Access to Free 2022 CISSP Certification Training Questions

test2022-02-17T09:23:36+00:00

Interested in CISSP certification? CISSP (Certified Information Systems Security Professional) is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)². If you are preparing for CISSP exam, you should get our CISSP Certification training questions to pass in the first try. Practice exams are particularly important since they allow you to examine the exact quality of the CISSP practice material.

Try CISSP Practice exam questions and check you result with verified answers to see if you are ready for the real exam questions.

Page 1 of 25

1. Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?

Having emergency contacts established for the general employee population to get information

Conducting business continuity and disaster recovery training for those who have a direct role in the recovery

Designing business continuity and disaster recovery training programs for different audiences

Publishing a corporate business continuity and disaster recovery plan on the corporate website

2. Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device?

Transport and Session

Data-Link and Transport

Network and Session

Physical and Data-Link

3. Which one of the following affects the classification of data?

Assigned security label

Multilevel Security (MLS) architecture

Minimum query size

Passage of time

4. What security risk does the role-based access approach mitigate MOST effectively?

Excessive access rights to systems and data

Segregation of duties conflicts within business applications

Lack of system administrator activity monitoring

Inappropriate access requests

5. An organization publishes and periodically updates its employee policies in a file on their intranet.

Which of the following is a PRIMARY security concern?

Availability

Confidentiality

Integrity

Ownership

6. Which of the following questions can be answered using user and group entitlement reporting?

When a particular file was last accessed by a user

Change control activities for a particular group of users

The number of failed login attempts for a particular user

Where does a particular user have access within the network

7. DRAG DROP

Rank the Hypertext Transfer protocol (HTTP) authentication types shows below in order of relative strength.

Drag the authentication type on the correct positions on the right according to strength from weakest to strongest.

8. Refer to the information below to answer the question.

Desktop computers in an organization were sanitized for re-use in an equivalent security environment. The data was destroyed in accordance with organizational policy and all marking and other external indications of the sensitivity of the data that was formerly stored on the magnetic drives were removed.

Organizational policy requires the deletion of user data from Personal Digital Assistant (PDA) devices before disposal. It may not be possible to delete the user data if the device is malfunctioning.

Which destruction method below provides the BEST assurance that the data has been removed?

Knurling

Grinding

Shredding

Degaussing

9. Why MUST a Kerberos server be well protected from unauthorized access?

It contains the keys of all clients.

It always operates at root privilege.

It contains all the tickets for services.

It contains the Internet Protocol (IP) address of all network entities.

10. DRAG DROP

Place in order, from BEST (1) to WORST (4), the following methods to reduce the risk of data remanence on magnetic media.

Page 2 of 25

11. Which of the following is the BEST way to determine if a particular system is able to identify malicious software without executing it?

Testing with a Botnet

Testing with an EICAR file

Executing a binary shellcode

Run multiple antivirus programs

12. A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used?

Triple Data Encryption Standard (3DES)

Advanced Encryption Standard (AES)

Digital Signature Algorithm (DSA)

Rivest-Shamir-Adieman (RSA)

13. In the common criteria (CC) for information technology (IT) security evaluation, increasing Evaluation Assurance Levels (EAL) results in which of the following?

Increased functionality

Increased interoperability

Increase in resource requirement

Increase in evaluated systems

14. Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network?

Provide vulnerability reports to management.

Validate vulnerability remediation activities.

Prevent attackers from discovering vulnerabilities.

Remediate known vulnerabilities.

15. What is the PRIMARY reason for implementing change management?

Certify and approve releases to the environment

Provide version rollbacks for system changes

Ensure that all applications are approved

Ensure accountability for changes to the environment

16. Which of the following BEST represents the concept of least privilege?

Access to an object is denied unless access is specifically allowed.

Access to an object is only available to the owner.

Access to an object is allowed unless it is protected by the information security policy.

Access to an object is only allowed to authenticated users via an Access Control List (ACL).

17. Which one of the following operates at the session, transport, or network layer of the Open System Interconnection (OSI) model?

Data at rest encryption

Configuration Management

Integrity checking software

Cyclic redundancy check (CRC)

18. An employee receives a promotion that entities them to access higher-level functions on the company’s accounting system, as well as keeping their access to the previous system that is no longer needed or applicable.

What is the name of the process that tries to remove this excess privilege?

Access provisioning

Segregation of Duties (SoD)

Access certification

Access aggregation

19. A. Obtain information security management approval.

B. Maintain the integrity of the application.

C. Obtain feedback before implementation.

D. Identify vulnerabilities.

20. Which of the following is a responsibility of a data steward?

Ensure alignment of the data governance effort to the organization.

Conduct data governance interviews with the organization.

Document data governance requirements.

Ensure that data decisions and impacts are communicated to the organization.

Page 3 of 25

21. A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding.

Which of the following BEST supports this recommendation?

The inherent risk is greater than the residual risk.

The Annualized Loss Expectancy (ALE) approaches zero.

The expected loss from the risk exceeds mitigation costs.

The infrastructure budget can easily cover the upgrade costs.

22. Which of the following is an advantage of on-premise Credential Management Systems?

Improved credential interoperability

Control over system configuration

Lower infrastructure capital costs

Reduced administrative overhead

23. What is the PRIMARY difference between security policies and security procedures?

Policies are used to enforce violations, and procedures create penalties

Policies point to guidelines, and procedures are more contractual in nature

Policies are included in awareness training, and procedures give guidance

Policies are generic in nature, and procedures contain operational details

24. An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS).

If there was a data breach who is responsible for monetary losses?

The Data Protection Authority (DPA)

The Cloud Service Provider (CSP)

The application developers

The data owner

25. Assume that a computer was powered off when an information security professional

arrived at a crime scene.

Which of the following actions should be performed after the crime scene is isolated?

Turn the computer on and collect volatile data.

Turn the computer on and collect network information.

Leave the computer off and prepare the computer for transportation to the laboratory

Remove the hard drive, prepare it for transportation, and leave the hardware ta the scene.

26. Which one of the following data integrity models assumes a lattice of integrity levels?

Take-Grant

Biba

Harrison-Ruzzo

Bell-LaPadula

27. Which of the following is the MOST common method of memory protection?

Compartmentalization

Segmentation

Error correction

Virtual Local Area Network (VLAN) tagging

28. What is the MAIN goal of information security awareness and training?

To inform users of the latest malware threats

To inform users of information assurance responsibilities

To comply with the organization information security policy

To prepare students for certification

29. Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?

