Browse Exams Pricing

ExamsCISSPQuestions

CISSP Exam Questions

1,535 real CISSP exam questions with expert-verified answers and explanations. Page 15 of 31.

Question #701Identity and Access Management
Which of the following access control models is MOST restrictive?
access control modelsMandatory Access Control (MAC)
Question #702Security and Risk Management
Which of the following is a canon of the (ISC)2 Code of Ethics?
(ISC)2 Code of Ethicsprofessional ethics
Question #703Security Assessment and Testing
Which of the following will an organization's network vulnerability testing process BEST enhance?
vulnerability testingserver hardeningsecurity assessment
Question #704Asset Security
Which of the following is the MOST effective countermeasure against data remanence?
data remanencedata destructiondata sanitization
Question #705Security Assessment and Testing
A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetration test. What is the...
penetration testingethical hackingauthorizationtesting methodology
Question #706Security Architecture and Engineering
The Rivest-Shamir-Adleman (RSA) algorithm is BEST suited for which of the following operations?
RSAasymmetric encryptionkey exchangecryptography
Question #707Communication and Network Security
Configuring a Wireless Access Point (WAP) with the same Service Set Identifier (SSID) as another WAP in order to have users unknowingly connect is referred to as which of the follo...
wireless attacksevil twinMan-in-the-Middle (MITM)WAP security
Question #708Security Operations
Which of the following actions should be taken by a security professional when a mission critical computer network attack is suspected?
incident responsecyber attackinvestigationincident management
Question #709Software Development Security
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
SDLC securitysecurity trainingsecurity by designinitiation phase
Question #710Asset Security
Of the following, which BEST provides non- repudiation with regards to access to a server room?
non-repudiationphysical access controlbiometricsserver room security
Question #711Security and Risk Management
The personal laptop of an organization executive is stolen from the office, complete with personnel and project records. Which of the following should be done FIRST to mitigate fut...
security policydata loss preventionBYOD securityasset protection
Question #712Communication and Network Security
Which of the following is a standard Access Control List (ACL) element that enables a router to filter Internet traffic?
Access Control List (ACL)router securityIP address filteringnetwork security
Question #713Identity and Access Management
Which of the following will accomplish Multi-Factor Authentication (MFA)?
Multi-Factor Authentication (MFA)authentication factorssmart cardOTP
Question #714Security Operations
Which of the following is the PRIMARY issue when analyzing detailed log information?
log analysissecurity monitoringSIEMsecurity operations
Question #715Security Architecture and Engineering
How does security in a distributed file system using mutual authentication differ from file security in a multi-user host?
distributed file system securitymutual authenticationeavesdroppingnetwork security
Question #716Security and Risk Management
Which of the following explains why classifying data is an important step in performing a Risk assessment?
data classificationrisk assessmentsecurity controlsdata sensitivity
Question #717Identity and Access Management
How is Remote Authentication Dial-In User Service (RADIUS) authentication accomplished?
RADIUSauthentication protocolsshared secret keynetwork authentication
Question #718Security Architecture and Engineering
A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used?
S/MIMEdigital signaturesRSAcryptography protocols
Question #719Asset Security
What documentation is produced FIRST when performing an effective physical loss control process?
physical securityasset managementinventoryloss prevention
Question #720Security Operations
Who should formulate conclusions from a particular digital fore Ball, Submit a Toper Of Tags, and the results?
digital forensicsincident responseevidence analysisroles and responsibilities
Question #721Security and Risk Management
A manager identified two conflicting sensitive user functions that were assigned to a single user account that had the potential to result in financial and regulatory risk to the c...
separation of dutiesrisk managementuser access review
Question #722Security Operations
When assessing the audit capability of an application, which of the following activities is MOST important?
audit logsaudit capabilityinformation integrity
Question #723Software Development Security
A web-based application known to be susceptible to attacks is now under review by a senior developer. The organization would like to ensure this application Is less susceptible to...
injection attacksinput validationoutput encodingweb application security
Question #724Security Operations
Management has decided that a core application will be used on personal cellular phones. As an implementation requirement, regularly scheduled analysis of the security posture need...
