CISSP Exam Questions
1,535 real CISSP exam questions with expert-verified answers and explanations. Page 27 of 31.
- Question #1301Security and Risk Management
Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk m...
ISCMcontinuous monitoringrisk management strategysecurity program - Question #1302Security and Risk Management
When designing a Cyber-Physical System (CPS), which of the following should be a security practitioner's first consideration?
Cyber-Physical System (CPS)risk assessmentsystem designsecurity architecture - Question #1303Communication and Network Security
Which of the following BEST describes the use of network architecture in reducing corporate risks associated with mobile devices?
network segmentationDMZmobile device securitynetwork architecture - Question #1304Asset Security
Which of the following is an important design feature for the outer door o f a mantrap?
mantrapphysical securityaccess controlphysical access control - Question #1305Security Assessment and Testing
In setting expectations when reviewing the results of a security test, which of the following statements is MOST important to convey to reviewers?
security testingpenetration testingvulnerability assessmentpoint-in-time assessment - Question #1306Software Development Security
What is the overall goal of software security testing?
software security testingvulnerability reductionSDLC security - Question #1307Asset Security
Which of the fallowing statements is MOST accurate regarding information assets?
information assetsasset classificationasset inventorydata valuation - Question #1308Identity and Access Management
An information security professional is reviewing user access controls on a customer-facing application. The application must have multi-factor authentication (MFA) in place. The a...
multi-factor authentication (MFA)authentication methodshardware token - Question #1309Identity and Access Management
Which of the following is an open standard for exchanging authentication and authorization data between parties?
SAMLauthentication standardsauthorization standardsfederated identity - Question #1310Security and Risk Management
What is the FIRST step prior to executing a test of an organisation's disaster recovery (DR) or business continuity plan (BCP)?
disaster recovery (DR)business continuity planning (BCP)DRP testingevaluation criteria - Question #1311Security and Risk Management
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Business Impact Analysis (BIA)risk assessmentbusiness interruptionimpact analysis - Question #1312Asset Security
Which of the following actions will reduce risk to a laptop before traveling to a high risk area?
data sanitizationtravel securitylaptop securitydata confidentiality - Question #1313Security and Risk Management
Which of the following represents the GREATEST risk to data confidentiality?
data confidentialitybackup securityencryptionrisk analysis - Question #1314Security Architecture and Engineering
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
facility relocation securitygap analysissecurity requirementsdata security - Question #1315Security and Risk Management
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the foll...
Business Continuity Planning (BCP)data center tiersapplication availabilityredundancy - Question #1316Security and Risk Management
When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management...
ISO 27001/27002security policymanagement responsibilitiesinformation security standards - Question #1317Asset Security
Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
physical security controlsreactive controlscost-effectivenessduress alarm - Question #1318Security Architecture and Engineering
An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?
defense in depthsecurity principlespeople, process, technologyinformation security strategy - Question #1319Security and Risk Management
Intellectual property rights are PRIMARY concerned with which of the following?
Intellectual propertyLegal complianceFinancial gain - Question #1320Asset Security
Which of the following is MOST important when assigning ownership of an asset to a department?
Asset ownershipAccountabilityResponsibility assignment - Question #1321Asset Security
Which one of the following affects the classification of data?
Data classificationData lifecycleRetention policies - Question #1322Asset Security
Which of the following BEST describes the responsibilities of a data owner?
Data owner responsibilitiesData governanceBusiness impact - Question #1323Identity and Access Management (IAM)
An organization has doubled in size due to a rapid market share increase. The size of the Information Technology (IT) staff has maintained pace with this growth. The organization h...
Cloud servicesIDaaSAccount managementOutsourcing - Question #1324Asset Security
When implementing a data classification program, why is it important to avoid too much granularity?
Data classificationProgram implementationResource management - Question #1325Asset Security
In a data classification scheme, the data is owned by the
Data ownershipBusiness managersData classification roles - Question #1326Security and Risk Management
Which of the following is an initial consideration when developing an information security management system?
ISMSAsset valuationRisk management - Question #1327Security Architecture and Engineering
Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?