A strong breach notification process

Limited collection of individuals' confidential data

End-to-end data encryption for data in transit

Continuous monitoring of potential vulnerabilities

30. Which of the following is used to support the of defense in depth during development phase of a software product?

Security auditing

Polyinstantiation

Maintenance

Known vulnerability list

Page 4 of 25

31. What is the BEST approach for maintaining ethics when a security professional is unfamiliar with the culture of a country and is asked to perform a questionable task?

Exercise due diligence when deciding to circumvent host government requests.

Become familiar with the means in which the code of ethics is applied and considered.

Complete the assignment based on the customer's wishes.

Execute according to the professional's comfort level with the code of ethics.

32. Refer to the information below to answer the question.

An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.

When determining appropriate resource allocation, which of the following is MOST important to monitor?

Number of system compromises

Number of audit findings

Number of staff reductions

Number of additional assets

33. Which of the following is the key requirement for test results when implementing forensic procedures?

The test results must be cost-effective.

The test result must be authorized.

The test results must be quantifiable.

The test results must be reproducible.

34. Assessing a third party’s risk by counting bugs in the code may not be the best measure of an attack surface within the supply chain.

Which of the following is LEAST associated with the attack surface?

Input protocols

Target processes

Error messages

Access rights

35. A Business Continuity Plan (BCP) is based on

the policy and procedures manual.

an existing BCP from a similar organization.

a review of the business processes and procedures.

a standard checklist of required items and objectives.

36. Topic 8, . Software Development Security

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected.

What is the MOST probable security feature of Java preventing the program from operating as intended?

Least privilege

Privilege escalation

Defense in depth

Privilege bracketing

37. Refer to the information below to answer the question.

During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information.

If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?

Availability

Integrity

Accountability

Confidentiality

38. Which of the following is the BEST method to reduce the effectiveness of phishing attacks?

User awareness

Two-factor authentication

Anti-phishing software

Periodic vulnerability scan

39. A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation.

What MUST an administrator review to audit a user’s access to data files?

Host VM monitor audit logs

Guest OS access controls

Host VM access controls

Guest OS audit logs

40. Which of the following BEST describes the standard used to exchange authorization information between different identity management systems?

Security Assertion Markup Language (SAML)

Service Oriented Architecture (SOA)

Extensible Markup Language (XML)

Wireless Authentication Protocol (WAP)

Page 5 of 25

41. In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?

Transport layer

Application layer

Network layer

Session layer

42. Which of the following is a critical factor for implementing a successful data classification program?

Executive sponsorship

Information security sponsorship

End-user acceptance

Internal audit acceptance

43. How can a security engineer maintain network separation from a secure environment while allowing remote users to work in the secure environment?

Use a Virtual Local Area Network (VLAN) to segment the network

Implement a bastion host

Install anti-virus on all enceinte

Enforce port security on access switches

44. Which of the following is considered the PRIMARY security issue associated with encrypted e-mail messages?

Key distribution

Storing attachments in centralized repositories

Scanning for viruses and other malware

Greater costs associated for backups and restores

45. Which of the following MUST system and database administrators be aware of and apply when configuring systems used for storing personal employee data?

Secondary use of the data by business users

The organization's security policies and standards

The business purpose for which the data is to be used

The overall protection of corporate resources and data

46. Which of the following is the MOST important security goal when performing application interface testing?

Confirm that all platforms are supported and function properly

Evaluate whether systems or components pass data and control correctly to one another

Verify compatibility of software, hardware, and network connections

Examine error conditions related to external interfaces to prevent application details leakage

47. Which of the following access management procedures would minimize the possibility of an organization's employees retaining access to secure werk areas after they change roles?

User access modification

user access recertification

User access termination

User access provisioning

48. Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following solutions would have MOST likely detected the use of peer-to-peer programs when the computer was connected to the office network?

Anti-virus software

Intrusion Prevention System (IPS)

Anti-spyware software

Integrity checking software

49. Which of the following is the MOST secure protocol for zremote command access to the firewall?

Secure Shell (SSH)

Trivial File Transfer Protocol (TFTP)

Hypertext Transfer Protocol Secure (HTTPS)

Simple Network Management Protocol (SNMP) v1

50. How can an attacker exploit overflow to execute arbitrary code?

Modify a function's return address.

Alter the address of the stack.

Substitute elements in the stack.

Move the stack pointer.

Page 6 of 25

51. The adoption of an enterprise-wide Business Continuity (BC) program requires which of the following?

Good communication throughout the organization

A completed Business Impact Analysis (BIA)

Formation of Disaster Recovery (DR) project team

Well-documented information asset classification

52. DRAG DROP

Match the name of access control model with its associated restriction.

Drag each access control model to its appropriate restriction access on the right.

53. What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?

Experience in the industry

Definition of security profiles

Human resource planning efforts

Procedures in systems development

54. What security management control is MOST often broken by collusion?

Job rotation

Separation of duties

Least privilege model

Increased monitoring

55. Which of the following encryption types is used in Hash Message Authentication Code (HMAC) for key distribution?

Symmetric

Asymmetric

Ephemeral

Permanent

56. Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?

Privacy Act of 1974

Clinger-Cohan Act of 1996

Sarbanes-Oxley (SOX) Act of 2002

International Organization for Standardization (ISO) 27001

57. An organization has hired a security services firm to conduct a penetration test.

Which of the following will the organization provide to the tester?

Limits and scope of the testing.

Physical location of server room and wiring closet.

Logical location of filters and concentrators.

Employee directory and organizational chart.

58. In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?

The second of two routers can periodically check in to make sure that the first router is operational.

The second of two routers can better absorb a Denial of Service (DoS) attack knowing the first router is present.

The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly.

The first of two routers can better handle specific traffic, while the second handles the rest of the traffic seamlessly.

59. When implementing controls in a heterogeneous end-point network for an organization, it is critical that

hosts are able to establish network communications.

users can make modifications to their security software configurations.

common software security components be implemented across all hosts.

firewalls running on each host are fully customizable by the user.

