Browse Exams Pricing

ExamsCISSPQuestions

CISSP Exam Questions

1,535 real CISSP exam questions with expert-verified answers and explanations. Page 30 of 31.

Question #1451Security Architecture and Engineering
A security architect is developing an information system for a client. One of the requirements is to deliver a platform that mitigates against common vulnerabilities and attacks, W...
Buffer overflowMemory protectionASLRSecurity architecture
Question #1452Security Operations
A security engineer is assigned to work with the patch and vulnerability management group. The deployment of a new patch has been approved and needs to be applied. The research is...
Patch managementVulnerability managementChange managementTesting environment
Question #1453Communication and Network Security
When telephones in a city are connected by a single exchange, the caller can only connect with the switchboard operator. The operator then manually connects the call. This is an ex...
Network topologyStar topologyCommunication networks
Question #1454Identity and Access Management
Which of the following departments initiates the request, approval, and provisioning business process?
Identity lifecycle managementHR processesProvisioningUser onboarding
Question #1455Security Operations
Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?
Disaster recoveryIncident responseEvidence collectionForensics
Question #1456Security and Risk Management
Which organizational department is ultimately responsible for information governance related to e- mail and other e-records?
Information governanceLegal complianceData retentionE-records
Question #1457Security and Risk Management
What is the FIRST step in risk management?
Risk management frameworkRisk assessmentScope definitionSecurity program
Question #1458Software Development Security
Which element of software supply chain management has the GREATEST security risk to organizations?
Software supply chain securityThird-party librariesVulnerability managementLegacy code
Question #1459Security and Risk Management
A colleague who recently left the organization asked a security professional for a copy of the organization's confidential incident management policy. Which of the following is the...
Data classificationInformation sharingEmployee terminationSecurity policies
Question #1460Identity and Access Management
Within a large organization, what business unit is BEST positioned to initiate provisioning and deprovisioning of user accounts?
User provisioningDeprovisioningHR rolesIAM lifecycle
Question #1461Security and Risk Management
An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline...
Supplier risk managementThird-party securityCybersecurity standardsBusiness communication
Question #1462Communication and Network Security
Which of the following is the MOST effective strategy to prevent an attacker from disabling a network?
Network ResilienceHigh AvailabilityFault ToleranceSecure Network Design
Question #1463Asset Security
Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device which has been stolen?
Mobile device securityData loss preventionMDMRemote wipe
Question #1464Security Architecture and Engineering
An organization is implementing data encryption using symmetric ciphers and the Chief Information Officer (CIO) is concerned about the risk of using one key to protect all sensitiv...
Symmetric encryptionKey managementKey hierarchyCryptography
Question #1465Security and Risk Management
International bodies established a regulatory scheme that defines how weapons are exchanged between the signatories. It also addresses cyber weapons, including malicious software,...
Wassenaar ArrangementExport controlsCyber weaponsInternational regulations
Question #1466Software Development Security
In software development, developers should use which type of queries to prevent a Structured Query Language (SQL) injection?
SQL injectionSecure codingParameterized queriesWeb application security
Question #1467Identity and Access Management
Which of the following is a major component of the federated identity management (FIM) implementation model and used to establish a network between dozens of organizations?
Federated identityCross-certificationIdentity managementTrust relationships
Question #1468Security Assessment and Testing
A Chief Information Security Officer (CISO) is considering various proposals for evaluating security weaknesses and vulnerabilities at the source code level. Which of the following...
Source code analysisVulnerability managementRisk analysisCWRAF
Question #1469Security and Risk Management
If a medical analyst independently provides protected health information (PHI) to an external marketing organization, which ethical principal is this a violation of?
Data privacyPHIInformed consentEthics
Question #1470Security Assessment and Testing
Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnera...
SCAPCVSSVulnerability scoringVulnerability assessment
Question #1471Asset Security
Who in the organization is accountable for classification of data information assets?
Data classificationData ownershipRoles and responsibilitiesData governance
Question #1472Security Architecture and Engineering
The use of private and public encryption keys is fundamental in the implementation of which of the following?
Asymmetric encryptionPublic key infrastructureSSL/TLSCryptography
Question #1473Communication and Network Security
What is the purpose of an Internet Protocol (IP) spoofing attack?
