Browse Exams Pricing

ExamsCISSPQuestions

CISSP Exam Questions

1,535 real CISSP exam questions with expert-verified answers and explanations. Page 23 of 31.

Question #1101Software Development Security
What is static analysis intended to do when analyzing an executable file?
static analysisexecutable analysismalware analysisreverse engineering
Question #1102Asset Security
In addition to life, protection of which of the following elements is MOST important when planning a data center site?
data center securityasset criticalitybusiness continuity
Question #1103Asset Security
In an IDEAL encryption system, who has sole access to the decryption key?
data ownerdecryption keykey managementdata classification
Question #1104Asset Security
Which of the following roles is responsible for ensuring that important datasets are developed, maintained, and are accessible within their defined specifications?
data custodiandata managementdata governanceroles and responsibilities
Question #1105Security Operations
What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?
chain of custodyforensicsincident responseevidence collection
Question #1106Security Architecture and Engineering
What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?
SCAPsecurity automationvulnerability managementinteroperability
Question #1107Software Development Security
A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?
password hashingsaltingcredential storagedata confidentiality
Question #1108Security Assessment and Testing
What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?
ICS securitySCADAoperational technology (OT)availability
Question #1109Communication and Network Security
An organization implements Network Access Control (NAC) ay Institute of Electrical and Electronics Engineers (IEEE) 802.1x and discovers the printers do not support the IEEE 802.1x...
NAC802.1xnetwork securitydevice integration
Question #1110Security and Risk Management
What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?
risk managementcost-benefit analysissecurity controlsdecision making
Question #1111Software Development Security
Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization?
software assurancevulnerability managementbusiness risksoftware quality
Question #1112Software Development Security
In software development, which of the following entities normally signs the code to protect the code integrity?
code signingcode integritysoftware development lifecycle (SDLC)digital signatures
Question #1113Security Assessment and Testing
Which security evaluation model assesses a product's Security Assurance Level (SAL) in comparison to similar solutions?
Common Criteriasecurity evaluationproduct certificationassurance levels
Question #1114Security and Risk Management
Which of the following is a risk matrix?
risk matrixrisk assessmentrisk visualization
Question #1115Security Operations
Which evidence collecting technique would be utilized when it is believed an attacker is employing a rootkit and a quick analysis is needed?
live responserootkit detectionforensic techniquesincident response
Question #1116Identity and Access Management
A user is allowed to access the file labeled "Financial Forecast," but only between 9:00 a.m. and 5:00 p.m., Monday through Friday. Which type of access mechanism should be used to...
rule-based access controlaccess control modelstime-based accessauthorization
Question #1117Communication and Network Security
An organization wants to share data securely with their partners via the Internet. Which standard port is typically used to meet this requirement?
SSHsecure file transfernetwork protocolsport numbers
Question #1118Security Architecture and Engineering
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
security kerneltrusted computing base (TCB)operating system securityreference monitor
Question #1119Communication and Network Security
Recently, an unknown event has disrupted a single Layer-2 network that spans between two geographically diverse data centers. The network engineers have asked for assistance in ide...
Layer 2 networkingbroadcast domainnetwork troubleshootingnetwork design
Question #1120Security Operations
What would be the BEST action to take in a situation where collected evidence was left unattended overnight in an unlocked vehicle?
evidence handlingchain of custodyincident responseforensics
Question #1121Security and Risk Management
Which of the following contributes MOST to the effectiveness of a security officer?
security strategybusiness alignmentrisk managementorganizational security
Question #1122Identity and Access Management
An organization wants a service provider to authenticate users via the users' organization domain credentials. Which markup language should the organization's security personnel us...
SAMLfederated identitysingle sign-onauthentication protocols
Question #1123Security Operations
A recent security audit is reporting several unsuccessful login attempts being repeated at specific times during the day on an Internet facing authentication server. No alerts have...
SIEMsecurity monitoringalertingthreat detection
Question #1124Security Architecture and Engineering
What is a security concern when considering implementing software-defined networking (SDN)?
SDN securityattack surfacenetwork architecturenetwork security
Question #1125Security Operations
Which of the following is the MOST important rule for digital investigations?
digital forensicsevidence integritychain of custodyincident response
Question #1126Security Architecture and Engineering
A cybersecurity engineer has been tasked to research and implement an ultra-secure communications channel to protect the organization's most valuable intellectual property (IP). Th...
