Browse Exams Pricing

ExamsCISSPQuestions

CISSP Exam Questions

1,535 real CISSP exam questions with expert-verified answers and explanations. Page 9 of 31.

Question #401Security Architecture and Engineering
In fault-tolerant systems, what do rollback capabilities permit?
fault tolerancesystem recoveryrollback
Question #402Identity and Access Management
How does identity as a service (IDaaS) provide an easy mechanism for integrating identity service into individual applications with minimal development effort?
IDaaSidentity integrationcloud identity
Question #403Asset Security
A security practitioner has been tasked with establishing organizational asset handling procedures. What should be considered that would have the GRFATEST impact to the development...
asset handlinginformation classificationdata governance
Question #404Asset Security
From an asset security perspective, what is the BEST countermeasure to prevent data theft due to data remanence when a sensitive data storage media is no longer needed?
data remanencemedia sanitizationphysical destruction
Question #405Identity and Access Management
A project requires the use of en authentication mechanism where playback must be protected and plaintext secret must be used. Which of the following should be used?
authentication protocolsCHAPplayback attack
Question #406Security Architecture and Engineering
Which of the following threats exists with an implementation of digital signatures?
digital signaturescryptography threatsintegrity
Question #407Security Operations
What should be used immediately after a Business Continuity Plan (BCP) has been invoked?
BCPemergency proceduresincident response
Question #408Communication and Network Security
When deploying en Intrusion Detection System (IDS) on a high-volume network, the need to distribute the load across multiple sensors would create which technical problem?
IDS deploymentnetwork monitoringsession continuity
Question #409Communication and Network Security
How can a security engineer maintain network separation from a secure environment while allowing remote users to work in the secure environment?
network segregationbastion hostremote access
Question #410Security Operations
Which of the following is the MOST important consideration that must be taken into account when deploying an enterprise patching solution that includes mobile devices?
patch managementmobile device securitybandwidth constraints
Question #411Security Architecture and Engineering
Which of the following is the weakest form of protection for an application that handles Personally Identifiable Information (PII)?
cryptographic weaknessRC4PII protection
Question #412Security Architecture and Engineering
Which is the MOST effective countermeasure to prevent electromagnetic emanations on unshielded data cable?
TEMPESTelectromagnetic emanationsphysical security
Question #413Identity and Access Management
Which of the following is the MOST significant benefit to implementing a third-party federated identity architecture?
federated identitythird-party integrationbusiness enablement
Question #414Communication and Network Security
A criminal organization is planning an attack on a government network. Which of the following is the MOST severe attack to the network availability?
network attacksDDoSavailability threat
Question #415Software Development Security
Limiting the processor, memory, and Input/output (I/O) capabilities of mobile code is known as
sandboxingmobile code securityresource control
Question #416Security Assessment and Testing
Which of the following security testing strategies is BEST suited for companies with low to moderate security maturity?
security testingblack-box testingorganizational maturity
Question #417Security Architecture and Engineering
Which of the following are core categories of malicious attack against Internet of Things (IOT) devices?
IoT securitynode capturefalse data injection
Question #418Security and Risk Management
Which of the following entails identification of data end links to business processes, applications, and data stores as well as assignment of ownership responsibilities?
data governanceasset ownershipsecurity portfolio management
Question #419Security and Risk Management
Which of the following is critical if an employee is dismissed due to violation of an organization's Acceptable Use Policy (ALP)?
personnel securityAUP violationdocumentation
Question #420Asset Security
Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?
asset handlingdata classificationsecurity controls
Question #421Security and Risk Management
In a dispersed network that lacks central control, which of the following is die PRIMARY course of action to mitigate exposure?
security policiesaccess controlsrisk mitigationdecentralized security
Question #422Software Development Security
What are the roles within a scrum methodology?
Scrum rolesAgile methodologyProduct ownerScrum master
Question #423Security Operations
When conducting a forensic criminal investigation on a computer had drive, what should be dene PRIOR to analysis?
digital forensicsforensic imagingevidence collectionincident response
Question #424Security Operations
Which of the following initiates the systems recovery phase of a disaster recovery plan?
disaster recovery plansystem recoveryhot sitebusiness continuity
Question #425Asset Security
