Get real exam questions for CISSP Certified Information Systems Security Professional (CISSP). 100% Free.
Q1. Refer.to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles. Which of
Q1. Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network? A. Use of a unified messaging. B. Use of separation for the voice network. C. Use of Network Access Control (NAC) on switches. D. Use of Request for Comments (RFC) 1918 addressing. View AnswerAnswer: B Q2. A network scan found 50% of the systems with one or more critical vulnerabilities. Wh
Q1. DRAG DROP In which order, from MOST to LEAST impacted, does user awareness training reduce the occurrence of the events below?.View AnswerAnswer: Q2. What is the PRIMARY difference between security policies and security procedures? A. Policies are used to enforce violations, and procedures create penalties B. Policies point to guidelines, and procedures are more contractual in nature C
Q1. Why must all users be positively identified.prior.to using multi-user computers? A. To provide access to system privileges B. To provide access to the operating system C. To ensure that unauthorized persons cannot access the computers D. To ensure that management knows what users are currently logged on View AnswerAnswer: C Q2. Which of the following MUST be part of a contract to supp
Q1. Which of the following explains why record destruction requirements are included in a data retention policy? A. To comply with legal and business requirements B. To save cost for storage and backup C. To meet destruction.guidelines D. To validate data ownership View AnswerAnswer: A Q2. HOTSPOT In the network design below, where.is.the.MOST secure.Local Area Network (LAN).segment to d
Q1. Which of the following BEST.avoids data remanence disclosure for cloud hosted resources? A. Strong encryption and deletion of.the keys after data is deleted. B. Strong encryption and deletion of.the virtual.host after data is deleted. C. Software based encryption with two factor authentication. D. Hardware based encryption on dedicated physical servers. View AnswerAnswer: A Q2. Which
Q1. Multi-Factor Authentication (MFA) is necessary in many systems given common types of password attacks. Which of the following is a correct list of password attacks? A. Masquerading, salami, malware, polymorphism B. Brute force, dictionary, phishing, keylogger C. Zeus, netbus, rabbit, turtle D. Token, biometrics, IDS, DLP View AnswerAnswer: B Q2. According to best practice, which of th
Q1. The application of which of the following standards would BEST reduce the potential for data breaches? A. ISO 9000 B. ISO 20121 C. ISO 26000 D. ISO 27001 View AnswerAnswer: D Q2. How does an organization verify that.an.information system's.current hardware and software match the standard system configuration? A. By reviewing the configuration after the system goes into production
Q1. Discretionary Access Control (DAC) is based on which of the following? A. Information source and destination B. Identification of subjects and objects C. Security labels and privileges D. Standards and guidelines View AnswerAnswer: B Q2. Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an org
Q1. Which of the following is an attacker MOST likely to target to gain privileged access to a system? A. Programs that write to system resources B. Programs that write to user directories C. Log files containing sensitive information D. Log files containing system calls View AnswerAnswer: A Q2. Refer.to the information below to answer the question. During the investigation of a security
Q1. Refer.to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files. In a Bell-LaPadula system, which user has the MOST restri
Q1. What is the FIRST step in developing a security test and its evaluation? A. Determine testing methods B. Develop testing procedures C. Identify all applicable security requirements D. Identify people, processes, and products not in compliance View AnswerAnswer: C Q2. Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures
Q1. The amount of data that will be collected during an audit is PRIMARILY determined by the A. audit scope. B. auditor's experience level. C. availability of the data. D. integrity of the data. View AnswerAnswer: A Q2. Which of the following is an advantage of on-premise Credential Management Systems? A. Improved credential interoperability B. Control over system configuration C.
Q1. An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor? A. Provide the encrypted passwords and analysis tools to the auditor for analysis. B. Analyze the encrypted passwords for the auditor and show them the results. C. Demonstrate that
Q1. Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures? A. Role Based Access Control (RBAC) B. Biometric access control C. Federated Identity Management (IdM) D. Application hardening View AnswerAnswer: A Q2. Which of the following is the MOST important element of change management documentation? A. List of components i
Q1. Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment? A. dig B. ifconfig C. ipconfig D. nbtstat View AnswerAnswer: A Q2. A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is A. the scalability of toke
Q1. A thorough review of an organization's audit logs finds that a disgruntled network administrator has intercepted emails meant for the.Chief.Executive Officer.(CEO).and changed them before forwarding them to their intended recipient. What type of attack has MOST likely occurred? A. Spoofing B. Eavesdropping C. Man-in-the-middle D. Denial of service View AnswerAnswer: C Q2. Refer.to
Q1. Which one of the following is a threat related to the use of web-based client side input validation? A. Users would be able to alter the input after validation has occurred B. The web server would not be able to validate the input after transmission C. The client system could receive invalid input from the web server D. The web server would not be able to receive invalid input from the cl
Q1. What is the BEST method to detect the most common improper initialization problems in programming languages? A. Use and specify a strong character encoding. B. Use automated static analysis tools that target this type of weakness. C. Perform input validation on any numeric inputs by assuring that they are within the expected range. D. Use data flow analysis to minimize the number of false
Q1. Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment? A. External B. Overt C. Internal D. Covert View AnswerAnswer: D Q2. Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious at