CISSP Exam Questions
1,535 real CISSP exam questions with expert-verified answers and explanations. Page 10 of 31.
- Question #451Asset Security
What is the most effective form of media sanitization to ensure residual data cannot be retrieved?
media sanitizationdata destructiondata remanenceasset disposal - Question #452Software Development Security
Why is lexical obfuscation in software development discouraged by many organizations?
software obfuscationcode maintainabilitydisaster recoverysoftware development - Question #453Security and Risk Management
What steps can be taken to prepare personally identifiable information (PII) for processing by a third party?
PII protectiondata privacythird-party processingpseudonymization - Question #454Security Operations
Why are mobile devices something difficult to investigate in a forensic examination?
mobile forensicsdigital forensicsencryptionincident response - Question #455Identity and Access Management (IAM)
Which of the following is a characteristic of a challenge/response authentication process?
challenge/response authenticationhashingauthentication protocols - Question #456Security Architecture and Engineering
Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?
mobile device securityMDMremote wipedata loss prevention - Question #457Security Operations
Which of the following will help identify the source internet protocol (IP) address of malware being exected on a computer?
malware analysisnetwork connectionsincident responseforensics tools - Question #458Security and Risk Management
Which of the following is critical if an empolyee is dismissed due to violation of an organization's acceptable use policy (Aup)?
acceptable use policyemployee terminationHR securitylegal compliance - Question #459Security Assessment and Testing
Which of the following findings would MOST likely indicate a high risk in a vulnerability assessment report?
vulnerability assessmentrisk assessmentend-of-life systemspatch management - Question #460Communication and Network Security
Digital certificates used transport Layer security (TLS) support which of the following?
TLSdigital certificatesnon-repudiationdata encryption - Question #461Security Architecture and Engineering
Which would result in the GREATEST import following a breach to a cloud environment?
cloud securityhypervisor securityvirtualization securitybreach impact - Question #462Communication and Network Security
Which of the following in the BEST way to reduce the impact of an externally sourced flood attack?
DDoS mitigationflood attacknetwork securityupstream filtering - Question #463Identity and Access Management
Which of the following methods MOST efficiently manages user accounts when using a third- party cloud-based application and directory solution?
identity synchronizationcloud IAMuser provisioningthird-party applications - Question #464Security and Risk Management
Which of the following will have the MOST influence on the definition and creation of data classification and data ownership policies?
data classificationdata ownershipbusiness impact analysissecurity policy - Question #465Communication and Network Security
A corporate security policy specifies that all devices on the network must have updated operating system patches and anti-malware software. Which technology should be used to enfor...
network access controlendpoint securitysecurity policy enforcementpatch management - Question #466Security Operations
When designing on Occupent Emergency plan (OEP) for United states (US) Federal government facilities, what factor must be considered?
emergency planningphysical securitydisaster recoverysite considerations - Question #467Software Development Security
Why should Open Web Application Security Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web applicat...
OWASP ASVSapplication securityweb application securitysecurity standards - Question #468Security Architecture and Engineering
Which of the following controls is the most for a system identified as critical in terms of data and function to the organization?
security controlspreventive controlscritical systemsrisk mitigation - Question #469Security Architecture and Engineering
An organization operates a legacy Industrial Control System (ICS) to support its core business service, which carrot be replaced. Its management MUST be performed remotely through...
legacy systemsICS securityrisk mitigationair-gapping - Question #470Security Operations
Which of the following steps is performed during the forensic data analysis phase?
digital forensicsforensic analysisincident responseevidence analysis - Question #471Software Development Security
Which of the following practices provides the development of security and identification of threats in designing software?
threat modelingSDLC securitysoftware designvulnerability identification - Question #472Identity and Access Management
Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another
federated identitysingle sign-onidentity mappingIAM challenges - Question #473Security and Risk Management
The adoption of an enterprise-wide business continuity program requires Which of the following?
business continuityprogram managementorganizational communicationsecurity awareness - Question #474Security Operations
Which of the following is the MOST important reason for using a chain of custody from?
chain of custodydigital forensicsevidence integritylegal admissibility - Question #475Security Assessment and Testing
When conducting a security assessment of access controls , Which activity is port of the data analysis phase?
security assessmentaccess control auditdata analysisaudit process - Question #476Identity and Access Management
The core component of Role Based Access control (RBAC) must be constructed of defined data elements. Which elements are required?