continuous monitoringmobile device managementconfiguration managementsecurity operations
Question #725Identity and Access Management
An organization would like to implement an authorization mechanism that would simplify the assignment of various system access permissions for many users with similar job responsib...
role-based access control (RBAC)authorizationaccess control models
Question #726Security and Risk Management
Which service management process BEST helps information technology (IT) organizations with reducing cost, mitigating risk, and improving customer service?
ITILIT service managementrisk management
Question #727Security and Risk Management
Under the General Data Protection Regulation (GDPR), what is the maximum amount of time allowed for reporting a personal data breach?
GDPRdata breach notificationregulatory compliance
Question #728Identity and Access Management
What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems?
single sign-on (SSO)multi-factor authentication (MFA)authentication security
Question #729Security Operations
A security practitioner detects an Endpoint attack on the organization's network. What is the MOST reasonable approach to mitigate future Endpoint attacks?
endpoint securitysystem hardeningattack surface reduction
Question #730Software Development Security
Which of the following is a potential risk when a program runs in privileged mode?
privileged accessleast privilegesecurity risk
Question #731Software Development Security
The goal of software assurance in application development is to
software assurancesecure development lifecyclevulnerability prevention
Question #732Asset Security
What is the ultimate objective of information classification?
information classificationdata classificationasset protection
Question #733Asset Security
In a financial institution, who has the responsibility for assigning the classification to a piece of information?
data ownershipinformation classificationdata governance
Question #734Security Architecture and Engineering
An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls....
data confidentialityencryptiondata at restdocument repository security
Question #735Security Operations
What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?
antivirusheuristic analysismalware detection
Question #736Security Operations
Contingency plan exercises are intended to do which of the following?
contingency planningdisaster recovery planningbusiness continuityincident response training
Question #737Communication and Network Security
Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?
VPNsecure communicationB2B integrationnetwork security
Question #738Security Architecture and Engineering
Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?
Trusted Platform Module (TPM)secure boothardware securitytrusted computing
Question #739Security Operations
Which of the following would be the FIRST step to take when implementing a patch management program?
patch managementasset inventoryvulnerability management
Question #740Identity and Access Management
When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all acces...
access control designuser access matrixauthorization matrixaccess control requirements
Question #741Security Architecture and Engineering
Which of the following is the BEST way to verify the integrity of a software patch?
Software integrityCryptographic checksumsPatch management
Question #742Communication and Network Security
Which of the following is considered best practice for preventing e-mail spoofing?
Email securityEmail spoofingCryptographic signatures
Question #743Software Development Security
Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?
Web application attacksCross-site scripting (XSS)Encoding attacks
Question #744Asset Security
What would be the PRIMARY concern when designing and coordinating a security assessment for an Automatic Teller Machine (ATM) system?
Physical securityATM securitySecurity assessment
Question #745Security Architecture and Engineering
The Hardware Abstraction Layer (HAL) is implemented in the
Operating systemsSystem architectureHardware Abstraction Layer (HAL)
Question #746Security Operations
A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices,...
Business Continuity Planning (BCP)Disaster Recovery Planning (DRP)Business Impact Analysis (BIA)Recovery strategies
Question #747Security Assessment and Testing
A vulnerability test on an Information System (IS) is conducted to
Vulnerability testingSecurity controlsSecurity assessment
Question #748Security Operations
Who must approve modifications to an organization's production infrastructure configuration?
Change managementIT governanceProduction infrastructure
Question #749Security Architecture and Engineering
When implementing controls in a heterogeneous end-point network for an organization, it is critical that
Endpoint securityHomogeneous security controlsNetwork security architecture
Question #750Security Operations
Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized a...
Penetration testingIncident responseReportingVulnerability management

PreviousPage 15 of 31Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.