60. Which of the following is a network intrusion detection technique?

Statistical anomaly

Perimeter intrusion

Port scanning

Network spoofing

Page 7 of 25

61. Functional security testing is MOST critical during which phase of the system development life cycle (SDLC)?

Operations / Maintenance

Implementation

Acquisition / Development

Initiation

62. Which of the following is included in the Global System for Mobile Communications (GSM) security framework?

Public-Key Infrastructure (PKI)

Symmetric key cryptography

Digital signatures

Biometric authentication

63. Which of the following is used to support the concept of defense in depth during the development phase of a software product?

Maintenance hooks

Polyinstiation

Known vulnerability list

Security auditing

64. An organization has discovered that users are visiting unauthorized websites using anonymous proxies.

Which of the following is the BEST way to prevent future occurrences?

Remove the anonymity from the proxy

Analyze Internet Protocol (IP) traffic for proxy requests

Disable the proxy server on the firewall

Block the Internet Protocol (IP) address of known anonymous proxies

65. The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?

Two-factor authentication

Single Sign-On (SSO)

User self-service

A metadirectory

66. Which of the following provides the GREATEST level of data security for a Virtual Private Network (VPN) connection?

Internet Protocol Payload Compression (IPComp)

Internet Protocol Security (IPSec)

Extensible Authentication Protocol (EAP)

Remote Authentication Dial-In User Service (RADIUS)

67. A security consultant has been hired by a company to establish its vulnerability management program. The consultant is now in the deployment phase.

Which of the following tasks is part of this process?

Select and procure supporting technologies.

Determine a budget and cost analysis for the program.

Measure effectiveness of the program’s stated goals.

Educate and train key stakeholders.

68. Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP).

Which of the following represents a valid measure to help protect the network against unauthorized access?

Implement path management

Implement port based security through 802.1x

Implement DHCP to assign IP address to server systems

Implement change management

69. As a security manger which of the following is the MOST effective practice for providing value to an organization?

Assess business risk and apply security resources accordingly

Coordinate security implementations with internal audit

Achieve compliance regardless of related technical issues

Identify confidential information and protect it

70. Which of the following findings would MOST likely indicate a high risk in a vulnerability assessment report?

Transmission control protocol (TCP) port 443 open

Non-standard system naming convention used

Unlicensed software installed

End of life system detected

Page 8 of 25

71. A global organization wants to implement hardware tokens as part of a multifactor authentication solution for remote access. The PRIMARY advantage of this implementation is

the scalability of token enrollment.

increased accountability of end users.

it protects against unauthorized access.

it simplifies user access administration.

72. Which of the following System and Organization Controls (SOC) report types should an organization request if they require a period of time report covering security and availability for a particular system?

SOC 1 Type1

SOC 1Type2

SOC 2 Type 1

SOC 2 Type 2

73. An organization is outsourcing its payroll system and is requesting to conduct a full audit on the third-party information technology (IT) systems. During the due diligence process, the third party provides previous audit report on its IT system.

Which of the following MUST be considered by the organization in order for the audit reports to be acceptable?

The audit assessment has been conducted by an independent assessor.

The audit reports have been signed by the third-party senior management.

The audit reports have been issued in the last six months.

The audit assessment has been conducted by an international audit firm.

74. If virus infection is suspected, which of the following is the FIRST step for the user to take?

Unplug the computer from the network.

Save the opened files and shutdown the computer.

Report the incident to service desk.

Update the antivirus to the latest version.

75. What determines the level of security of a combination lock?

Complexity of combination required to open the lock

Amount of time it takes to brute force the combination

The number of barrels associated with the internal mechanism

The hardness score of the metal lock material

76. DRAG DROP

Given the various means to protect physical and logical assets, match the access management area to the technology.

77. Copyright provides protection for which of the following?

Ideas expressed in literary works

A particular expression of an idea

New and non-obvious inventions

Discoveries of natural phenomena

78. Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?

Make changes following principle and design guidelines.

Stop the application until the vulnerability is fixed.

Report the vulnerability to product owner.

Monitor the application and review code.

79. An input validation and exception handling vulnerability has been discovered on a critical web-based system.

Which of the following is MOST suited to quickly implement a control?

Add a new rule to the application layer firewall

Block access to the service

Install an Intrusion Detection System (IDS)

Patch the application source code

80. From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?

Configure secondary servers to use the primary server as a zone forwarder.

Block all Transmission Control Protocol (TCP) connections.

Disable all recursive queries on the name servers.

Limit zone transfers to authorized devices.

Page 9 of 25

81. Attack trees are MOST useful for which of the following?

Determining system security scopes

Generating attack libraries

Enumerating threats

Evaluating Denial of Service (DoS) attacks

82. Which of the following media sanitization techniques is MOST likely to be effective for an organization using public cloud services?

Low-level formatting

Secure-grade overwrite erasure

Cryptographic erasure

Drive degaussing

83. What is the process called when impact values are assigned to the security objectives for information types?

Qualitative analysis

Quantitative analysis

Remediation

System security categorization

84. Which one of the following transmission media is MOST effective in preventing data interception?

Microwave

Twisted-pair

Fiber optic

Coaxial cable

85. If an attacker in a SYN flood attack uses someone else's valid host address as the source address, the system under attack will send a large number of Synchronize/Acknowledge (SYN/ACK) packets to the

default gateway.

attacker's address.

local interface being attacked.

specified source address.

86. What is the MOST effective way to determine a mission critical asset in an organization?

Vulnerability analysis

business process analysis

Threat analysis

Business risk analysis

87. Which of the following is the PRIMARY risk associated with Extensible Markup Language (XML) applications?

Users can manipulate the code.

The stack data structure cannot be replicated.

The stack data structure is repetitive.

Potential sensitive data leakage.

88. Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?

Challenge Handshake Authentication Protocol (CHAP)

Point-to-Point Protocol (PPP)

Password Authentication Protocol (PAP)

Post Office Protocol (POP)

89. The Rivest-Shamir-Adleman (RSA) algorithm is BEST suited for which of the following operations?

Bulk data encryption and decryption

One-way secure hashing for user and message authentication

Secure key exchange for symmetric cryptography

Creating digital checksums for message integrity

90. In the area of disaster planning and recovery, what strategy entails the presentation of information about the plan?

Communication

Planning

Recovery

Escalation

Page 10 of 25

91. Topic 9, Exam Set A

Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?

