Browse Exams Pricing

ExamsCISSPQuestions

CISSP Exam Questions

1,535 real CISSP exam questions with expert-verified answers and explanations. Page 5 of 31.

Question #201Security Architecture and Engineering
A security professional has been asked to evaluate the options for the location of a new data center within a multifloor building. Concerns for the data center include emanations a...
physical securitydata center locationTEMPESTaccess control
Question #202Communication and Network Security
Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?
cloud securitybrowser securityprotocol vulnerabilitiesconfidentiality
Question #203Identity and Access Management
After a thorough analysis, it was discovered that a perpetrator compromised a network by gaining access to the network through a Secure Socket Layer (SSL) Virtual Private Network (...
VPN securityauthenticationbrute-force mitigationtwo-factor authentication
Question #204Identity and Access Management
For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?
multi-factor authenticationauthentication factorssmart cardsbiometrics
Question #205Identity and Access Management
If an identification process using a biometric system detects a 100% match between a presented template and a stored template, what is the interpretation of this result?
biometricsidentificationtampering detection
Question #206Asset Security
Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on?
asset securitysecurity controlsaccess controlssecurity awareness training
Question #207Identity and Access Management
Discretionary Access Control (DAC) is based on which of the following?
Discretionary Access Control (DAC)access control modelssubjectsobjects
Question #208Security Architecture and Engineering
By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?
physical securitylock pickingmechanical locks
Question #209Identity and Access Management
An organization has decided to contract with a cloud-based service provider to leverage their identity as a service offering. They will use Open Authentication (OAuth) 2.0 to authe...
OAuth 2.0identity as a service (IDaaS)access tokenauthentication protocols
Question #210Security Operations
How does an organization verify that an information system's current hardware and software match the standard system configuration?
configuration managementsecurity baselinesystem hardeningcompliance
Question #211Security Operations
The goal of a Business Continuity Plan (BCP) training and awareness program is to
Business Continuity Planning (BCP)disaster recoverytraining and awareness
Question #212Security Operations
Which of the following disaster recovery test plans will be MOST effective while providing minimal risk?
disaster recovery testingbusiness continuityparallel testingrisk assessment
Question #213Security and Risk Management
An organization has developed a major application that has undergone accreditation testing. After receiving the results of the evaluation, what is the final step before the applica...
accreditationrisk acceptanceauthorizing officialrisk management framework
Question #214Software Development Security
What is one way to mitigate the risk of security flaws in custom software?
software securitysupply chain securityService Level Agreement (SLA)risk mitigation
Question #215Security and Risk Management
Which of the following is the BEST example of weak management commitment to the protection of security assets and resources?
security governancemanagement commitmentsecurity posturerisk management
Question #216Security and Risk Management
What does an organization FIRST review to assure compliance with privacy requirements?
privacy complianceregulatory requirementslegal mandatesdata protection
Question #217Asset Security
Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?
PII protectiondata minimizationdata breach preventionprivacy by design
Question #218Security and Risk Management
An organization lacks a data retention policy. Of the following, who is the BEST person to consult for such requirement?
data retention policyprivacy officerdata governancecompliance
Question #219Security and Risk Management
Which of the following analyses is performed to protect information assets?
cost-benefit analysisinformation asset protectionsecurity investmentrisk management
Question #220Communication and Network Security
The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it
DDoS attackdenial of servicenetwork attackstraffic anomaly
Question #221Identity and Access Management
Which of the following is generally indicative of a replay attack when dealing with biometric authentication?
biometric authenticationreplay attackauthentication vulnerabilities
Question #222Identity and Access Management
During a fingerprint verification process, which of the following is used to verify identity and authentication?
fingerprint authenticationbiometricsminutiae
Question #223Identity and Access Management
The BEST example of the concept of "something that a user has" when providing an authorized user access to a computing system is
authentication factorssomething you haveauthentication tokens
Question #224Identity and Access Management
A security professional is asked to provide a solution that restricts a bank teller to only perform a savings deposit transaction but allows a supervisor to perform corrections aft...
Role-Based Access Control (RBAC)access control modelsauthorization
Question #225Security Architecture and Engineering
Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?
data privacydata encryptiondata in transit
Question #226Security Assessment and Testing
Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a sec...
security testinginternal testingrisk assessment
Question #227Software Development Security
What is the MOST effective method of testing custom application code?
application security testingwhite box testingcode review
Question #228Security Operations
Which one of the following is a common risk with network configuration management?
configuration managementnetwork documentationrisk management
Question #229Security Operations
What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations?
disaster recovery planningDR plan testingsimulation exercise
Question #230Security Operations
How can lessons learned from business continuity training and actual recovery incidents BEST be used?
business continuitylessons learnedcontinuous improvement
Question #231Communication and Network Security
Which of the following problem is the most difficult to defend against?
Denial of Service (DoS)attack mitigationnetwork attackssecurity challenges
Question #232Security Operations
In configuration management, what baseline configuration information MUST be maintained for each computer system?
configuration managementbaseline configurationsystem hardening
Question #233Communication and Network Security
Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?
crosstalkRFIinformation leakagephysical layer security
Question #234Security and Risk Management
An organization's information security strategic plan MUST be reviewed
information security strategystrategic planninggovernancesecurity program management
Question #235Asset Security
When building a data classification scheme, which of the following is the PRIMARY concern?
data classificationdata governancedata sensitivity
Question #236Identity and Access Management
Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?
federated identitydirectory synchronizationcloud identityIAM architecture
Question #237Security Architecture and Engineering
What is an advantage of Elliptic Curve Cryptography (ECC)?
Elliptic Curve Cryptography (ECC)cryptographykey lengthpublic-key encryption
Question #238Security Operations
Backup information that is critical to the organization is identified through a
Business Impact Analysis (BIA)critical databackup strategydisaster recovery
Question #239Communication and Network Security
When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted?
GRE tunnelingIPv4network protocolsencapsulation
Question #240Software Development Security
An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requiremen...
application securitysession managementsecurity policyorganizational standards
Question #241Security Architecture and Engineering
Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a
cryptanalysisfrequency analysisclassical cryptography
Question #242Security Assessment and Testing
During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?
security assessmentsystem boundariesasset inventory
Question #243Security and Risk Management
When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?
third-party riskrisk quantificationvendor management
Question #244Identity and Access Management
An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning te...
access provisioninguser lifecycle managementleave of absence
Question #245Security Operations
The goal of a Business Impact Analysis (BIA) is to determine which of the following?
Business Impact Analysis (BIA)Maximum Tolerable Downtime (MTD)disaster recovery planning
Question #246Security Operations
What does the Maximum Tolerable Downtime (MTD) determine?
Maximum Tolerable Downtime (MTD)business continuitydisaster recovery
Question #247Communication and Network Security
What is a characteristic of Secure Socket Layer (SSL) and Transport Layer Security (TLS)?
SSLTLStransport layer securitynetwork protocols
Question #248Security Operations
How does a Host Based Intrusion Detection System (HIDS) identify a potential attack?
HIDSintrusion detectionlog analysissecurity monitoring
Question #249Security Architecture and Engineering
From a cryptographic perspective, the service of non-repudiation includes which of the following features?
cryptographynon-repudiationmessage integritydigital signatures
Question #250Identity and Access Management
Which of the following BEST represents the concept of least privilege?
least privilegeaccess controlsecurity principles

PreviousPage 5 of 31Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.