CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(8340 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. HOTSPOT 

Which.Web Services Security (WS-Security) specification.handles the management of security tokens and the underlying policies for granting access? Click on the correct specification in the image below. 

Answer:  

Q2. Which of the following is the BEST example of weak management commitment to the protection of security assets and resources? 

A. poor governance over security processes and procedures 

B. immature security controls and procedures 

C. variances against regulatory requirements 

D. unanticipated increases in security incidents and threats 

Answer:

Q3. Which one of the following affects the classification of data? 

A. Passage of time 

B. Assigned security label 

C. Multilevel Security (MLS) architecture 

D. Minimum query size 

Answer:

Q4. Which of the following controls is the FIRST step in protecting privacy in an information system? 

A. Data Redaction 

B. Data Minimization 

C. Data Encryption 

D. Data Storage 

Answer:

Q5. Which of the following statements is TRUE regarding value boundary analysis as a functional software testing technique? 

A. It is useful for testing communications protocols and graphical user interfaces. 

B. It is characterized by the stateless behavior of a process implemented in a function. 

C. Test inputs are obtained from the derived threshold of the given functional specifications. 

D. An entire partition can be covered by considering only one representative value from that partition. 

Answer:

Q6. Refer.to the information below to answer the question. 

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. 

In a Bell-LaPadula system, which user cannot write to File 3? 

A. User A 

B. User B 

C. User C 

D. User D 

Answer:

Q7. Which of the following defines the key exchange for Internet Protocol Security (IPSec)? 

A. Secure Sockets Layer (SSL) key exchange 

B. Internet Key Exchange (IKE) 

C. Security Key Exchange (SKE) 

D. Internet Control Message Protocol (ICMP) 

Answer:

Q8. Which of the following is a function of Security Assertion Markup Language (SAML)? 

A. File allocation 

B. Redundancy check 

C. Extended validation 

D. Policy enforcement 

Answer:

Q9. Are companies legally required to report all data breaches? 

A. No, different jurisdictions have different rules. 

B. No, not if the data is encrypted. 

C. No, companies' codes of ethics don't require it. 

D. No, only if the breach had a material impact. 

Answer:

Q10. An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered? 

A. As part of the SLA renewal process 

B. Prior to a planned security audit 

C. Immediately after a security breach 

D. At regularly scheduled meetings 

Answer:

Q11. HOTSPOT 

Which Web Services Security (WS-Security) specification.maintains a single authenticated identity across multiple dissimilar environments?.Click.on the correct specification in the image.below. 

Answer:  

Q12. Refer.to the information below to answer the question. 

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. 

If the intrusion causes the system processes to hang, which of the following has been affected? 

A. System integrity 

B. System availability 

C. System confidentiality 

D. System auditability 

Answer:

Q13. Refer.to the information below to answer the question. 

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. 

Which of the following will MOST likely allow the organization to keep risk at an acceptable level? 

A. Increasing the amount of audits performed by third parties 

B. Removing privileged accounts from operational staff 

C. Assigning privileged functions to appropriate staff 

D. Separating the security function into distinct roles 

Answer:

Q14. Which of the following BEST describes the purpose of performing security certification? 

A. To identify system threats, vulnerabilities, and acceptable level of risk 

B. To formalize the confirmation of compliance to security policies and standards 

C. To formalize the confirmation of completed risk mitigation and risk analysis 

D. To verify that system architecture and interconnections with other systems are effectively implemented 

Answer:

Q15. In a financial institution, who has the responsibility for assigning the classification to a piece of information? 

A. Chief Financial Officer (CFO) 

B. Chief Information Security Officer (CISO) 

C. Originator or nominated owner of the information 

D. Department head responsible for ensuring the protection of the information 

Answer:

START CISSP EXAM