CISSP Premium Bundle

CISSP Premium Bundle

Certified Information Systems Security Professional (CISSP) Certification Exam

4.5 
(11475 ratings)
0 QuestionsPractice Tests
0 PDFPrint version
December 4, 2024Last update

ISC2 CISSP Free Practice Questions

Q1. What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations? 

A. Parallel 

B. Walkthrough 

C. Simulation 

D. Tabletop 

Answer:

Q2. Which of the following is considered best.practice.for preventing e-mail spoofing? 

A. Spam filtering 

B. Cryptographic signature 

C. Uniform Resource Locator (URL) filtering 

D. Reverse Domain Name Service (DNS) lookup 

Answer:

Q3. Which of the following.is.required to determine classification and ownership? 

A. System and data resources are properly identified 

B. Access violations are logged and audited 

C. Data file references are identified and linked 

D. System security controls are fully integrated 

Answer:

Q4. Refer.to the information below to answer the question.

.A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider’s facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization. 

What additional considerations are there if the third party is located in a different country? 

A. The organizational structure of the third party and how it may impact timelines within the organization 

B. The ability of the third party to respond to the organization in a timely manner and with accurate information 

C. The effects of transborder data flows and customer expectations regarding the storage or processing of their data 

D. The quantity of data that must be provided to the third party and how it is to be used 

Answer:

Q5. DRAG DROP 

In which order, from MOST to LEAST impacted, does user awareness training reduce the occurrence of the events below?.

Answer:  

Q6. A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the.Chief.Executive Officer.(CEO).and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred? 

A. Spoofing 

B. Eavesdropping 

C. Man-in-the-middle 

D. Denial of service 

Answer:

Q7. Why must all users be positively identified.prior.to using multi-user computers? 

A. To provide access to system privileges 

B. To provide access to the operating system 

C. To ensure that unauthorized persons cannot access the computers 

D. To ensure that management knows what users are currently logged on 

Answer:

Q8. Checking routing information on e-mail to determine it is in a valid format and contains valid information is an example of which of the following anti-spam approaches? 

A. Simple Mail Transfer Protocol (SMTP) blacklist 

B. Reverse Domain Name System (DNS) lookup 

C. Hashing algorithm 

D. Header analysis 

Answer:

Q9. To protect auditable information, which of the following MUST be configured to only allow 

read access? 

A. Logging configurations 

B. Transaction log files 

C. User account configurations 

D. Access control lists (ACL) 

Answer:

Q10. Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined? 

A. International Organization for Standardization (ISO) 27000 family 

B. Information Technology Infrastructure Library (ITIL) 

C. Payment Card Industry Data Security Standard (PCIDSS) 

D. ISO/IEC 20000 

Answer:

Q11. During an audit of system management, auditors find that the system administrator has not been trained. What actions need to be taken at once to ensure the integrity of systems? 

A. A review of hiring policies and methods of verification of new employees 

B. A review of all departmental procedures 

C. A review of all training procedures to be undertaken 

D. A review of all systems by an experienced administrator 

Answer:

Q12. What type of encryption is used to protect sensitive data in transit over a network? 

A. Payload encryption and transport encryption 

B. Authentication Headers (AH) 

C. Keyed-Hashing for Message Authentication 

D. Point-to-Point Encryption (P2PE) 

Answer:

Q13. Which of the following can BEST prevent security flaws occurring in outsourced software development? 

A. Contractual requirements for code quality 

B. Licensing, code ownership and intellectual property rights 

C. Certification.of the quality and accuracy of the work done 

D. Delivery dates, change management control and budgetary control 

Answer:

Q14. An organization's data policy MUST include a data retention period which is based on 

A. application dismissal. 

B. business procedures. 

C. digital certificates expiration. 

D. regulatory compliance. 

Answer:

Q15. What is a common challenge when implementing Security Assertion Markup Language 

(SAML) for identity integration between on-premise environment and an external identity provider service? 

A. Some users are not provisioned into the service. 

B. SAML tokens are provided by the on-premise identity provider. 

C. Single users cannot be revoked from the service. 

D. SAML tokens contain user information. 

Answer:

START CISSP EXAM