Browse Exams Pricing

ExamsCISSPQuestions

CISSP Exam Questions

1,535 real CISSP exam questions with expert-verified answers and explanations. Page 13 of 31.

Question #601Security and Risk Management
What is the BEST approach for maintaining ethics when a security professional is unfamiliar with the culture of a country and is asked to perform a questionable task?
professional ethicscode of conductcultural awarenessdue diligence
Question #602Security Assessment and Testing
Which of the following activities is MOST likely to be performed during a vulnerability assessment?
vulnerability assessmentsecurity testinginformation gathering
Question #603Identity and Access Management
Which of the following is the BEST defense against password guessing?
password securitybrute-force defenseaccount lockout
Question #604Communication and Network Security
Why would a security architect specify that a default route pointing to a sinkhole be injected into internal networks?
network architecturesinkholetraffic filteringmalware prevention
Question #605Security Operations
Which one of the following documentation should be included in a Disaster Recovery (DR) package?
disaster recoveryDR documentationbusiness continuity
Question #606Asset Security
How long should the records on a project be retained?
data retentioninformation lifecyclepolicy compliance
Question #607Security Assessment and Testing
Which of the following phases involves researching a target's configuration from public sources when performing a penetration test?
penetration testinginformation gatheringreconnaissance
Question #608Security Operations
Which of the following provides the BEST method to verify that security baseline configurations are maintained?
security baselinesconfiguration managementsecurity testingcontinuous monitoring
Question #609Software Development Security
Which attack defines a piece of code that is inserted into software to trigger a malicious function?
malwarelogic bombsoftware attacks
Question #610Security Operations
Which of the following is the MOST critical success factor in the security patch management process?
patch managementvulnerability managementrisk analysisimpact assessment
Question #611Security Architecture and Engineering
A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?
defense in depthmobile securityendpoint securityasset protection
Question #612Software Development Security
Which of the following is the BEST technique to facilitate secure software development?
secure codingSDLC securitysoftware development practices
Question #613Asset Security
What is the MAIN reason to ensure the appropriate retention periods are enforced for data stored on electronic media?
data retentiondata protectionrisk reductionprivacy
Question #614Identity and Access Management
For a federated identity solution, a third-party Identity Provider (IdP) is PRIMARILY responsible for which of the following?
federated identityidentity providerauthenticationSSO
Question #615Security Operations
What is the BEST way to correlate large volumes of disparate data sources in a Security Operations Center (SOC) environment?
SIEMsecurity operations centerlog correlationevent management
Question #616Software Development Security
Which of the following steps should be conducted during the FIRST phase of software assurance in a generic acquisition process?
software assuranceSDLCrequirements engineeringacquisition process
Question #617Security Operations
Assume that a computer was powered off when an information security professional arrived at a crime scene. Which of the following actions should be performed after the crime scene...
digital forensicsincident responseevidence handlingcrime scene preservation
Question #618Software Development Security
Which of the following is used to support the concept of defense in depth during the development phase of a software product?
defense in depthsoftware development securitysecurity auditingSDLC
Question #619Security and Risk Management
An organization is considering outsourcing applications and data to a Cloud Service Provider (CSP). Which of the following is the MOST important concern regarding privacy?
cloud securitydata privacylegal compliancevendor risk management
Question #620Identity and Access Management
Individual access to a network is BEST determined based on
access controlleast privilegebusiness needneed-to-know
Question #621Security and Risk Management
The MAIN task of promoting security for Personal Computers (PC) is
Security awarenessUser educationRisk communication
Question #622Communication and Network Security
The Secure Shell (SSH) version 2 protocol supports.
SSHv2ConfidentialityIntegrityAuthentication
Question #623Security and Risk Management
What protocol is often used between gateway hosts on the Internet' To control the scope of a Business Continuity Management (BCM) system, a security practitioner should identify wh...
Business Continuity ManagementBCM scopeOrganizational factors
Question #624Security Operations
Which of the following management processes allots ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve anti...
Configuration managementLeast privilegeSecure baselinesSystem hardening
Question #625Software Development Security