IP spoofingNetwork attacksImpersonationNetwork security
Question #1474Asset Security
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
OSI modelData at restStorage Area NetworkPhysical layer
Question #1475Communication and Network Security
In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?
TCP/IP modelTransport layerConnection establishmentNetwork protocols
Question #1476Communication and Network Security
Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?
PPPLCPPacket formatsNetwork protocols
Question #1477Communication and Network Security
Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?
OSI modelNetwork layerPacket filteringFirewalls
Question #1478Security Architecture and Engineering
An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective laye...
Network segmentationIntrusion mitigationDefense in depthLateral movement
Question #1479Security Architecture and Engineering
An input validation and exception handling vulnerability has been discovered on a critical web- based system. Which of the following is MOST suited to quickly implement a control?
Input validationWeb application securityWAFVulnerability mitigation
Question #1480Communication and Network Security
Which of the following is the BEST network defense against unknown types of attacks or stealth attacks in progress?
Network securityThreat detectionBehavioral analysisUnknown attacks
Question #1481Communication and Network Security
Which of the following factors contributes to the weakness of Wired Equivalent Privacy (WEP) protocol?
WEPWireless securityInitialization Vector (IV)Cryptographic weaknesses
Question #1482Identity and Access Management
A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution f...
Federated Identity ManagementSAMLSingle Sign-On (SSO)Identity federation
Question #1483Identity and Access Management
Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?
Derived credentialSmart cardMobile securityAuthentication
Question #1484Asset Security
Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary?
Data privacyAccess controlDatabase securityStatistical inference
Question #1485Identity and Access Management
What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?
Least privilegeAccess controlData classificationSensitive information
Question #1486Security Assessment and Testing
Which of the following is of GREATEST assistance to auditors when reviewing system configurations?
System hardeningSecurity baselinesConfiguration managementAuditing
Question #1487Security Operations
In which of the following programs is it MOST important to include the collection of security process data?
Continuous monitoringSecurity operationsSecurity metricsProcess data
Question #1488Security Operations
A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user's access to data files?
Virtualization securityAudit logsGuest OSAccess control
Question #1489Security Assessment and Testing
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?
Security testingReportingCommunicationStakeholder management
Question #1490Security Architecture and Engineering
Which of the following could cause a Denial of Service (DoS) against an authentication system?
Denial of Service (DoS)Authentication systemAudit logsSystem availability
Question #1491Security and Risk Management
An organization is found lacking the ability to properly establish performance indicators for its Web hosting solution during an audit. What would be the MOST probable cause?
Service Level Agreement (SLA)Performance indicatorsAudit findingsRisk management
Question #1492Security Operations
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?
Business continuity testingDisaster recoverySimulation testingResilience
Question #1493Security and Risk Management
What is the PRIMARY reason for implementing change management?
Change managementAccountabilityIT governanceRisk control
Question #1494Identity and Access Management
Which of the following is a PRIMARY advantage of using a third-party identity service?
Third-party identity serviceIDaaSAutomated account managementCloud identity
Question #1495Security Operations
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?
Continuous monitoringSecurity controlsVolatilityMonitoring frequency
Question #1496Security Operations
What should be the FIRST action to protect the chain of evidence when a desktop computer is involved?
Digital forensicsChain of custodyEvidence preservationDisk imaging
Question #1497Security Operations
What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?
Digital forensicsIncident responseContainmentMalware analysis
Question #1498Identity and Access Management
Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud based application?
Access control list (ACL)Cloud securityData authorizationApplication security
Question #1499Communication and Network Security
Before implementing an internet-facing router, a network administrator ensures that the equipment is baselined/hardened according to approved configurations and settings. This acti...
Network hardeningBaseline securityBlind spoofingRouter security
Question #1500Security Operations
A cloud service provider requires its customer organizations to enable maximum audit logging for its data storage service and to retain the logs for the period of three months. The...
log retentionaudit loggingstorage tierscloud security

PreviousPage 30 of 31Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.