Anti-tampering

Secure card reader

Radio Frequency (RF) scanner

Intrusion Prevention System (IPS)

92. Which is the MOST critical aspect of computer-generated evidence?

Objectivity

Integrity

Timeliness

Relevancy

93. Which of the following is a common characteristic of privacy?

Provision for maintaining an audit trail of access to the private data

Notice to the subject of the existence of a database containing relevant credit card data

Process for the subject to inspect and correct personal data on-site

Database requirements for integration of privacy data

94. A vulnerability in which of the following components would be MOST difficult to detect?

Kernel

Shared libraries

Hardware

System application

95. The MAIN reason an organization conducts a security authorization process is to

force the organization to make conscious risk decisions.

assure the effectiveness of security controls.

assure the correct security organization exists.

force the organization to enlist management support.

96. Which of the following is a function of Security Assertion Markup Language (SAML)?

File allocation

Redundancy check

Extended validation

Policy enforcement

97. What is the MAIN reason to ensure the appropriate retention periods are enforced for data stored on electronic media?

To reduce the carbon footprint by eliminating paper

To create an inventory of data assets stored on disk for backup and recovery

To declassify information that has been improperly classified

To reduce the risk of loss, unauthorized access, use, modification, and disclosure

98. What is the MAIN feature that onion routing networks offer?

Non-repudiation

Traceability

Anonymity

Resilience

99. For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?

Challenge response and private key

Digital certificates and Single Sign-On (SSO)

Tokens and passphrase

Smart card and biometrics

100. Which of the following is generally indicative of a replay attack when dealing with biometric authentication?

False Acceptance Rate (FAR) is greater than 1 in 100,000

False Rejection Rate (FRR) is greater than 5 in 100

Inadequately specified templates

Exact match

Page 11 of 25

101. What is the MOST effective countermeasure to a malicious code attack against a mobile system?

Sandbox

Change control

Memory management

Public-Key Infrastructure (PKI)

102. Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?

Policy documentation review

Authentication validation

Periodic log reviews

Interface testing

103. What is the second step in the identity and access provisioning lifecycle?

Provisioning

Review

Approval

Revocation

104. Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?

Delayed revocation or destruction of credentials

Modification of Certificate Revocation List

Unauthorized renewal or re-issuance

Token use after decommissioning

105. What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?

Integrity

Confidentiality

Accountability

Availability

106. DRAG DROP

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BCDR phases to the appropriate corresponding location.

107. Which of the following is the MOST important reason for using a chain of custody from?

To document those who were In possession of the evidence at every point In time

To collect records of all digital forensic professionals working on a case

To document collected digital evidence

To ensure that digital evidence is not overlooked during the analysis

108. Retaining system logs for six months or longer can be valuable for what activities?

Disaster recovery and business continuity

Forensics and incident response

Identity and authorization management

Physical and logical access control

109. Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?

Maintaining an inventory of authorized Access Points (AP) and connecting devices

Setting the radio frequency to the minimum range required

Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator

Verifying that all default passwords have been changed

110. Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?

Transparent Database Encryption (TDE)

Column level database encryption

Volume encryption

Data tokenization

Page 12 of 25

111. The configuration management and control task of the certification and accreditation process is incorporated in which phase of the System Development Life Cycle (SDLC)?

System acquisition and development

System operations and maintenance

System initiation

System implementation

112. Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?

Simplicity of network configuration and network monitoring

Removes the need for decentralized management solutions

Removes the need for dedicated virtual security controls

Simplicity of network configuration and network redundancy

113. Backup information that is critical to the organization is identified through a

Vulnerability Assessment (VA).

Business Continuity Plan (BCP).

Business Impact Analysis (BIA).

data recovery analysis.

114. Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?

Use a thumb drive to transfer information from a foreign computer.

Do not take unnecessary information, including sensitive information.

Connect the laptop only to well-known networks like the hotel or public Internet cafes.

Request international points of contact help scan the laptop on arrival to ensure it is protected.

115. Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?

Data Custodian

Data Owner

Data Creator

Data User

116. Which of the following techniques is effective to detect taps in fiber optic cables?

Taking baseline signal level of the cable

Measuring signal through external oscillator solution devices

Outlining electromagnetic field strength

Performing network vulnerability scanning

117. In order for a security policy to be effective within an organization, it MUST include

strong statements that clearly define the problem.

a list of all standards that apply to the policy.

owner information and date of last revision.

disciplinary measures for non compliance.

118. How does identity as a service (IDaaS) provide an easy mechanism for integrating identity service into individual applications with minimal development effort?

By allowing the identification logic and storage of an identity's attributes to be maintained externally

By integrating internal provisioning procedures with external authentication processes

By allowing for internal provisioning of user accounts

By keeping all user information in easily accessible cloud repositories

119. What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization’s systems cannot be unavailable for more than 24 hours?

Warm site

Hot site

Mirror site

Cold site

120. When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?

Topology diagrams

Mapping tools

Asset register

Ping testing

Page 13 of 25

121. Which of the following countermeasures is the MOST effective in defending against a social engineering attack?

Mandating security policy acceptance

Changing individual behavior

Evaluating security awareness training

Filtering malicious e-mail content

122. As a best practice, the Security Assessment Report (SAR) should include which of the following sections?

Data classification policy

Software and hardware inventory

Remediation recommendations

Names of participants

123. Which of the following actions should be taken by a security professional when a mission critical computer network attack is suspected?

Isolate the network, log an independent report, fix the problem, and redeploy the computer.

Isolate the network, install patches, and report the occurrence.

Prioritize, report, and investigate the occurrence.

Turn the rooter off, perform forensic analysis, apply the appropriate fin, and log incidents.

124. Which of the following controls is the most for a system identified as critical in terms of data and function to the organization?

Preventive controls

Monitoring control

Cost controls

Compensating controls

125. Mandatory Access Controls (MAC) are based on:

security classification and security clearance

data segmentation and data classification

data labels and user access permissions

user roles and data encryption

126. Which of the following is the MOST beneficial to review when performing an IT audit?

Audit policy

Security log

Security policies

Configuration settings

127. Due to system constraints, a group of system administrators must share a high-level access set of credentials.

Which of the following would be MOST appropriate to implement?

Increased console lockout times for failed logon attempts

Reduce the group in size

A credential check-out process for a per-use basis

Full logging on affected systems

128. When should an application invoke re-authentication in addition to initial user authentication?

At the application sign-off

Periodically during a session

After a period of inactivity

For each business process

129. Which of the following is the BEST way to protect against structured Query language (SQL) injection?

Enforce boundary checking.

