CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(8040 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. Which of the following methods can be used to achieve confidentiality.and integrity.for data in transit? 

A. Multiprotocol Label Switching (MPLS) 

B. Internet Protocol Security (IPSec) 

C. Federated identity management 

D. Multi-factor authentication 

Answer:

Q2. What is the BEST method to detect the most common improper initialization problems in programming languages? 

A. Use and specify a strong character encoding. 

B. Use automated static analysis tools that target this type of weakness. 

C. Perform input validation on any numeric inputs by assuring that they are within the expected range. 

D. Use data flow analysis to minimize the number of false positives. 

Answer:

Q3. A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project? 

A. The organization's current security policies concerning privacy issues 

B. Privacy-related regulations enforced by governing bodies applicable to the organization 

C. Privacy best practices published by recognized security standards organizations 

D. Organizational procedures designed to protect privacy information 

Answer:

Q4. What is one way to mitigate the risk of security flaws in.custom.software? 

A. Include security language in the Earned Value Management (EVM) contract 

B. Include security assurance clauses in the Service Level Agreement (SLA) 

C. Purchase only Commercial Off-The-Shelf (COTS) products 

D. Purchase only software with no open source Application Programming Interfaces (APIs) 

Answer:

Q5. Which of the following BEST represents the principle of open design? 

A. Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system. 

B. Algorithms must be protected to ensure the security and interoperability of the designed system. 

C. A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities. 

D. The security of a mechanism should not depend on the secrecy of its design or implementation. 

Answer:

Q6. An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to 

A. encrypt the contents of the repository and document any exceptions to that requirement. 

B. utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected. 

C. keep individuals with access to high security areas from saving those documents into lower security areas. 

D. require individuals with access to the system to sign Non-Disclosure Agreements (NDA). 

Answer:

Q7. During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take? 

A. Immediately call the police 

B. Work with the client to resolve the issue internally 

C. Advise.the.person performing the illegal activity to cease and desist 

D. Work with the client to report the activity to the appropriate authority 

Answer:

Q8. Refer.to the information below to answer the question. 

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. 

Which of the following will indicate where the IT budget is BEST allocated during this time? 

A. Policies 

B. Frameworks 

C. Metrics 

D. Guidelines 

Answer:

Q9. The type of authorized interactions a subject can have with an object is 

A. control. 

B. permission. 

C. procedure. 

D. protocol. 

Answer:

Q10. Which of the following is the MAIN reason that system re-certification and re-accreditation are needed? 

A. To assist data owners in making future sensitivity and criticality determinations 

B. To assure the software development team that all security issues have been addressed 

C. To verify that security protection remains acceptable to the organizational security policy 

D. To help the security team accept or reject new systems for implementation and production 

Answer:

Q11. Refer.to the information below to answer the question. 

Desktop computers in an organization were sanitized.for re-use.in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed. 

After magnetic drives were degaussed twice according to the product manufacturer's directions, what is the MOST LIKELY security issue with degaussing? 

A. Commercial products often have serious weaknesses of the magnetic force available in the degausser product. 

B. Degausser products may not be properly maintained and operated. 

C. The inability to turn the drive around in the chamber for the second pass due to human error. 

D. Inadequate record keeping when sanitizing media. 

Answer:

Q12. Which of the following is a potential risk when a program runs in privileged mode? 

A. It may serve to create unnecessary code complexity 

B. It may not enforce job separation duties 

C. It may create unnecessary application hardening 

D. It may allow malicious code to be inserted 

Answer:

Q13. Refer.to the information below to answer the question. 

An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement. 

The security program can be considered effective when 

A. vulnerabilities are proactively identified. 

B. audits are regularly performed and reviewed. 

C. backups are regularly performed and validated. 

D. risk is lowered to an acceptable level. 

Answer:

START CISSP EXAM