RBACaccess control modelsidentity and access managementauthorization - Question #477Asset Security
Which of the following should be included in a hardware retention policy?
data retention policydata lifecycle managementinformation governancecompliance - Question #478Identity and Access Management
Individuals have been identified and determined as having a need-to-know for the information. Which of the following access control methods MUST include a consistent set of rules f...
Mandatory Access Controlaccess control modelsneed-to-knowauthorization - Question #479Security and Risk Management
When can a security program be considered effective?
security program managementrisk managementsecurity effectivenessacceptable risk - Question #480Security and Risk Management
Which of the following is the MOST important activity an organization performs to ensure that securiy is part of the overall organization culture?
security culturesecurity awarenesssenior management buy-inorganizational change management - Question #481Asset Security
What is the PRIMARY benefit of analyzing the partition layout of a hard disk volume when performing forensic analysis?
Digital forensicsDisk analysisData hidingUnallocated space - Question #482Security Assessment and Testing
Which of the following System and Organization Controls (SOC) report types should an organization request if they require a period of time report covering security and availability...
SOC 2 reportType 2 auditComplianceThird-party assessment - Question #483Identity and Access Management
Which of the following is the MOST important action regarding authentication?
Authentication processUser provisioningIdentity lifecycleEnrollment - Question #484Security and Risk Management
Which of the following is the BEST statement for a professional to include as port of business continuity (BC) procedure?
Business continuity planningBackup strategyData recoveryBusiness needs - Question #485Communication and Network Security
Additional padding may be added to the Encapsulating security protocol (ESP) trailer to provide which of the following?
IPsecESP protocolTraffic flow confidentialityPadding - Question #486Security Operations
After a breach incident, investigators narrowed the attack to a specific network administrator's credentials. However, there was no evidence to determine how the hackers obtained t...
Privileged account managementSecurity auditingAccountabilityBreach prevention - Question #487Security Assessment and Testing
Which of the following is a characteristic of convert security testing?
Security testingCovert testingSocial engineeringPolicy compliance - Question #488Security and Risk Management
Copyright provides protection for which of the following?
Copyright lawIntellectual propertyLegal protectionOriginal works - Question #489Asset Security
An organization is required to comply with the Payment Card Industry Data Security Standard (PCI-DSS), what is the MOST effective approach to safeguard digital and paper media that...
PCI-DSSData encryptionCardholder dataData at rest - Question #490Security and Risk Management
A vehicle of a private courier company that transports backup data for offsite storage was robbed while in transport backup data for offsite was robbed while in transit. The incide...
Incident responseBusiness impact analysisData classificationMedia loss - Question #491Identity and Access Management
When should an application invoke re-authentication in addition to initial user authentication?
Re-authenticationSession managementInactivity timeoutApplication security - Question #492Security Architecture and Engineering
Which of the following is the MOST important reason for timely installation of software patches?
Patch managementVulnerability managementReverse engineeringExploit development - Question #493Communication and Network Security
Which of the following is a method of attacking internet (IP) v6 Layer 3 and Layer 4?
IPv6 securityICMPv6 attacksDoS attacksNetwork layer - Question #494Security and Risk Management
Which of the following would present the higher annualized loss expectancy (ALE)?
ALE calculationRisk assessmentNatural disastersBusiness impact - Question #495Identity and Access Management
An organization wants to enable uses to authenticate across multiple security domains. To accomplish this they have decided to use Federated Identity Management (FIM). Which of the...
Federated identity managementSAMLIdentity protocolsSingle Sign-On - Question #496Security and Risk Management
Which of the following is the GREATEST security risk associated with the user of identity as a service (IDaaS) when an organization its own software?
IDaaSCloud identityThird-party riskConfidentiality - Question #497Security Assessment and Testing
In the common criteria (CC) for information technology (IT) security evaluation, increasing Evaluation Assurance Levels (EAL) results in which of the following?
Common CriteriaEvaluation Assurance LevelSecurity certificationProduct security - Question #498Security Operations
Which of the following initiates the system recovery phase of a disaster recovery plan?
Disaster recovery planSystem recoveryHot site activationDRP phases - Question #499Software Development Security
Which of the following will help prevent improper session handling?
Session managementWeb application securitySecurity tokensOWASP Top 10 - Question #500Security and Risk Management
An organization is outsourcing its payroll system and is requesting to conduct a full audit on the third-party information technology (IT) systems. During the due diligence process...
Third-party risk managementVendor due diligenceAudit independenceThird-party assurance