CISSP Exam Questions
1,535 real CISSP exam questions with expert-verified answers and explanations. Page 17 of 31.
- Question #801Communication and Network Security
Secure Sockets Layer (SSL) encryption protects
SSL/TLSdata in transitencryptionweb security - Question #802Security Architecture and Engineering
Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?
Systems Engineering Life Cycletechnical processes - Question #803Security Architecture and Engineering
Which of the following BEST describes a Protection Profile (PP)?
Protection ProfileCommon Criteriasecurity requirements - Question #804Communication and Network Security
Which of the following BEST describes a rogue Access Point (AP)?
rogue access pointnetwork securitywireless security - Question #805Communication and Network Security
The 802.1x standard provides a framework for what?
802.1xnetwork authenticationwired/wireless security - Question #806Identity and Access Management
Single Sign-On (SSO) is PRIMARILY designed to address which of the following?
Single Sign-OnSSOaccountabilityassurance - Question #807Asset Security
Which of the following is the PRIMARY security concern associated with the implementation of smart cards?
smart cardsphysical securityauthentication factors - Question #808Identity and Access Management
Which of the following is a function of Security Assertion Markup Language (SAML)?
SAMLfederated identitypolicy enforcement - Question #809Identity and Access Management
What is an important characteristic of Role Based Access Control (RBAC)?
RBACaccess controlprivilege management - Question #810Security Architecture and Engineering
A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
side-channel attackpower analysiscryptographic attacks - Question #811Security Assessment and Testing
Which of the following is an essential step before performing Structured Query Language (SQL) penetration tests on a production system?
penetration testingSQL injectiondata backuprisk mitigation - Question #812Security Operations
Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?
log reviewsecurity monitoringincident detection - Question #813Security Operations
What is the GREATEST challenge of an agent-based patch management solution?
patch managementagent-based solutionsendpoint management - Question #814Security Architecture and Engineering
Changes to a Trusted Computing Base (TCB) system that could impact the security posture of that system and trigger a recertification activity are documented in the
Trusted Computing BaseTCBsecurity impact analysis - Question #815Security Operations
Disaster Recovery Plan (DRP) training material should be
disaster recovery planDRP trainingbusiness continuity - Question #816Security and Risk Management
The MAIN reason an organization conducts a security authorization process is to
Security AuthorizationRisk Management FrameworkRisk AcceptanceAuthorizing Official - Question #817Security and Risk Management
During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application th...
risk assessmentHIPAA compliancePHIrisk management decision - Question #818Security and Risk Management
The World Trade Organization's (WTO) agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) requires authors of computer software to be given the
TRIPS agreementintellectual propertysoftware licensing - Question #819Asset Security
What is the GREATEST challenge to identifying data leaks?
data leak preventiondata classificationasset labelinginformation governance - Question #820Security Operations
While investigating a malicious event, only six days of audit logs from the last month were available. What policy should be updated to address this problem?
log retentionaudit logsincident response policy - Question #821Security and Risk Management
Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?
data ownershipinformation asset classificationroles and responsibilities - Question #822Security and Risk Management
A mobile device application that restricts the storage of user information to just that which is needed to accomplish lawful business goals adheres to what privacy principle?
privacy principlescollection limitationdata minimizationmobile security - Question #823Asset Security
Which of the following is the PRIMARY benefit of implementing data-in-use controls?
data protectiondata-in-useconfidentialitydata security controls - Question #824Communication and Network Security
A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?
PKIdigital signaturesdata protectionsecure communication - Question #825Security Architecture and Engineering
Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?
Common Criteriasecurity functional requirementsTOE - Question #826Communication and Network Security
Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a netwo...
IEEE 802.1XNetwork Access Control (NAC)Wireless SecurityAuthentication - Question #827Asset Security
The PRIMARY security concern for handheld devices is the
mobile securitymalwaresynchronizationdevice security - Question #828Identity and Access Management
Which of the following is the BIGGEST weakness when using native Lightweight Directory Access Protocol (LDAP) for authentication?
LDAPauthentication protocolsclear text passwordsnetwork security - Question #829Identity and Access Management
A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is
MFAhardware tokensauthenticationremote access security - Question #830Security Operations
Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?
DoS attackcredential managementCertificate Revocation List (CRL)PKI - Question #831Identity and Access Management
What security risk does the role-based access approach mitigate MOST effectively?
RBACaccess controlleast privilegeexcessive permissions - Question #832Identity and Access Management
Which of the following questions can be answered using user and group entitlement reporting?
entitlement reportingaccess rightsuser provisioningaudit - Question #833Security and Risk Management
A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?
Vulnerability ManagementRisk AssessmentBusiness Impact AnalysisRisk Prioritization - Question #834Security Assessment and Testing
Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment?
reconnaissancenetwork toolsdigDNS enumeration - Question #835Security Assessment and Testing
An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester?
penetration testingscoperules of engagementsecurity assessment - Question #836Security Assessment and Testing
When planning a penetration test, the tester will be MOST interested in which information?
penetration testingexploitsvulnerabilitiesattack vectors - Question #837Security Operations
After acquiring the latest security updates, what must be done before deploying to production systems?
patch managementchange managementtestingsecurity updates - Question #838Software Development Security
Software Code signing is used as a method of verifying what security concept?
code signingintegritydigital signaturessoftware security - Question #839Security and Risk Management
Which of the following BEST describes the purpose of performing security certification?
Security CertificationComplianceSecurity PoliciesStandards - Question #840Security and Risk Management
Are companies legally required to report all data breaches?
data breachlegal requirementsprivacy lawsregulatory compliance - Question #841Security and Risk Management
What is the PRIMARY difference between security policies and security procedures?
security policysecurity proceduresgovernancedocumentation - Question #842Security and Risk Management
For privacy protected data, which of the following roles has the highest authority for establishing dissemination rules for the data?
data ownerdata governanceprivacy dataroles and responsibilities - Question #843Security and Risk Management
Which of the following controls is the FIRST step in protecting privacy in an information system?
data minimizationprivacy principlesdata protectionprivacy controls - Question #844Asset Security
Which of the following BEST avoids data reminisce disclosure for cloud hosted resources?
data remanencecloud securitydata deletionvirtual host - Question #845Software Development Security
What is the MOST efficient way to secure a production program and its data?
application hardeningdata encryptiondata securitysecure configuration - Question #846Security Architecture and Engineering
If compromised, which of the following would lead to the exploitation of multiple virtual machines?
virtualization securityhypervisorvirtual machine monitorcloud security - Question #847Software Development Security
Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?
threat modelingOWASPmobile application securityattack surface analysis - Question #848Communication and Network Security
Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?
OSI modelnetwork layersdata integrityCRC - Question #849Communication and Network Security
Which of the following secures web transactions at the Transport Layer?
SSL/TLStransport layer securityweb securityOSI model - Question #850Asset Security
Which of the following is the MOST effective method of mitigating data theft from an active user workstation?
Data ExfiltrationDevice ControlEndpoint SecurityData Loss Prevention