C. Resource constraints due to increasing costs of supporting security 

D. Audit findings related to employee access and permissions process 

Answer:

Q5. What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source? 

A. Man-in-the-Middle (MITM) attack 

B. Smurfing 

C. Session redirect 

D. Spoofing 

Answer:

Q6. After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (VPN) gateway. The perpetrator guessed a username and brute forced the password to gain access. Which of the following BEST mitigates this issue? 

A. Implement strong passwords authentication for VPN 

B. Integrate the VPN with centralized credential stores 

C. Implement an Internet Protocol Security (IPSec) client 

D. Use two-factor authentication mechanisms 

Answer:

Q7. Refer.to the information below to answer the question. 

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. 

The effectiveness of the security program can PRIMARILY be measured through 

A. audit findings. 

B. risk elimination. 

C. audit requirements. 

D. customer satisfaction. 

Answer:

Q8. Refer.to the information below to answer the question. 

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. 

When determining appropriate resource allocation, which of the following is MOST important to monitor? 

A. Number of system compromises 

B. Number of audit findings 

C. Number of staff reductions 

D. Number of additional assets 

Answer:

Q9. What is the.BEST.first step.for determining if the appropriate security controls are in place for protecting data at rest? 

A. Identify regulatory requirements 

B. Conduct a risk assessment 

C. Determine.business drivers 

D. Review the.security baseline configuration 

Answer:

Q10. When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following? 

A. Perform a service provider PCI-DSS assessment on a yearly basis. 

B. Validate.the service provider's PCI-DSS compliance status on a regular basis. 

C. Validate.that the service providers security policies are in alignment with those.of the organization. 

D. Ensure that the service provider.updates and tests its Disaster Recovery Plan (DRP).on a yearly basis. 

Answer:

Q11. Which of the following statements is TRUE regarding state-based analysis as a functional software testing technique? 

A. It is useful for testing communications protocols and graphical user interfaces. 

B. It is characterized by the stateless behavior of a process implemented in a function. 

C. Test inputs are obtained from the derived boundaries of the given functional specifications. 

D. An entire partition can be covered by considering only one representative value from that partition. 

Answer:

Q12. What is an important characteristic of Role Based Access Control (RBAC)? 

A. Supports Mandatory Access Control (MAC) 

B. Simplifies the management of access rights 

C. Relies on rotation of duties 

D. Requires.two factor authentication 

Answer:

Q13. Which one of the following is a fundamental objective in handling an incident? 

A. To restore control of the affected systems 

B. To confiscate the suspect's computers 

C. To prosecute the attacker 

D. To perform full backups of the system 

Answer:

Q14. What is the MOST effective method for gaining unauthorized access to a file protected with a long complex password? 

A. Brute force attack 

B. Frequency analysis 

C. Social engineering 

D. Dictionary attack 

Answer:

Q15. Which of the following is the BEST mitigation from phishing attacks? 

A. Network activity monitoring 

B. Security awareness training 

C. Corporate policy and procedures 

D. Strong file and directory permissions 

Answer:

START CISSP EXAM