Browse Exams Pricing

ExamsCISSPQuestions

CISSP Exam Questions

1,535 real CISSP exam questions with expert-verified answers and explanations. Page 14 of 31.

Question #651Security and Risk Management
Which of the following factors is a PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy?
continuous monitoringISCMbusiness process changessecurity strategy
Question #652Security Architecture and Engineering
Digital non-repudiation requires which of the following?
non-repudiationtrusted third partydigital signatures
Question #653Asset Security
Data remanence is the biggest threat in which of the following scenarios?
data remanencedata destructionsecure disposal
Question #654Identity and Access Management
Which of the following is the MOST secure password technique?
password securityone-time passwordauthentication methods
Question #655Security and Risk Management
Which of the following is a Key Performance Indicator (KPI) for a security training and awareness program?
security awareness trainingKPIsecurity metrics
Question #656Software Development Security
When are security requirements the LEAST expensive to implement?
SDLC securitysecurity by designcost-benefit analysis
Question #657Communication and Network Security
What type of attack sends Internet Control Message Protocol (ICMP) echo requests to the target machine with a larger payload than the target can handle?
Denial of ServiceDoS attackICMP flood
Question #658Software Development Security
What is the HIGHEST priority in agile development?
agile developmentSDLCsoftware deliveryagile principles
Question #659Communication and Network Security
Which of the following is included in the Global System for Mobile Communications (GSM) security framework?
GSM securitysymmetric cryptographymobile security
Question #660Security Architecture and Engineering
Which of the following is the reason that transposition ciphers are easily recognizable?
transposition ciphercryptographyfrequency analysis
Question #661Security Architecture and Engineering
How is it possible to extract private keys securely stored on a cryptographic smartcard?
smartcard securityside-channel attackshardware attacks
Question #662Security Operations
Which of the following is an important requirement when designing a secure remote access system?
remote access securityloggingauditingsystem design
Question #663Security Architecture and Engineering
Which of the following is the BEST way to mitigate circumvention of access controls?
defense in depthaccess controlssecurity architecturecontrol diversification
Question #664Security Operations
Which one of the following can be used to detect an anomaly in a system by keeping track of the state of files that do not normally change?
file integrity monitoringanomaly detectionsecurity tools
Question #665Software Development Security
Which of the following is the MOST effective preventative method to identify security flaws in software?
software securitycode reviewstatic analysisvulnerability assessment
Question #666Security Operations
Which of the following BEST describes botnets?
malwarebotnetcyber attacks
Question #667Identity and Access Management (IAM)
An organization seeks to use a cloud Identity and Access Management (IAM) provider whose protocols and data formats are incompatible with existing systems. Which of the following t...
cloud IAMidentity federationauthentication gatewayhybrid identity
Question #668Security and Risk Management
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
business impact analysisBIAbusiness continuity planningdisaster recovery
Question #669Identity and Access Management (IAM)
The application owner of a system that handles confidential data leaves an organization. It is anticipated that a replacement will be hired in approximately six months. During that...
access controlrole managementoffboardingleast privilege
Question #670Asset Security
Which Redundant Array of Independent Disks (RAID) Level does the following diagram represent?
RAIDdata redundancystorage securityfault tolerance
Question #671Security Architecture and Engineering
Which of the following is used to ensure that data mining activities will NOT reveal sensitive data?
data privacydata maskingencryptiondata mining security
Question #672Communication and Network Security
Why are packet filtering routers used in low-risk environments?
packet filteringfirewall typesnetwork securityrouter security
Question #673Communication and Network Security
Which of the following protocols will allow the encrypted transfer of content on the Internet?
secure protocolsencrypted transferSCPSFTP
Question #674Security Assessment and Testing
What requirement MUST be met during internal security audits to ensure that all information provided is expressed as an objective assessment without risk of retaliation?
auditing principlesauditor independencerisk managementgovernance
Question #675Identity and Access Management (IAM)
In order to support the least privilege security principle when a resource is transferring within the organization from a production support system administration role to a develop...
