CISSP Exam Questions
1,535 real CISSP exam questions with expert-verified answers and explanations. Page 4 of 31.
- Question #151Identity and Access Management
Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is ba...
re-authenticationsession managementaccess controlsecurity best practices - Question #152Security and Risk Management
Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is ba...
security standardsaccess control documentationsecurity policiesinformation security governance - Question #153Security Operations
Refer to the information below to answer the question. A large organization uses unique identifiers and requires them at the start of every system session. Application access is ba...
access control loggingaudit trailssecurity logsincident detection - Question #154Security and Risk Management
Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people...
security strategysecurity governancerisk managementinformation security officer - Question #155Security Assessment and Testing
Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people...
security program effectivenesssecurity metricsaudit findingssecurity assessment - Question #156Security and Risk Management
Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people...
risk prioritizationsecurity initiativesrisk managementsecurity strategy - Question #157Security and Risk Management
Refer to the information below to answer the question. An organization has hired an information security officer to lead their security department. The officer has adequate people...
security program effectivenessrisk appetiteacceptable risksecurity objectives - Question #158Security Operations
Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hos...
data integrityunauthorized accessincident responseCIA triad - Question #159Asset Security
Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hos...
CIA triaddata confidentialitysecurity principles - Question #160Asset Security
Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hos...
CIA triadsystem availabilitydenial of service - Question #161Security and Risk Management
Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology...
separation of dutiesstaffing changesinsider threatsecurity governance - Question #162Security and Risk Management
Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology...
separation of dutiesrisk mitigationsecurity rolesorganizational security - Question #163Security and Risk Management
Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology...
security metricsbudget allocationsecurity governancerisk management - Question #164Security and Risk Management
Refer to the information below to answer the question. An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology...
security metricsrisk indicatorsincident ratessecurity monitoring - Question #165Security Architecture and Engineering
Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restric...
Bell-LaPadula modelstar propertyaccess control modelsconfidentiality model - Question #166Security Architecture and Engineering
Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restric...
Bell-LaPadula modelstar propertyaccess control modelsconfidentiality model - Question #167Security Architecture and Engineering
Refer to the information below to answer the question. In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restric...
Bell-LaPadula modelstar propertyaccess control modelssecurity model analysis - Question #168Asset Security
Refer to the information below to answer the question. Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed...
data sanitizationdegaussingmedia disposalasset lifecycle security - Question #169Asset Security
Refer to the information below to answer the question. Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed...
data destructionmedia disposalphysical destructionasset sanitization - Question #170Security and Risk Management
Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a...
third-party risk managementvendor managementoutsourcing securitycontractual agreements - Question #171Asset Security
Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a...
physical securitythird-party securityaccess controldata protection - Question #172Security and Risk Management
Refer to the information below to answer the question. A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a...
transborder data flowdata privacy lawsregulatory compliancethird-party risk management - Question #173Security and Risk Management
What is the MOST critical factor to achieve the goals of a security program?
security governanceexecutive supportsecurity program managementorganizational alignment - Question #174Communication and Network Security
A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. Th...
PCI-DSSnetwork segmentationcompliance scopingwireless security - Question #175Security and Risk Management
During an audit, the auditor finds evidence of potentially illegal activity. Which of the following is the MOST appropriate action to take?
auditor ethicslegal complianceincident reportingforensics - Question #176Security Architecture and Engineering
Which of the following secure startup mechanisms are PRIMARILY designed to thwart attacks?
side channel attackssecure boottrusted computingsystem hardening - Question #177Security and Risk Management
What is the BEST first step for determining if the appropriate security controls are in place for protecting data at rest?
risk assessmentdata at rest protectionsecurity control implementationsecurity program management - Question #178Asset Security
Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?
full disk encryptiondata at rest encryptionlaptop securitydata theft prevention - Question #179Security Architecture and Engineering
Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage?
Systems Engineering Life CycleRequirements Analysis - Question #180Software Development Security
What component of a web application that stores the session state in a cookie an attacker can bypass?
Web application securitySession managementAuthorization bypass - Question #181Communication and Network Security
Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?
VoIP securityNetwork Access Control (NAC)Network segmentation - Question #182Security Operations
Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode...
HIPSIntrusion Prevention SystemsSecurity monitoringBaseline - Question #183Identity and Access Management
Which of the following describes the concept of a Single Sign -On (SSO) system?
Single Sign-On (SSO)Authentication - Question #184Identity and Access Management
What physical characteristic does a retinal scan biometric device measure?
BiometricsRetinal scan - Question #185Security Operations
What does secure authentication with logging provide?
AuthenticationLoggingAccountability - Question #186Identity and Access Management
Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?
Role-Based Access Control (RBAC)Least privilegeAccess control - Question #187Identity and Access Management
Discretionary Access Control (DAC) restricts access according to
Discretionary Access Control (DAC)Access control models - Question #188Security Operations
Retaining system logs for six months or longer can be valuable for what activities?
Log managementIncident responseDigital forensics - Question #189Software Development Security
Which of the following statements is TRUE regarding value boundary analysis as a functional software testing technique?
Software testingBoundary value analysisFunctional testing - Question #190Communication and Network Security
Data leakage of sensitive information is MOST often concealed by which of the following?
Data exfiltrationSSL/TLSNetwork securityTraffic analysis bypass - Question #191Security Operations
Which of the following is a reason to use manual patch installation instead of automated patch management?
Patch ManagementVulnerability ManagementOperational SecuritySystem Compatibility - Question #192Security and Risk Management
Which of the following is the MOST important element of change management documentation?
Change ManagementBusiness CaseSecurity GovernanceRisk Management - Question #193Security Assessment and Testing
The PRIMARY outcome of a certification process is that it provides documented
Certification and accreditationRisk managementSecurity assessment - Question #194Security and Risk Management
Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined?
ISMSISO 27001Security standards - Question #195Software Development Security
Which of the following PRIMARILY contributes to security incidents in web-based applications?
Web application securitySoftware vulnerabilitiesApplication interfacesSecurity testing - Question #196Security and Risk Management
What is the process called when impact values are assigned to the security objectives for information types?
Security categorizationImpact assessmentRisk management - Question #197Asset Security
Data remanence refers to which of the following?
Data remanenceData sanitizationMedia sanitization - Question #198Security Operations
Which of the following describes the BEST configuration management practice?
Configuration managementSecurity baselineSystem hardening - Question #199Communication and Network Security
How does Encapsulating Security Payload (ESP) in transport mode affect the Internet Protocol (IP)?
IPsecESPTransport modeNetwork encryption - Question #200Asset Security
Which of the following is the MOST likely cause of a non-malicious data breach when the source of the data breach was an un-marked file cabinet containing sensitive documents?
Data classificationData handlingInformation protectionPhysical security