RFID securityAccess controlAsymmetric cryptographyChallenge-response - Question #1328Security Architecture and Engineering
Which security service is served by the process of encryption plaintext with the sender's private key and decrypting cipher text with the sender's public key?
Asymmetric encryptionDigital signaturesAuthenticationNon-repudiation - Question #1329Software Development Security
Which of the following mobile code security models relies only on trust?
Mobile code securityCode signingTrust modelsSoftware security - Question #1330Security Architecture and Engineering
Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?
Known plaintext attackData compressionCryptographic countermeasures - Question #1331Security Architecture and Engineering
What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
PKIKey lifecycleCertificate management - Question #1332Security Architecture and Engineering
Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?
FIPS 140-2Cryptographic complianceDiffie-HellmanKey sizes - Question #1333Security and Risk Management
An international trading organization that holds an International Organization for Standardization (ISO) 27001 certification is seeking to outsource their security monitoring to a...
Outsourcing securityMSSPContractual requirementsRight to auditISO 27001 - Question #1334Security Operations
Which of the following is the MOST effective measure for dealing with rootkit attacks?
RootkitMalware remediationIncident responseSystem reinstallation - Question #1335Security and Risk Management
While classifying credit card data related to Payment Card Industry Data Security Standards (PCI-DSS), which of the following is a PRIMARY security requirement?
PCI-DSSCredit card dataData encryptionRegulatory compliance - Question #1336Asset Security
Write Once, Read Many (WORM) data storage devices are designed to BEST support which of the following core security concepts?
WORM storageData integrityStorage security - Question #1337Security and Risk Management
What is the MOST important factor in establishing an effective Information Security Awareness Program?
Security awareness programManagement buy-inProgram effectiveness - Question #1338Security Operations
Which of the following events prompts a review of the disaster recovery plan (DRP)?
Disaster recovery planDRP reviewOrganizational changeBusiness continuity - Question #1339Software Development Security
An organization plans to acquire @ commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the organization's security team FIRST get...
COTS acquisitionSDLCsecurity by designearly security involvement - Question #1340Identity and Access Management (IAM)
A developer begins employment with an information technology (IT) organization. On the first day, the developer works through the list of assigned projects and finds that some file...
Access controlrole-based access control (RBAC)user provisioningleast privilege - Question #1341Asset Security
Which of the following measures serves as the BEST means for protecting data on computers, smartphones, and external storage devices when traveling to high-risk countries?
Data protectiontravel securitydevice hardeningforensic cleaning - Question #1342Security Architecture and Engineering
Which of the following implementations will achieve high availability in a website?
High availabilityload balancingfailoverweb server architecture - Question #1343Software Development Security
Which of the following phases in the software acquisition process does developing evaluation criteria take place?
Software acquisitionSDLC phasesproject planningevaluation criteria - Question #1344Software Development Security
Security Software Development Life Cycle (SDLC) expects application code to be written In a consistent manner to allow ease of auditing and which of the following?
Secure SDLCcoding standardscode readabilitymaintainability - Question #1345Security Assessment and Testing
In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?
Common CriteriaProtection Profile (PP)security requirements - Question #1346Security Assessment and Testing
Which of the following is considered the FIRST step when designing an internal security control assessment?
Security assessmentcontrol assessmentsecurity frameworksaudit planning - Question #1347Security Assessment and Testing
The Chief Executive Officer (CEO) wants to implement an internal audit of the company's information security posture. The CEO wants to avoid any bias in the audit process; therefor...
Internal auditauditor independenceauditor competencesecurity assessment - Question #1348Communication and Network Security
A small office is running WiFi 4 APs, and neighboring offices do not want to increase the throughput to associated devices. Which of the following is the MOST cost-efficient way fo...
Wireless networkingWi-Fi standards802.11acnetwork performance - Question #1349Communication and Network Security
An engineer notices some late collisions on a half-duplex link. The engineer verifies that the devices on both ends of the connection are configured for half duplex. Which of the f...
Network troubleshootingEthernethalf-duplexcable length - Question #1350Communication and Network Security
Which of the following VPN configurations should be used to separate Internet and corporate traffic?
VPNsplit tunnelingnetwork segmentationsecure remote access