Which of the following practices provides the development team with a definition of security and identification of threats in designing software?
Threat modelingSoftware design securitySDLC security
Question #626Communication and Network Security
Which of the following is a peor entity authentication method for Point-to-Point Protocol (PPP)?
PPP authenticationCHAPAuthentication protocolsNetwork authentication
Question #627Communication and Network Security
What form of attack could this represent?
Masquerading attackARP spoofingNetwork attacksLayer 2 attacks
Question #628Software Development Security
Which of the following value comparisons MOST accurately reflects the agile development approach?
Agile developmentAgile ManifestoSoftware development
Question #629Security Architecture and Engineering
Which of the following needs to be included in order for High Availability (HA) to continue operations during planned system outages?
High AvailabilityClusteringLoad balancingFault tolerance
Question #630Communication and Network Security
Which of the following is the MOST effective countermeasure against Man-in-the Middle (MITM) attacks while using online banking?
TLSMITM attacksWeb securityOnline banking security
Question #631Software Development Security
According to the Capability Maturity Model Integration (CMMI), which of the following levels is identified by a managed process that is tailored from the organization's set of stan...
CMMIProcess maturitySoftware development lifecycle
Question #632Communication and Network Security
Point-to-Point Protocol (PPP) was designed to specifically address what issue?
PPPDial-up securityNetwork protocolsAuthentication
Question #633Communication and Network Security
Which of the following is an advantage of' Secure Shell (SSH)?
SSH advantagesSecure communicationEncryptionAuthentication
Question #634Software Development Security
A security engineer is designing a Customer Relationship Management (CRM) application for a third- party vendor. In which phase of the System Development Life Cycle (SDLC) will it...
SDLC securityData sensitivityRequirements gatheringSecurity by design
Question #635Security Assessment and Testing
Which of the following is a PRIMARY challenge when running a penetration test?
Penetration testingPen test scopeSecurity assessment challenges
Question #636Security and Risk Management
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Security policy managementOrganizational goalsPolicy reviewRisk alignment
Question #637Security Operations
An audit of an application reveals that the current configuration does not match the configuration of the originally implemented application. Which of the following is the FIRST ac...
Change controlConfiguration auditIncident responseProcess verification
Question #638Security Operations
What is the BEST method if an investigator wishes to analyze a hard drive which may be used as evidence?
Digital forensicsEvidence preservationDisk imagingWrite blocker
Question #639Communication and Network Security
Which of the following provides the GREATEST level of data security for a Virtual Private Network (VPN) connection?
IPSecVPN securityNetwork protocolsData confidentiality
Question #640Software Development Security
What is the purpose of code signing?
Code signingSoftware integritySoftware authenticityDigital signatures
Question #641Security Assessment and Testing
What is the PRIMARY objective for conducting an internal security audit?
security auditcontrol effectivenessinternal audit
Question #642Security Assessment and Testing
What is the PRIMARY purpose for an organization to conduct a security audit?
security auditrisk mitigationsecurity controls
Question #643Security Assessment and Testing
Which testing method requires very limited or no information about the network infrastructure?
penetration testingblack box testingtesting methodologies
Question #644Asset Security
Which of the following is a MAJOR concern when there is a need to preserve or retain information for future retrieval?
data retentiondata preservationtechnological obsolescence
Question #645Security Operations
Which of the following types of data would be MOST difficult to detect by a forensic examiner?
digital forensicssteganographydata hiding
Question #646Security Assessment and Testing
Following a penetration test, what should an organization do FIRST?
penetration testingpost-test proceduresvulnerability management
Question #647Security Operations
An Intrusion Detection System (IDS) is based on the general hypothesis that a security violation is associated with a pattern of system usage which can be
Intrusion Detection SystemsIDSanomaly detection
Question #648Security Architecture and Engineering
Which of the following models uses unique groups contained in unique conflict classes?
security modelsChinese Wall modelconflict of interest
Question #649Identity and Access Management
When developing the entitlement review process, which of the following roles is responsible for determining who has a need for the information?
data owneraccess controlentitlement review
Question #650Security Assessment and Testing
What should an auditor do when conducting a periodic audit on media retention?
media retentiondata destructionsecurity audit

PreviousPage 13 of 31Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.