Restrict use of SELECT command.

Restrict Hyper Text Markup Language (HTNL) source code access.

Use stored procedures.

130. What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?

Man-in-the-Middle (MITM) attack

Smurfing

Session redirect

Spoofing

Page 14 of 25

131. Which of the following protocols will allow the encrypted transfer of content on the Internet?

Server Message Block (SMB)

Secure copy

Hypertext Transfer Protocol (HTTP)

Remote copy

132. Which of the following controls is the FIRST step in protecting privacy in an information system?

Data Redaction

Data Minimization

Data Encryption

Data Storage

133. Which of the following is considered best practice for preventing e-mail spoofing?

Spam filtering

Cryptographic signature

Uniform Resource Locator (URL) filtering

Reverse Domain Name Service (DNS) lookup

134. Which of the following is the PRIMARY benefit of a formalized information classification program?

It drives audit processes.

It supports risk assessment.

It reduces asset vulnerabilities.

It minimizes system logging requirements.

135. Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?

Hot site

Cold site

Warm site

Mobile site

136. Which of the following practices provides the development team with a definition of security and identification of threats in designing software?

Penetration testing

Stakeholder review

Threat modeling

Requirements review

137. Which of the following BEST describes botnets?

Computer systems on the Internet that are set up to trap people who attempt to penetrate other computer system

Set of related programs that protects the resources of a private network from other networks

Small network inserted in a neutral zone between an organization's private network and the outside public network

Groups of computers that are used to launch destructive attacks

138. Secure Sockets Layer (SSL) encryption protects

data at rest.

the source IP address.

data transmitted.

data availability.

139. When defining a set of security controls to mitigate a risk, which of the following actions MUST occur?

Each control's effectiveness must be evaluated individually.

Each control must completely mitigate the risk.

The control set must adequately mitigate the risk.

The control set must evenly divided the risk.

140. Which programming methodology allows a programmer to use pre-determined blocks of code end consequently reducing development time and programming costs?

Application security

Object oriented

Blocked algorithm

Assembly language

Page 15 of 25

141. According to best practice, which of the following is required when implementing third party software in a production environment?

Scan the application for vulnerabilities

Contract the vendor for patching

Negotiate end user application training

Escrow a copy of the software

142. Which one of the following is the MOST important in designing a biometric access system if it is essential that no one other than authorized individuals are admitted?

False Acceptance Rate (FAR)

False Rejection Rate (FRR)

Crossover Error Rate (CER)

Rejection Error Rate

143. Which layer of the Open system Interconnect (OSI) model is responsible for secure data transfer between applications, flow control, and error detection and correction?

Layer 2

Layer 4

Layer 5

Layer 6

144. Which of the following is the PRIMARY reason a sniffer operating on a network is collecting packets only from its own host?

An Intrusion Detection System (IDS) has dropped the packets.

The network is connected using switches.

The network is connected using hubs.

The network’s firewall does not allow sniffing.

145. Which of the following is a peor entity authentication method for Point-to-Point Protocol (PPP)?

Challenge Handshake Authentication Protocol (CHAP)

Message Authentication Code (MAC)

Transport Layer Security (TLS) handshake protocol

Challenge-response authentication mechanism

146. Which of the following management process allows ONLY those services required for users to accomplish their tasks, change default user passwords, and set servers to retrieve antivirus updates?

Configuration

Identity

Compliance

Patch

147. What protocol is often used between gateway hosts on the Internet?

Exterior Gateway Protocol (EGP)

Border Gateway Protocol (BGP)

Open Shortest Path First (OSPF)

Internet Control Message Protocol (ICMP)

148. In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?

Application Layer

Physical Layer

Data-Link Layer

Network Layer

149. Which type of control recognizes that a transaction amount is excessive in accordance with corporate policy?

Detection

Prevention

Investigation

Correction

150. Which of the following is the PRIMARY security consideration for how an organization should handle Information Technology (IT) assets?

The monetary value of the asset

The controls implemented on the asset

The physical form factor of the asset

The classification of the data on the asset

Page 16 of 25

151. A disadvantage of an application filtering firewall is that it can lead to

a crash of the network as a result of user activities.

performance degradation due to the rules applied.

loss of packets on the network due to insufficient bandwidth.

Internet Protocol (IP) spoofing by hackers.

152. Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?

Concept, Development, Production, Utilization, Support, Retirement

Stakeholder Requirements Definition, Architectural Design, Implementation, Verification, Operation

Acquisition, Measurement, Configuration Management, Production, Operation, Support

Concept, Requirements, Design, Implementation, Production, Maintenance, Support, Disposal

153. Which of the following MUST an organization do to effectively communicate is security strategy to all affected parties?

Involve representatives from each key organizational area.

Provide regular updates to the board of directors.

Notify staff of changes to the strategy.

Remove potential communication barriers.

154. Topic 3, . Security Architecture and Engineering

Who in the organization is accountable for classification of data information assets?

Data owner

Data architect

Chief Information Security Officer (CISO)

Chief Information Officer (CIO)

155. Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?

Determining the probability that the system functions safely during any time period

Quantifying the system's available services

Identifying the number of security flaws within the system

Measuring the system's integrity in the presence of failure

156. Which of the following BEST provides for non-repudiation od user account actions?

Centralized authentication system

File auditing system

Managed Intrusion Detection System (IDS)

Centralized logging system

157. The use of private and public encryption keys is fundamental in the implementation of which of the following?

Diffie-Hellman algorithm

Secure Sockets Layer (SSL)

Advanced Encryption Standard (AES)

Message Digest 5 (MD5)

158. An organization regularly conducts its own penetration tests.

Which of the following scenarios MUST be covered for the test to be effective?

Third-party vendor with access to the system

System administrator access compromised

Internal attacker with access to the system

Internal user accidentally accessing data

159. Which of the following is MOST critical in a contract in a contract for data disposal on a hard drive with a third party?

Authorized destruction times

Allowed unallocated disk space

Amount of overwrites required

Frequency of recovered media

160. Which of the following practices provides the development of security and identification of threats in designing software?

Stakeholder review

Requirements review

Penetration testing

Threat modeling

Page 17 of 25

161. While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices.

Which of the following is the correct procedure for handling such equipment?

