ISC CISSP Practice Exams
Last updated on Apr 09,2025- Exam Code: CISSP
- Exam Name: Certified Information Systems Security Professional
- Certification Provider: ISC
- Latest update: Apr 09,2025
Which of the following is of GREATEST assistance to auditors when reviewing system configurations?
- A . Change management processes
- B . User administration procedures
- C . Operating System (OS) baselines
- D . System backup documentation
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?
- A . Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken
- B . Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability
- C . Management teams will understand the testing objectives and reputational risk to the organization
- D . Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels
Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?
- A . Role Based Access Control (RBAC)
- B . Biometric access control
- C . Federated Identity Management (IdM)
- D . Application hardening
In a data classification scheme, the data is owned by the
- A . system security managers
- B . business managers
- C . Information Technology (IT) managers
- D . end users
Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?
- A . Hashing the data before encryption
- B . Hashing the data after encryption
- C . Compressing the data after encryption
- D . Compressing the data before encryption
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
- A . determine the risk of a business interruption occurring
- B . determine the technological dependence of the business processes
- C . Identify the operational impacts of a business interruption
- D . Identify the financial impacts of a business interruption
What is the purpose of an Internet Protocol (IP) spoofing attack?
- A . To send excessive amounts of data to a process, making it unpredictable
- B . To intercept network traffic without authorization
- C . To disguise the destination address from a target’s IP filtering devices
- D . To convince a system that it is communicating with a known entity
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?
- A . Walkthrough
- B . Simulation
- C . Parallel
- D . White box
A system has been scanned for vulnerabilities and has been found to contain a number of communication ports that have been opened without authority. To which of the following might this system have been subjected?
- A . Trojan horse
- B . Denial of Service (DoS)
- C . Spoofing
- D . Man-in-the-Middle (MITM)
An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted .
Which of the following is MOST likely occurring?
- A . A dictionary attack
- B . A Denial of Service (DoS) attack
- C . A spoofing attack
- D . A backdoor installation