Certified Information Systems Security Professional (CISSP)

Question 1

What is the MOST common security risk of a mobile device?

A. Data spoofing

B. Insecure communications link

C. Data leakage

D. Malware infection

Correct Answer: C

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 2

Drag and Drop Question
Place the following information classification steps in sequential order.

Correct Answer:

Question 3

Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?

A. Discretionary Access Control (DAC)

B. Attribute Based Access Control (ABAC)

C. Mandatory Access Control (MAC)

D. Role Based Access Control (RBAC)

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 4

Which combination of cryptographic algorithms are compliant with Federal Information Processing Standard (FIPS) Publication 140-2 for non-legacy systems?

A. Diffie-hellman (DH) key exchange: DH (>=2048 bits)
Symmetric Key: Advanced Encryption Standard (AES) > 128 bits
Digital Signature: Digital Signature Algorithm (DSA) (>=2048 bits)

B. Diffie-hellman (DH) key exchange: DH (>=2048 bits)
Symmetric Key: Advanced Encryption Standard (AES) < 128 bits
Digital Signature: Elliptic Curve Digital Signature Algorithm (ECDSA) (>=256 bits)

C. Diffie-hellman (DH) key exchange: DH (<= 1024 bits)
Symmetric Key: Blowfish
Digital Signature: Rivest-Shamir-Adleman (RSA) (>=2048 bits)

D. Diffie-hellman (DH) key exchange: DH (>=2048 bits)
Symmetric Key: Advanced Encryption Standard (AES) > 128 bits
Digital Signature: Rivest-Shamir-Adleman (RSA) (1024 bits)

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 5

Which of the following is the MOST common method of memory protection?

A. Virtual Local Area Network (VLAN) tagging

B. Segmentation

C. Compartmentalization

D. Error correction

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 6

In order for a security policy to be effective within an organization, it MUST include

A. a list of all standards that apply to the policy.

B. strong statements that clearly define the problem.

C. owner information and date of last revision.

D. disciplinary measures for non compliance.

Correct Answer: D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 7

A software development company found odd behavior in some recently developed software, creating a need for a more thorough code review. What is the MOST effective argument for a more thorough code review?

A. It will increase accountability with the customers.

B. lt will reduce the potential for vulnerabilities.

C. It will increase flexibility of the applications developed.

D. It will impede the development process.

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 8

In order for application developers to detect potential vulnerabilities earlier during the Software Development Life Cycle (SDLC), which of the following safeguards should be implemented FIRST as part of a comprehensive testing framework?

A. Source code review

B. Threat modeling

C. Automated testing

D. Acceptance testing

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 9

Which of the following are mandatory canons for the (ISC)* Code of Ethics?

A. Create secure data protection policies to principals.

B. Provide diligent and competent service to principals.

C. Develop comprehensive security strategies for the organization.

D. Perform is, honestly, fairly, responsibly, and lawfully for the organization.

Correct Answer: D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 10

Which of the following PRIMARILY contributes to security incidents in web-based applications?

A. Third-party applications and change controls

B. Systems administration and operating systems

C. System incompatibility and patch management

D. Improper stress testing and application interfaces

Correct Answer: D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 11

Why MUST a Kerberos server be well protected from unauthorized access?

A. It always operates at root privilege.

B. It contains all the tickets for services.

C. It contains the keys of all clients.

D. It contains the Internet Protocol (IP) address of all network entities.

Correct Answer: C

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 12

Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
The effectiveness of the security program can PRIMARILY be measured through

A. audit findings.

B. customer satisfaction.

C. risk elimination.

D. audit requirements.

Correct Answer: A

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 13

Which of the following is the GREATEST risk of relying only on Capability Maturity Models (CMM) for software to guide process improvement and assess capabilities of acquired software?

A. CMMs can only be used for software developed in-house

B. CMMs do not explicitly address safety and security

C. Organizations can only reach a maturity level 3 when using CMMs

D. CMMs are vendor specific and may be biased

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 14

Why is authentication by ownership stronger than authentication by knowledge?

A. It can be kept on the user's person.

B. It is simpler to control.

C. It is easier to change.

D. It is more difficult to duplicate.

Correct Answer: D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

ISC Certified Information Systems Security Professional (CISSP) - CISSP Exam Practice Test

Latest Update

Useful Links

Contact Us