They should be recycled to save energy.

They should be recycled according to NIST SP 800-88.

They should be inspected and sanitized following the organizational policy.

They should be inspected and categorized properly to sell them for reuse.

162. Which of the following is the BEST approach for a forensic examiner to obtain the greatest amount of relevant information form malicious software?

Analyze the behavior of the program.

Examine the file properties and permissions.

Review the code to identify its origin.

Analyze the logs generated by the software.

163. Which of the following entities is ultimately accountable for data remanence vulnerabilities with data replicated by a cloud service provider?

Data owner

Data steward

Data custodian

Data processor

164. What is an advantage of Elliptic Curve Cryptography (ECC)?

Cryptographic approach that does not require a fixed-length key

Military-strength security that does not depend upon secrecy of the algorithm

Opportunity to use shorter keys for the same level of security

Ability to use much longer keys for greater security

165. Which of the following is the MOST important reason for timely installation of software patches?

Attackers may be conducting network analysis.

Patches ere only available for a specific time.

Attackers reverse engineer the exploit from the patch.

Patches may not be compatible with proprietary software

166. A security professional is asked to provide a solution that restricts a bank teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction.

Which of the following is the MOST effective solution?

Access is based on rules.

Access is determined by the system.

Access is based on user's role.

Access is based on data sensitivity.

167. Refer to the information below to answer the question.

A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization’s Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.

Which of the following methods is the MOST effective way of removing the Peer-to-Peer (P2P) program from the computer?

Run software uninstall

Re-image the computer

Find and remove all installation files

Delete all cookies stored in the web browser cache

168. The security team has been tasked with performing an interface test against a frontend external facing application and needs to verify that all input fields protect against invalid input.

Which of the following BEST assists this process?

Application fuzzing

Instruction set simulation

Regression testing

Sanity testing

169. Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

Application monitoring procedures

Configuration control procedures

Security audit procedures

Software patching procedures

170. Which of the following presents the PRIMARY concern to an organization when setting up a federated single sign-on (SSO) solution with another

Sending assertions to an identity provider

Requesting Identity assertions from the partners domain

defining the identity mapping scheme

Having the resource provider query the Identity provider

Page 18 of 25

171. Refer to the information below to answer the question.

A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns.

In addition to web browsers, what PRIMARY areas need to be addressed concerning mobile code used for malicious purposes?

Text editors, database, and Internet phone applications

Email, presentation, and database applications

Image libraries, presentation and spreadsheet applications

Email, media players, and instant messaging applications

172. An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to

encrypt the contents of the repository and document any exceptions to that requirement.

utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.

keep individuals with access to high security areas from saving those documents into lower security areas.

require individuals with access to the system to sign Non-Disclosure Agreements (NDA).

173. A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket.

Which of the following is the BEST course of action?

Ignore the request and do not perform the change.

Perform the change as requested, and rely on the next audit to detect and report the situation.

Perform the change, but create a change ticket regardless to ensure there is complete traceability.

Inform the audit committee or internal audit directly using the corporate whistleblower process.

174. The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

require an update of the Protection Profile (PP).

require recertification.

retain its current EAL rating.

reduce the product to EAL 3.

175. Which of the following activities is MOST likely to be performed during a vulnerability assessment?

Establish caller authentication procedures to verify the identities of users.

Analyze the environment by conducting interview sessions with relevant parties.

Document policy exceptions required to access systems in non-compliant areas.

Review professorial credentials of the vulnerability assessment team or vendor.

176. Disaster Recovery Plan (DRP) training material should be

consistent so that all audiences receive the same training.

stored in a fire proof safe to ensure availability when needed.

only delivered in paper format.

presented in a professional looking manner.

177. Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

Layer 2 Tunneling Protocol (L2TP)

Link Control Protocol (LCP)

Challenge Handshake Authentication Protocol (CHAP)

Packet Transfer Protocol (PTP)

178. Application of which of the following Institute of Electrical and Electronics Engineers (IEEE) standards will prevent an unauthorized wireless device from being attached to a network?

IEEE 802.1F

IEEE 802.1H

IEEE 802.1Q

IEEE 802.1X

179. Which of the following combinations would MOST negatively affect availability?

Denial of Service (DoS) attacks and outdated hardware

Unauthorized transactions and outdated hardware

Fire and accidental changes to data

Unauthorized transactions and denial of service attacks

180. Why is planning the MOST critical phase of a Role Based Access Control (RBAC) implementation?

The criteria for measuring risk is defined.

User populations to be assigned to each role is determined.

Role mining to define common access patterns is performed.

The foundational criteria are defined.

Page 19 of 25

181. How long should the records on a project be retained?

For the duration of the project, or at the discretion of the record owner

Until they are no longer useful or required by policy

Until five years after the project ends, then move to archives

For the duration of the organization fiscal year

182. Which of the following methods provides the MOST protection for user credentials?

Forms-based authentication

Digest authentication

Basic authentication

Self-registration

183. Which of the following is the FIRST step during digital identity provisioning?

Authorizing the entity for resource access

Synchronizing directories

Issuing an initial random password

Creating the entity record with the correct attributes

184. What is an important characteristic of Role Based Access Control (RBAC)?

Supports Mandatory Access Control (MAC)

Simplifies the management of access rights

Relies on rotation of duties

Requires two factor authentication

185. Which layer of the Open systems Interconnection (OSI) model is being targeted in the event of a Synchronization (SYN) flood attack?

Session

Transport

Network

Presentation

186. Which of the following threats exists with an implementation of digital signatures?

Spoofing

Substitution

Content tampering

Eavesdropping

187. Which of the following is a detective access control mechanism?

Log review

Least privilege

Password complexity

Non-disclosure agreement

188. Configuring a Wireless Access Point (WAP) with the same Service Set Identifier (SSID) as another WAP in order to have users unknowingly connect is referred to as which of the following?

Jamming

Man-irHht-Middk (MITM)

War driving

Internet Protocol (IP) spoofing

189. What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?

Business Impact Analysis (BIA)

Security Assessment Report (SAR)

Plan of Action and Milestones {POA&M)

Security Assessment Plan (SAP)

190. Which of the following is the MOST important action regarding authentication?

Granting access rights

Enrolling in the system

Establishing audit controls

Obtaining executive authorization

Page 20 of 25

191. A security analyst for a large financial institution is reviewing network traffic related to an incident. The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user’s desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS).