Which type of fire alarm system sensor is intended to detect fire at its earliest stage?
fire detectionphysical securityionization sensorearly warning systems
Question #426Communication and Network Security
An organization implements a Remote Access Server (RAS). Once users correct to the server, digital certificates are used to authenticate their identity. What type of Extensible Aut...
EAPTLSremote access authenticationdigital certificates
Question #427Security and Risk Management
Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?
security program managementsecurity metricsvalue quantificationreporting
Question #428Security Assessment and Testing
A client has reviewed a vulnerability assessment report and has stated it is Inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operatin...
vulnerability assessmentOS detectionscanning errorssecurity testing process
Question #429Software Development Security
Which of the following objects should be removed FIRST prior to uploading code to public code repositories?
secure codingcode repositoriescredential managementinformation leakage
Question #430Communication and Network Security
Which of the following is a common measure within a Local Area Network (LAN) to provide en additional level of security through segmentation?
network segmentationVLANLAN securitynetwork architecture
Question #431Security Operations
What Is the FIRST step for a digital investigator to perform when using best practices to collect digital evidence from a potential crime scene?
digital forensicslegal complianceevidence collectionwarrants
Question #432Software Development Security
How can an attacker exploit overflow to execute arbitrary code?
buffer overflowexploit developmentarbitrary code executionmemory management
Question #433Software Development Security
Which of the following is TRUE regarding equivalence class testing?
equivalence class testingsoftware testingtest methodologyquality assurance
Question #434Software Development Security
Which of the following is the BEST way to protect against structured Query language (SQL) injection?
SQL injectionsecure codingstored proceduresinput validation
Question #435Security and Risk Management
Which of the following BEST describes the responsibilities of data owner?
data ownerdata governanceroles and responsibilitiesinformation classification
Question #436Security Architecture and Engineering
Which area of embedded devices are most commonly attacked?
embedded systems securityfirmware attacksIoT securityvulnerability assessment
Question #437Security Operations
If virus infection is suspected, which of the following is the FIRST step for the user to take?
incident responsemalware infectionfirst respondersecurity operations
Question #438Communication and Network Security
Which of the following MOST applies to session initiation protocal (SIP) security?
SIP securityVOIP securityprotocol securityexisting security mechanisms
Question #439Communication and Network Security
Which layer of the Open systems Interconnection (OSI) model is being targeted in the event of a Synchronization (SYN) flood attack?
SYN floodOSI modelTransport layerDoS attack
Question #440Security Assessment and Testing
What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?
POA&Msecurity documentationrisk mitigation plansecurity assessment follow-up
Question #441Identity and Access Management (IAM)
When dealing with shared, privilaged accounts, especially those for emergencies, what is the BEST way to assure non-repudiation of logs?
privileged access managementnon-repudiationpassword vaultingemergency accounts
Question #442Communication and Network Security
Which of the following actions MUST be performed when using secure multipurpose internet mail Extension (S/MIME) before sending an encrypted message to a recipient?
S/MIMEemail encryptiondigital certificatespublic key infrastructure
Question #443Software Development Security
Which type of test suite should be run for fast feedback during application develoment?
software testingsmoke testingSDLC
Question #444Software Development Security
What are the roles within a scrum methodoligy?
agile methodologyscrum rolesproduct ownerscrum master
Question #445Security and Risk Management
What is the FIRST step required in establishing a records retention program?
records retentiondata governancedata lifecyclepolicy development
Question #446Communication and Network Security
Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?
PPPnetwork protocolsauthentication protocols
Question #447Security Architecture and Engineering
In organization discovers that its secure file transfer protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit f...
attack vectorsbuffer overflowpatch managementvulnerability exploitation
Question #448Software Development Security
If a content management system (CMC) is implemented, which one of the following would occur?
content management systemSDLCenvironmentsconfiguration management
Question #449Identity and Access Management (IAM)
Which of the following is the BEST identity-as-a-service (IDaaS) solution for validating users?
IDaaSSAMLauthentication protocolsfederated identity
Question #450Communication and Network Security
Which layer handle packet fragmentation and reassembly in the Open system interconnection (OSI) Reference model?
OSI modelnetwork layerpacket fragmentation

PreviousPage 9 of 31Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.