least privilegeaccess controlrole-based access controlprivilege management
Question #676Security and Risk Management
What is the FINAL step in the waterfall method for contingency planning?
contingency planningBCPDRPmaintenance
Question #677Security Assessment and Testing
Which of the following is a security weakness in the evaluation of common criteria (CC) products?
Common Criteriaproduct evaluationsecurity testingcertification
Question #678Security Architecture and Engineering
What is the second phase of public key infrastructure (PKI) key/certificate life-cycle management?
PKIcertificate lifecyclekey management
Question #679Identity and Access Management (IAM)
Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?
SAMLidentity federationSSOauthorization protocols
Question #680Security Operations
What does the change management process entail?
change managementvulnerability managementrisk assessmentsecurity operations
Question #681Security Assessment and Testing
The security team has been tasked with performing an interface test against a frontend external facing application and needs to verify that all input fields protect against invalid...
application security testingfuzzinginput validation
Question #682Identity and Access Management
Which of the following is the FIRST step during digital identity provisioning?
identity provisioningdigital identity lifecycle
Question #683Identity and Access Management
Physical Access Control Systems (PACS) allow authorized security personnel to manage and monitor access control for subjects through which function?
physical access controlPACSPIV
Question #684Identity and Access Management
In a large company, a system administrator needs to assign users access to files using Role Based Access Control (RBAC). Which option Is an example of RBAC?
RBACaccess control modelsgroup membership
Question #685Security Operations
During a Disaster Recovery (DR) simu-lation, it is discovered that the shared recovery site lacks adequate data restoration capabilities to support the implementation of multiple p...
disaster recoveryRTObusiness continuity planning
Question #686Security and Risk Management
What is the MAIN objective of risk analysis in Disaster Recovery (DR) planning?
risk analysisdisaster recovery planningthreat identification
Question #687Security and Risk Management
The adoption of an enterprise-wide Business Continuity (BC) program requires which of the following?
business continuityprogram managementorganizational communication
Question #688Security and Risk Management
A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls. This type of risk rating is an example of wh...
risk assessmentinherent riskrisk management
Question #689Software Development Security
Which of the following is the BEST way to protect against Structured Query language (SQL) injection?
SQL injectionsecure codingstored proceduresapplication security
Question #690Security and Risk Management
When defining a set of security controls to mitigate a risk, which of the following actions MUST occur?
security controlsrisk mitigationcontrol effectiveness
Question #691Security Architecture and Engineering
A company-wide penetration test result shows customers could access and read files through a web browser. Which of the following can be used to mitigate this vulnerability?
web server securitydirectory listingvulnerability mitigationpenetration testing
Question #692Communication and Network Security
Which of the following provides the MOST secure method for Network Access Control (NAC)?
network access control802.1Xnetwork security
Question #693Security and Risk Management
What does the result of Cost-Benefit Analysis (C8A) on new security initiatives provide?
cost-benefit analysissecurity investmentjustification
Question #694Security Architecture and Engineering
Which of the following is considered the PRIMARY security issue associated with encrypted e- mail messages?
email encryptionkey managementkey distributioncryptography
Question #695Asset Security
Which media sanitization methods should be used for data with a high security categorization?
media sanitizationdata destructionpurgedestroy
Question #696Communication and Network Security
Which of the following is the MOST secure protocol for zremote command access to the firewall?
secure protocolsSSHremote administrationnetwork security
Question #697Security and Risk Management
How should the retention period for an organization's social media content be defined?
data retentionsocial media policyinformation governance
Question #698Security and Risk Management
How should the retention period for an organization's social media content be defined?
data retention policyinformation governancerecords management
Question #699Identity and Access Management
In Identity Management (IdM), when is the verification stage performed?
identity managementidentity lifecycleidentity verification
Question #700Security Assessment and Testing
What is the PRIMARY purpose of auditing, as it relates to the security review cycle?
security auditingcontrol effectivenesscompliance monitoring

PreviousPage 14 of 31Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.