quantum cryptographysecure communicationkey distributionunconditional security
Question #1127Communication and Network Security
An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?
network securityfirewall bypassIM securityapplication control
Question #1128Asset Security
A company wants to store data related to users on an offsite server. What method can be deployed to protect the privacy of the user's information while maintaining the field-level...
data privacytokenizationdata protectiondatabase security
Question #1129Security Operations
What is the FIRST step in developing a patch management plan?
patch managementasset inventoryvulnerability managementsecurity operations
Question #1130Security and Risk Management
When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should these considerations be prioritized?
ethicsprofessional conductCISSP code of ethicsdecision making
Question #1131Software Development Security
An organization is implementing security review as part of system development. Which of the following is the BEST technique to follow?
SDLC securitysecurity assessmentsystem developmentcontinuous integration
Question #1132Asset Security
How does Radio-Frequency Identification (RFID) assist with asset management?
RFIDasset trackingasset managementphysical security
Question #1133Identity and Access Management
Which of the following services can be deployed via a cloud service or on-premises to integrate with Identity as a Service (IDaaS) as the authoritative source of user identities?
IDaaSidentity managementdirectory servicescloud identity
Question #1134Security Operations
Which of the following security tools monitors devices and records the information in a central database for further analysis?
EDRendpoint securitysecurity monitoringthreat detection
Question #1135Software Development Security
Secure coding can be developed by applying which one of the following?
secure codingsoftware development securitybest practicescode review
Question #1136Software Development Security
A company is moving from the V model to Agile development. How can the information security department BEST ensure that secure design principles are implemented in the new methodol...
Agile securitysecure SDLCuser storiesrequirements engineering
Question #1137Security Architecture and Engineering
An organization wants to define its physical perimeter. What primary device should be used to accomplish this objective if the organization's perimeter MUST cost-efficiently deter...
physical securityperimeter securityaccess controlsecurity controls
Question #1138Security and Risk Management
The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?
data privacyprivacy principlesdata collectionregulatory compliance
Question #1139Software Development Security
What is the BEST control to be implemented at a login page in a web application to mitigate the ability to enumerate users?
user enumerationweb application securitylogin securitygeneric error messages
Question #1140Communication and Network Security
If the wide area network (WAN) is supporting converged applications like Voice over Internet Protocol (VoIP), which of the following becomes even MORE essential to the assurance of...
WANVoIPdeterministic routingnetwork assurance
Question #1141Identity and Access Management (IAM)
A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to on and security However, an attacker was able to spoof a registered account on the networ...
SAMLauthentication spoofingidentity federationcloud security
Question #1142Identity and Access Management (IAM)
A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (ID...
IDaaScloud identityauthentication servicesresource constraints
Question #1143Software Development Security
In which of the following system life cycle processes should security requirements be developed?
SDLCsecurity requirementssystem analysissecurity by design
Question #1144Communication and Network Security
Which of the following virtual network configuration options is BEST to protect virtual machines (VM)?
virtual machine securitynetwork segmentationvirtual networkingcloud security
Question #1145Software Development Security
Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?
secure codingvulnerability testinginjection attacksoverflow attacks
Question #1146Security Operations
A Distributed Denial of Service (DDoS) attack was carried out using malware called Mirai to create a large-scale command and control system to launch a botnet. Which of the followi...
DDoSbotnetMiraiIoT security
Question #1147Security Assessment and Testing
An establish information technology (IT) consulting firm is considering acquiring a successful local startup. To gain a comprehensive understanding of the startup's security postur...
security assessmentpenetration testingdue diligenceM&A security
Question #1148Security and Risk Management
As a design principle, which one of the following actors is responsible for identifying and approving data security requirements in a cloud ecosystem?
cloud securityshared responsibility modeldata ownershipcloud consumer
Question #1149Asset Security
A company is enrolled in a hard drive reuse program where decommissioned equipment is sold back to the vendor when it is no longer needed. The vendor pays more money for functionin...
data sanitizationdata destructionsecure data disposalmulti-pass wipe
Question #1150Security Architecture and Engineering
In supervisory control and data acquisition (SCADA) systems, which of the following controls can be used to reduce device exposure to malware?
SCADA securityICS securitymalware preventioncode execution control

PreviousPage 23 of 31Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.