CISSP by ISC Actual Free Exam Questions And Answers

Question 1

Which of the following BEST represents the principle of open design?

A. The security of a mechanism should not depend on the secrecy of its design or implementation.

B. Algorithms must be protected to ensure the security and interoperability of the designed system.

C. A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities.

D. Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 2

How does Radio-Frequency Identification (RFID) assist with asset management?

A. It uses two-factor authentication (2FA) for system identification.

B. It transmits unique serial numbers wirelessly.

C. It transmits unique Media Access Control (MAC) addresses wirelessly.

D. It uses biometric information for system identification.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 3

A Business Continuity Plan (BCP) is based on

A. an existing BCP from a similar organization.

B. a standard checklist of required items and objectives.

C. a review of the business processes and procedures.

D. the policy and procedures manual.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

Who should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC)?

A. The business owner

B. security subject matter expert (SME)

C. The application owner

D. A developer subject matter expert (SME)

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated?

A. Change management

B. Program management

C. Mobile code controls

D. Separation of environments

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

A security operations center (SOC) discovers a recently deployed router beaconing to a malicious website. Replacing the router fixes the issue. What is the MOST likely cause of the router's behavior?

A. The router was counterfeit and acquired through unauthorized channels.

B. The network administrator failed to update the router's firmware.

C. The router was damaged during shipping or installed incorrectly.

D. The network administrator failed to reconfigure the router's access control list (ACL).

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

A. static analysis.

B. log auditing.

C. impact assessments.

D. code reviews.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 8

Which of the following BEST describes the purpose of the reference monitor when defining access control to enforce the security model?

A. Quality design principles to ensure quality by design

B. Cyber hygiene to ensure organizations can keep systems healthy

C. Strong operational security to keep unit members safe

D. Policies to validate organization rules

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 9

Drag and Drop Question
Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength. Drag the authentication type on the correct positions on the right according to strength from weakest to strongest.

Discussion 0

Correct Answer:

Question 10

A security engineer is required to integrate security into a software project that is implemented by small groups test quickly, continuously, and independently develop, test, and deploy code to the cloud. The engineer will MOST likely integrate with which software development process?

A. Structured Waterfall Programming Development

B. Devops Integrated Product Team (IPT)

C. Service-oriented architecture (SOA)

D. Spiral Methodology

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 11

What is the foundation of cryptographic functions?

A. Entropy

B. Cipher

C. Encryption

D. Hash

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 12

Additional padding may be added to toe Encapsulating Security Protocol (ESP) b trailer to provide which of the following?

A. Data origin authentication

B. Partial traffic flow confidentiality

C. Protection against replay attack

D. Access control

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

ISC Certified Information Systems Security Professional (CISSP) - CISSP Exam Practice Test

Contact Us

Useful Links

Latest Updated