CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(9855 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. If compromised, which of the following would lead to the exploitation of multiple virtual machines? 

A. Virtual device drivers 

B. Virtual machine monitor 

C. Virtual machine instance 

D. Virtual machine file system 

Answer:

Q2. In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan? 

A. Communication 

B. Planning 

C. Recovery 

D. Escalation 

Answer:

Q3. When planning a penetration test, the tester will be MOST interested in which information? 

A. Places to install back doors 

B. The main network access points 

C. Job application handouts and tours 

D. Exploits that can attack weaknesses 

Answer:

Q4. An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced? 

A. Data leakage 

B. Unfiltered channel 

C. Data emanation 

D. Covert channel 

Answer:

Q5. Which of the following is an advantage of on-premise Credential Management Systems? 

A. Improved credential interoperability 

B. Control over system configuration 

C. Lower infrastructure capital costs 

D. Reduced administrative overhead 

Answer:

Q6. During the procurement of a new information system, it was determined that some of the security requirements were not addressed in the system specification. Which of the following is the MOST likely reason for this? 

A. The procurement officer lacks technical knowledge. 

B. The security requirements have changed during the procurement process. 

C. There were no security professionals in the vendor's bidding team. 

D. The description of the security requirements was insufficient. 

Answer:

Q7. Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation? 

A. Two-factor authentication 

B. Digital certificates and hardware tokens 

C. Timed sessions and Secure Socket Layer (SSL) 

D. Passwords with alpha-numeric and special characters 

Answer:

Q8. What security risk does the role-based access approach mitigate MOST effectively? 

A. Excessive access rights to systems and data 

B. Segregation of duties conflicts within business applications 

C. Lack of system administrator activity monitoring 

D. Inappropriate access requests 

Answer:

Q9. DRAG DROP 

Given the various means to protect physical and logical assets, match the access management area to the technology. 

Answer:  

Q10. A Simple Power Analysis (SPA) attack against a device directly observes which of the following? 

A. Static discharge 

B. Consumption 

C. Generation 

D. Magnetism 

Answer:

Q11. Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data? 

A. Secondary use of the data by business users 

B. The organization's security policies and standards 

C. The business purpose for which the data is to be used 

D. The overall protection of corporate resources and data 

Answer:

Q12. What is the PRIMARY reason for ethics awareness and related policy implementation? A. It affects the workflow of an organization. 

B. It affects the reputation of an organization. 

C. It affects the retention rate of employees. 

D. It affects the morale of the employees. 

Answer:

Q13. A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of 

A. asynchronous token. 

B. Single Sign-On (SSO) token. 

C. single factor authentication token. 

D. synchronous token. 

Answer:

Q14. Which of the following could elicit a.Denial of.Service (DoS).attack against a credential management system? 

A. Delayed revocation or destruction of credentials 

B. Modification of Certificate Revocation List 

C. Unauthorized renewal or re-issuance 

D. Token use after decommissioning 

Answer:

Q15. Which of the following statements is TRUE of black box testing? 

A. Only the functional specifications are known to the test planner. 

B. Only the source code and the design documents are known to the test planner. 

C. Only the source code and functional specifications are known to the test planner. 

D. Only the design documents and the functional specifications are known to the test planner. 

Answer:

START CISSP EXAM