Browse Exams Pricing

ExamsCISSPQuestions

CISSP Exam Questions

1,535 real CISSP exam questions with expert-verified answers and explanations. Page 19 of 31.

Question #901Asset Security
Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?
Information classificationData lifecycleData stewardshipData handling standards
Question #902Identity and Access Management (IAM)
When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?
Third-party riskAccess controlData protectionOutsourcing security
Question #903Asset Security
Which of the following is the MOST appropriate action when reusing media that contains sensitive data?
Media sanitizationData disposalSensitive dataData reuse
Question #904Security Architecture and Engineering
An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive info...
Key exchangeDiffie-HellmanCryptographyHard-coded keys
Question #905Security Architecture and Engineering
Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?
Fire suppressionData center securityPhysical securityInert gas
Question #906Security Assessment and Testing
Unused space in a disk cluster is important in media analysis because it may contain which of the following?
Media analysisResidual dataDigital forensicsData remnants
Question #907Security Assessment and Testing
A company seizes a mobile device suspected of being used in committing fraud. What would be the BEST method used by a forensic examiner to isolate the powered-on device from the ne...
Mobile forensicsEvidence preservationNetwork isolationIncident response
Question #908Security Architecture and Engineering
Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?
Data at rest encryptionAESCryptographyData confidentiality
Question #909Software Development Security
Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?
XSSInput validationWeb application securityOutput encoding
Question #910Communication and Network Security
What is the MOST significant benefit of an application upgrade that replaces randomly generated session keys with certificate based encryption for communications with backend serve...
Non-repudiationCertificate-based encryptionPKIDigital signatures
Question #911Security Architecture and Engineering
A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device. Which of the following is MOST effective to mitigate future infections?
USB securityMalware preventionEndpoint securityTechnical controls
Question #912Security Operations
Which of the following MUST be in place to recognize a system attack?
Log analysisSystem attack detectionSecurity monitoringIncident response
Question #913Identity and Access Management (IAM)
Which of the following is the GREATEST benefit of implementing a Role Based Access Control (RBAC) system?
RBACAccess controlUser provisioningIdentity management
Question #914Identity and Access Management (IAM)
Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?
least privilegeuser access reviewIAM processes
Question #915Asset Security
A minimal implementation of endpoint security includes which of the following?
endpoint securityhost-based firewall
Question #916Security and Risk Management
What is the expected outcome of security awareness in support of a security awareness program?
security awarenesssecurity trainingsecurity program
Question #917Security Architecture and Engineering
Which security modes is MOST commonly used in a commercial environment because it protects the integrity of financial and accounting data?
Security ModelsIntegrity ModelsClark-WilsonCommercial Security
Question #918Security Operations
Why is planning in Disaster Recovery (DR) an interactive process?
disaster recovery planningDR lifecyclebusiness continuity
Question #919Identity and Access Management (IAM)
Mandatory Access Controls (MAC) are based on:
Mandatory Access Control (MAC)security classificationsecurity clearance
Question #920Security Architecture and Engineering
What is the foundation of cryptographic functions?
cryptographyentropyrandomness
Question #921Identity and Access Management (IAM)
The organization would like to deploy an authorization mechanism for an Information Technology (IT) infrastructure project with high employee turnover. Which access control mechani...
Role-Based Access Control (RBAC)access control modelsemployee turnover
Question #922Security Operations
Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivi...
configuration managementhardeningleast privilege
Question #923Identity and Access Management (IAM)
Which security access policy contains fixed security attributes that are used by the system to determine a user's access to a file or object?
Mandatory Access Control (MAC)access control policies
Question #924Security and Risk Management
Which of the following is a common characteristic of privacy?
privacy principlesdata privacynotice
Question #925Identity and Access Management (IAM)
At a MINIMUM, audits of permissions to individual or group accounts should be scheduled
permission auditsaccess reviewleast privilege
Question #926Security Architecture and Engineering
Which of the following is part of a Trusted Platform Module (TPM)?
Trusted Platform Module (TPM)hardware securitysecure storage
Question #927Software Development Security
In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs?
change managementproduction changesunauthorized changes
Question #928Security and Risk Management
Which of the following combinations would MOST negatively affect availability?
availabilityDoS attacksystem reliabilityoutdated hardware
Question #929Software Development Security
Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?
DevOps securitysegregation of duties (SoD)security challenges
Question #930Security Assessment and Testing
A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing qualit...
compliance auditingCMDBconfiguration managementsecurity automation
Question #931Security Assessment and Testing
Which of the following is a characteristic of an internal audit?
internal auditaudit responsibilitiesmanagement oversight
Question #932Security and Risk Management
Which of the following is a responsibility of a data steward?
data stewardshipdata governancedata responsibilities
Question #933Security and Risk Management
What is the MAIN goal of information security awareness and training?
security awarenesssecurity traininguser responsibilities
Question #934Software Development Security
Proven application security principles include which of the following?
application securityattack surface reductionsecure design principles
Question #935Security and Risk Management
When developing a business case for updating a security program, the security program owner MUST do which of the following?
security program managementbusiness casesecurity metrics
Question #936Software Development Security
From a security perspective, which of the following assumptions MUST be made about input to an application?
input validationsecure codingapplication security principles
Question #937Security and Risk Management
Which of the following is the BEST reason for writing an information security policy?
security policyinformation security governancesecurity documentation
Question #938Security Architecture and Engineering
What is the PRIMARY goal of fault tolerance?
fault tolerancehigh availabilitysingle point of failure
Question #939Security Assessment and Testing
Which of the BEST internationally recognized standard for evaluating security products and systems?
Common Criteriasecurity standardsproduct evaluation
Question #940Security Architecture and Engineering
Which one of the following data integrity models assumes a lattice of integrity levels?
Biba modelintegrity modelssecurity models
Question #941Asset Security
Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?
digital watermarkingdata integritydata protection
Question #942Identity and Access Management (IAM)
Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)?
XACMLaccess controlauthorization
Question #943Security Operations
An organization has discovered that users are visiting unauthorized websites using anonymous proxies. Which of the following is the BEST way to prevent future occurrences?
network securityproxy blockingcontent filteringsecurity operations
Question #944Communication and Network Security
A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled. Why did...
gratuitous ARPMan-in-the-Middle (MITM)VoIP securitynetwork protocols
Question #945Communication and Network Security
Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP). Which of the following represents a valid measure to hel...
network access control802.1Xport securityDHCP security
Question #946Communication and Network Security
Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?
TLSremote accessauthenticationpeer authentication
Question #947Security Architecture and Engineering
A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and main...
ICS securitynetwork segmentationoperational technology (OT) securitynetwork integration risks
Question #948Communication and Network Security
What does a Synchronous (SYN) flood attack do?
SYN floodDoS attackTCP/IPnetwork attacks
Question #949Communication and Network Security
A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?
DoS attacksyslogTCPUDPnetwork protocols
Question #950Security Architecture and Engineering
In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?
High Availability (HA)virtual router redundancynetwork resiliencefault tolerance

PreviousPage 19 of 31Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.