Which of the following is the analyst’s next step?

Send the log file co-workers for peer review

Include the full network traffic logs in the incident report

Follow organizational processes to alert the proper teams to address the issue.

Ignore data as it is outside the scope of the investigation and the analyst’s role.

192. Why should Open Web Application Security Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web application?

ASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats.

Opportunistic attackers will look for any easily exploitable vulnerable applications.

Most regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications.

Securing applications at ASVS Level 1 provides adequate protection for sensitive data.

193. Which of the following is the PRIMARY benefit of implementing data-in-use controls?

If the data is lost, it must be decrypted to be opened.

If the data is lost, it will not be accessible to unauthorized users.

When the data is being viewed, it can only be printed by authorized users.

When the data is being viewed, it must be accessed using secure protocols.

194. When a system changes significantly, who is PRIMARILY responsible for assessing the security impact?

Chief Information Security Officer (CISO)

Information System Owner

Information System Security Officer (ISSO)

Authorizing Official

195. What is a characteristic of Secure Socket Layer (SSL) and Transport Layer Security (TLS)?

SSL and TLS provide a generic channel security mechanism on top of Transmission Control Protocol (TCP).

SSL and TLS provide nonrepudiation by default.

SSL and TLS do not provide security for most routed protocols.

SSL and TLS provide header encapsulation over HyperText Transfer Protocol (HTTP).

196. When can a security program be considered effective?

Audits are rec/party performed and reviewed.

Vulnerabilities are proactively identified.

Risk is lowered to an acceptable level.

Badges are regulatory performed and validated

197. Which of the following access control models is MOST restrictive?

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

Role Based Access Control (RBAC)

Rule based access control

198. Refer to the information below to answer the question.

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

Which of the following is true according to the star property (*property)?

User D can write to File 1

User B can write to File 1

User A can write to File 1

User C can write to File 1

199. Which of the following factors is á PRIMARY reason to drive changes in an Information Security Continuous Monitoring (ISCM) strategy?

Testing and Evaluation (TE) personnel changes

Changes to core missions or business processes

Increased Cross-Site Request Forgery (CSRF) attacks

Changes in Service Organization Control (SOC) 2 reporting requirements

200. When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include

hardened building construction with consideration of seismic factors.

adequate distance from and lack of access to adjacent buildings.

curved roads approaching the data center.

proximity to high crime areas of the city.

Page 21 of 25

201. Which of the following is the PRIMARY risk with using open source software in a commercial software construction?

Lack of software documentation

License agreements requiring release of modified code

Expiration of the license agreement

Costs associated with support of the software

202. A security consultant has been asked to research an organization's legal obligations to protect privacy-related information.

What kind of reading material is MOST relevant to this project?

The organization's current security policies concerning privacy issues

Privacy-related regulations enforced by governing bodies applicable to the organization

Privacy best practices published by recognized security standards organizations

Organizational procedures designed to protect privacy information

203. A vehicle of a private courier company that transports backup data for offsite storage was robbed while in transport backup data for offsite was robbed while in transit. The incident management team is now responsible to estimate the robbery, which of the following would help the incident management team to MOST effectively analyze the business impact of the robbery?

Log of backup administrative actions

Log of the transported media and its classification marking

Log of the transported media and Its detailed contents

Log of backed up data and their respective data custodians

204. While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords.

Which method of information gathering has the attacker used?

Trusted path

Malicious logic

Social engineering

Passive misuse

205. What should an auditor do when conducting a periodic audit on media retention?

Check electronic storage media to ensure records are not retained past their destruction date.

Ensure authorized personnel are in possession of paper copies containing Personally Identifiable Information….

Check that hard disks containing backup data that are still within a retention cycle are being destroyed….

Ensure that data shared with outside organizations is no longer on a retention schedule.

206. A vulnerability test on an Information System (IS) is conducted to

exploit security weaknesses in the I

measure system performance on systems with weak security controls.

evaluate the effectiveness of security controls.

prepare for Disaster Recovery (DR) planning.

207. Which security service is served by the process of encryption plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

Confidentiality

Integrity

Identification

Availability

208. For a federated identity solution, a third-party Identity Provider (IdP) is PRIMARILY responsible for which of the following?

Access Control

Account Management

Authentication

Authorization

209. Which of the following is the BEST solution to provide redundancy for telecommunications links?

Provide multiple links from the same telecommunications vendor.

Ensure that the telecommunications links connect to the network in one location.

Ensure that the telecommunications links connect to the network in multiple locations.

Provide multiple links from multiple telecommunications vendors.

210. Which of the following types of data would be MOST difficult to detect by a forensic examiner?

Slack space data

Steganographic data

File system deleted data

Data stored with a different file type extension

Page 22 of 25

211. Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

Walkthrough

Simulation

Parallel

White box

212. How can a forensic specialist exclude from examination a large percentage of operating system files residing on a copy of the target system?

Take another backup of the media in question then delete all irrelevant operating system files.

Create a comparison database of cryptographic hashes of the files from a system with the same operating system and patch level.

Generate a message digest (MD) or secure hash on the drive image to detect tampering of the media being examined.

Discard harmless files for the operating system, and known installed programs.

213. What is the purpose of an Internet Protocol (IP) spoofing attack?

To send excessive amounts of data to a process, making it unpredictable

To intercept network traffic without authorization

To disguise the destination address from a target’s IP filtering devices

To convince a system that it is communicating with a known entity

214. Which of the following is an accurate statement when an assessment results in the discovery of vulnerabilities in a critical network component?

The fact that every other host is sufficiently hardened does not change the fact frat the network is placed at risk of attack.

There is little likelihood that the entire network is being placed at a significant risk of attack.

A second assessment should immediately be performed after all vulnerabilities are corrected.

There is a low possibility that any adjacently connected components have been compromised by an attacker

215. Which of the following is the BEST reason for writing an information security policy?

To support information security governance

To reduce the number of audit findings

To deter attackers

To implement effective information security controls

216. A client has reviewed a vulnerability assessment report and has stated it is Inaccurate. The client states that the vulnerabilities listed are not valid because the host’s Operating System (OS) was not properly detected.

Where in the vulnerability assessment process did the erra MOST likely occur?

