CISSP Exam Questions

Utilizing a public wireless Local Area network (WLAN) to connect to a private network should be done only in which of the following situations?

Which of the following technologies would provide the BEST alternative to anti-malware software?

Which of the following is MOST critical in a contract in a contract for data disposal on a hard drive with a third party?

Which of the following attributes could be used to describe a protection mechanism of an open design methodology?

What is a common mistake in records retention?

Which inherent password weakness does a One Time Password (OTP) generator overcome?

What is the BEST way to establish identity over the internet?

The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a prot...

Which security architecture strategy could be applied to secure an operating system (OS) baseline for deployment within the corporate enterprise?

What does the term "100-year floodplain" mean to emergency preparedness officials?

Which layer of the Open system Interconnect (OSI) model is responsible for secure data transfer between applications, flow control, and error detection and correction?

Which of the following is the PRIMARY consideration when determining the frequency an automated control should be assessed or monitored?

An organization that has achieved a Capability Maturity model Integration (CMMI) level of 4 has done which of the following?

What is the MOST effective way to protect privacy?

Internet protocol security (IPSec), point-to-point tunneling protocol (PPTP), and secure sockets Layer (SSL) all use Which of the following to prevent replay attacks?

Which of the following job functions MUST be separated to maintain data and application integrity?

Which of the following authorization standards is built to handle Application programming Interface (API) access for federated Identity management (FIM)?

What is the MOST effective way to determine a mission critical asset in an organization?

Information security metrics provide the GREATEST value tp management when based upon the security manager's knowledge of which of the following?

Who determines the required level of independence for security control Assessors (SCA)?

What high Availability (HA) option of database allows multiple clients to access multiple database servers simultaneously?

Which is the best way to ensure camera security?

Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?

Which of the following can be used to calculate the loss event probability?

Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?

Which of the following is used to detect steganography?

Which is the MOST critical aspect of computer-generated evidence?

Which of the following media is LEAST problematic with data remanence?

Which open standard could l large corporation deploy for authorization services for single sign-on (SSO) use across multiple internal and external application?

Which of the following statements is TRUE regarding equivalence class testing?

A large corporation is looking for a solution to automate access based on where the request is coming from, who the user is, what device they are connecting with, and what and time...

Which of the following techniques is MOST useful when dealing with Advanced persistent Threat (APT) intrusions on live virtualized environments?

Which of the following MUST an organization do to effectively communicate is security strategy to all affected parties?

When using Security Assertion markup language (SAML), it is assumed that the principal subject

A client has reviewed a vulnerability assessment report and has stated it is inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operatin...

Which of the below strategies would MOST comprehensively address the risk of malicious insiders leaking sensitive information?

What is the FIRST step required in establishing a records retention program?

Functional security testing is MOST critical during which phase of the system development life cycle (SDLC)?

What is the threat modeling order using process for Attack simu-lation and threat analysis (PASTA)?

Which is the RECOMMENDED configuration mode for sensors for an intrusion prevention system (IPS) if the prevention capabilities will be used?

An organization implements a remote access server (RAS), Once users connect to the server, digital certificates are used to authenticate their identity. What type of extensible Aut...

An analysis finds unusual activity coming from a computer that was thrown away several months prior, which of the following steps ensure the proper removal of the system?

As a security manger which of the following is the MOST effective practice for providing value to an organization?

Which of the following BEST provides for non-repudiation od user account actions?

What type of access control determines the authorization to resource based on pre-defined job titles within an organization?

As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered t...

Continuity of operations is BEST supported by which of the following?

Which of the following is true of Service Organization Control (SOC) reports?

What testing technique enables the designer to develop mitigation strategies for potential vulnerabilities?

Asymmetric algorithms are used for which of the following when using Secure Sockets Layer/Transport Layer Security (SSL/TLS) for implementing network security?