Browse Exams Pricing

ExamsCISSPQuestions

CISSP Exam Questions

1,535 real CISSP exam questions with expert-verified answers and explanations. Page 7 of 31.

Question #301Asset Security
A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bri...
asset managementasset ownershipcomplianceasset inventory
Question #302Security Operations
In the Software Development Life Cycle (SDLC), maintaining accurate hardware and software inventories is a critical part of
SDLCasset inventorychange managementconfiguration management
Question #303Security Assessment and Testing
As a best practice, the Security Assessment Report (SAR) should include which of the following sections?
security assessment reportremediationvulnerability management
Question #304Security Architecture and Engineering
The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would
Common CriteriaEALcertificationsecurity assurance
Question #305Asset Security
Which of the following media sanitization techniques is MOST likely to be effective for an organization using public cloud services?
media sanitizationcryptographic erasurecloud securitydata disposal
Question #306Communication and Network Security
What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?
EMP attackwireless securitydenial of servicephysical layer attack
Question #307Identity and Access Management
Which of the following is a remote access protocol that uses a static authentication?
remote access protocolsstatic authenticationPAPauthentication
Question #308Security Operations
Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?
incident investigationforensic analysisloggingaudit trails
Question #309Security and Risk Management
Determining outage costs caused by a disaster can BEST be measured by the
outage costsbusiness impact analysisdisaster recoveryrisk assessment
Question #310Communication and Network Security
What protocol is often used between gateway hosts on the Internet?
routing protocolsBGPinternet routinggateway hosts
Question #311Communication and Network Security
"Stateful" differs from "Static" packet filtering firewalls by being aware of which of the following?
firewallsstateful packet inspectionstatic packet filteringnetwork security
Question #312Communication and Network Security
Which of the following provides the MOST comprehensive filtering of Peer-to-Peer (P2P) traffic?
P2P filteringapplication proxynetwork security controlsfirewall types
Question #313Security Operations
What can happen when an Intrusion Detection System (IDS) is installed inside a firewall- protected internal network?
IDSfirewallnetwork monitoringsecurity detection
Question #314Communication and Network Security
A security practitioner is tasked with securing the organization's Wireless Access Points (WAP). Which of these is the MOST effective way of restricting this environment to authori...
wireless securityWPA2authenticationaccess control
Question #315Software Development Security
Access to which of the following is required to validate web session management?
web session managementsession stateweb application securitysecurity testing
Question #316Security Operations
Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)?
RATmalwarepost-exploitationattacker capabilities
Question #317Communication and Network Security
Digital certificates used in Transport Layer Security (TLS) support which of the following?
digital certificatesTLSnon-repudiationdata confidentiality
Question #318Software Development Security
During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL): What type of attack does this indicate?
SQL injectionweb application attacksURL manipulationvulnerability identification
Question #319Identity and Access Management
The core component of Role Based Access Control (RBAC) must be constructed of defined data elements. Which elements are required?
RBACaccess control modelsauthorizationusers and roles
Question #320Identity and Access Management (IAM)
Which of the following is the BEST metric to obtain when gaining support for an Identify and Access Management (IAM) solution?
IAM solutionbusiness justificationmetricshelp desk costs
Question #321Communication and Network Security
In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on th...
Network Access Controlsecurity remediationnetwork connectivity
Question #322Identity and Access Management
What is the second step in the identity and access provisioning lifecycle?
identity provisioningaccess lifecycle
Question #323Security Architecture and Engineering
Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services?
enterprise security architecturethird-party integrationscalability
Question #324Identity and Access Management
Which of the following is a common feature of an Identity as a Service (IDaaS) solution?
IDaaSSingle Sign-On (SSO)
Question #325Identity and Access Management
An organization's security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization mechanism is b...
access control modelsDiscretionary Access Control (DAC)data owner
Question #326Communication and Network Security
Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following?
EAP-MD5user authentication
Question #327Security Assessment and Testing
Which type of test would an organization perform in order to locate and target exploitable defects?
penetration testingvulnerability exploitation
Question #328Security Operations
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Disaster Recovery Plan (DRP)DRP testingbusiness continuity
Question #329Security Operations
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
patch managementcompatibility testingstandardized configurations
Question #330Security and Risk Management
An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to...
data privacycross-border data transferanonymizationregulatory compliance
Question #331Security Assessment and Testing
As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?
application penetration testingsession hijackingcookie manipulation
Question #332Security and Risk Management
Assessing a third party's risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain. Which of the following is LEAST associated wit...
attack surfacethird-party risksupply chain security
Question #333Security and Risk Management
What are the steps of a risk assessment?
risk assessmentrisk management process
Question #334Security Operations
After following the processes defined within the change management plan, a super user has upgraded a device within an Information system. What step would be taken to ensure that th...
change managementsecurity impact analysisnetwork security posture
Question #335Asset Security
What MUST each information owner do when a system contains data from multiple information owners?
information ownerdata ownershipsecurity requirements
Question #336Security Assessment and Testing
A vulnerability assessment report has been submitted to a client. The client indicates that one third of the hosts that were in scope are missing from the report. In which phase of...
vulnerability assessmentdiscovery phaseassessment methodology
Question #337Asset Security
Which of the following is a responsibility of the information owner?
information ownerroles and responsibilitiesaccess rights
Question #338Asset Security
Who is accountable for the information within an Information System (IS)?
data owneraccountabilitysecurity roles
Question #339Security Operations
It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?
vulnerability scanningproduction environmentimpact minimizationoperational procedures
Question #340Security Operations
A Security Operations Center (SOC) receives an incident response notification on a server with an active intruder who has planted a backdoor. Initial notifications are sent and com...
incident responseactive intrudercontainment strategiesforensics considerations
Question #341Identity and Access Management
Due to system constraints, a group of system administrators must share a high-level access set of credentials. Which of the following would be MOST appropriate to implement?
Shared credentialsPrivileged access managementAccountabilityCredential management
Question #342Asset Security
Which of the following is the MOST efficient mechanism to account for all staff during a speedy nonemergency evacuation from a large security facility?
Physical securityEvacuation proceduresPersonnel accountabilityRFID
Question #343Asset Security
What does electronic vaulting accomplish?
Electronic vaultingData protectionBackup and recoveryOffsite storage
Question #344Security and Risk Management
Who would be the BEST person to approve an organizations information security policy?
Security policy approvalCISO rolesInformation governanceOrganizational roles
Question #345Security Operations
A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but...
Incident responseEthical conductPCI-DSS complianceData in transit encryption
Question #346Security and Risk Management
An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies. What code of ethics canon is being observed?
CISSP ethicsProfessional developmentContinuing educationCode of ethics
Question #347Security Assessment and Testing
An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?
Compliance auditingFirewall hardeningSecurity standardsConfiguration management
Question #348Security and Risk Management
What is the MAIN purpose of a change management policy?
Change managementIT governancePolicy enforcementConfiguration control
Question #349Asset Security
Who is responsible for the protection of information when it is shared with or provided to other organizations?
Information ownerData governanceData responsibilityThird-party data sharing
Question #350Security and Risk Management
Which of the following is the MOST challenging issue in apprehending cyber criminals?
Cybercrime investigationJurisdictional issuesDigital forensicsLegal challenges

PreviousPage 7 of 31Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.