Detection

Enumeration

Reporting

Discovery

217. When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

Log all activities associated with sensitive systems

Provide links to security policies

Confirm that confidentially agreements are signed

Employ strong access controls

218. The FIRST step in building a firewall is to

assign the roles and responsibilities of the firewall administrators.

define the intended audience who will read the firewall policy.

identify mechanisms to encourage compliance with the policy.

perform a risk analysis to identify issues to be addressed.

219. In a basic SYN flood attack, what is the attacker attempting to achieve?

Exceed the threshold limit of the connection queue for a given service

Set the threshold to zero for a given service

Cause the buffer to overflow, allowing root access

Flush the register stack, allowing hijacking of the root account

220. Which of the following will help prevent improper session handling?

Ensure that all UlWebView calls do not execute without proper input validation.

Ensure that tokens are sufficiently long, complex, and pseudo-random.

Ensure JavaScript and plugin support is disabled.

Ensure that certificates are valid and fail closed.

Page 23 of 25

221. A security professional has just completed their organization's Business Impact Analysis (BIA). Following Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) best practices, what would be the professional's NEXT step?

Identify and select recovery strategies.

Present the findings to management for funding.

Select members for the organization's recovery teams.

Prepare a plan to test the organization's ability to recover its operations.

222. The Secure Shell (SSH) version 2 protocol supports.

availability, accountability, compression, and integrity,

authentication, availability, confidentiality, and integrity.

accountability, compression, confidentiality, and integrity.

authentication, compression, confidentiality, and integrity.

223. Which methodology is recommended for penetration testing to be effective in the development phase of the life-cycle process?

White-box testing

Software fuzz testing

Black-box testing

Visual testing

224. Who is ultimately responsible to ensure that information assets are categorized and adequate measures are taken to protect them?

Data Custodian

Executive Management

Chief Information Security Officer

Data/Information/Business Owners

225. What type of wireless network attack BEST describes an Electromagnetic Pulse (EMP) attack?

Radio Frequency (RF) attack

Denial of Service (DoS) attack

Data modification attack

Application-layer attack

226. Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

Password requirements are simplified.

Risk associated with orphan accounts is reduced.

Segregation of duties is automatically enforced.

Data confidentiality is increased.

227. Which of the following is PRIMARILY adopted for ensuring the integrity of information is preserved?

Data at rest protection

Transport Layer Security (TLS)

Role Based Access Control (RBAC)

One-way encryption

228. An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer.

Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Implement packet filtering on the network firewalls

Require strong authentication for administrators

Install Host Based Intrusion Detection Systems (HIDS)

Implement logical network segmentation at the switches

229. Which of the following is used to ensure that data mining activities Will NOT reveal sensitive data?

Implement two-factor authentication on the underlying infrastructure.

Encrypt data at the field level and tightly control encryption keys.

Preprocess the databases to see if inn …… can be disclosed from the learned patterns.

Implement the principle of least privilege on data elements so a reduced number of users can access the database.

230. An organization implements a Remote Access Server (RAS). Once users correct to the server, digital certificates are used to authenticate their identity.

What type of Extensible Authentication Protocol (EAP) would the organization use dring this authentication?

Transport layer security (TLS)

Message Digest 5 (MD5)

Lightweight Extensible Authentication Protocol (EAP)

Subscriber Identity Module (SIM)

Page 24 of 25

231. Which of the following MUST be considered when developing business rules for a data loss prevention (DLP) solution?

Data availability

Data sensitivity

Data ownership

Data integrity

232. Which of the following is the BEST method to prevent malware from being introduced into a production environment?

Purchase software from a limited list of retailers

Verify the hash key or certificate key of all updates

Do not permit programs, patches, or updates from the Internet

Test all new software in a segregated environment

233. Which of the following does Temporal Key Integrity Protocol (TKIP) support?

Multicast and broadcast messages

Coordination of IEEE 802.11 protocols

Wired Equivalent Privacy (WEP) systems

Synchronization of multiple devices

234. A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls.

This type of risk rating is an example of which of the following?

Transferred risk

Inherent risk

Residual risk

Avoided risk

235. Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?

External

Overt

Internal

Covert

236. Refer to the information below to answer the question.

In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

In a Bell-LaPadula system, which user cannot write to File 3?

User A

User B

User C

User D

237. Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?

Derived credential

Temporary security credential

Mobile device credentialing service

Digest authentication

238. Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation?

To verify that only employees have access to the facility.

To identify present hazards requiring remediation.

To monitor staff movement throughout the facility.

To provide a safe environment for employees.

239. Which of the following is the BEST way to verify the integrity of a software patch?

Cryptographic checksums

Version numbering

Automatic updates

Vendor assurance

240. In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain.

What could be done on this device in order to obtain proper connectivity?

Connect the device to another network jack

Apply remediation’s according to security requirements

Apply Operating System (OS) patches

Change the Message Authentication Code (MAC) address of the network interface

Page 25 of 25

241. Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage?

Transference

Covert channel

Bleeding

Cross-talk

242. Which of the following MUST be part of a contract to support electronic discovery of data stored in a cloud environment?

Integration with organizational directory services for authentication

Tokenization of data

Accommodation of hybrid deployment models

Identification of data location

243. As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website.

Which of the following actions would be performed?

Use a web scanner to scan for vulnerabilities within the website.

Perform a code review to ensure that the database references are properly addressed.

Establish a secure connection to the web server to validate that only the approved ports are open.

Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.

244. As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

Known-plaintext attack

Denial of Service (DoS)

Cookie manipulation

Structured Query Language (SQL) injection

245. Which of the following BEST describes a rogue Access Point (AP)?

An AP that is not protected by a firewall

An AP not configured to use Wired Equivalent Privacy (WEP) with Triple Data Encryption Algorithm (3DES)

An AP connected to the wired infrastructure but not under the management of authorized network administrators

An AP infected by any kind of Trojan or Malware

246. During an audit, the auditor finds evidence of potentially illegal activity.

Which of the following is the MOST appropriate action to take?

Immediately call the police

Work with the client to resolve the issue internally

Advise the person performing the illegal activity to cease and desist

Work with the client to report the activity to the appropriate authority

Access to Free 2022 CISSP Certification Training Questions

Access to Free 2022 CISSP Certification Training Questions

Share this post

Author

Leave a Reply Cancel reply

Related Posts

Become an HCISPP – HealthCare Information Security and Privacy Practitioner