ISC cissp practice test

Certified Information Systems Security Professional Exam

Last exam update: May 17 ,2024
Page 1 out of 99. Viewing questions 1-15 out of 1487

Question 1

What is the MAIN purpose of a security assessment plan?

  • A. Provide guidance on security requirements, to ensure the identified security risks are properly addressed based on the recommendation
  • B. Provide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments.
  • C. Provide technical information to executives to help them understand information security postures and secure funding.
  • D. Provide education to employees on security and privacy, to ensure their awareness on policies and procedures
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

What are the first two components of logical access control?

  • A. Confidentiality and authentication
  • B. Authentication and identification
  • C. Identification and confidentiality
  • D. Authentication and availability
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

If traveling abroad and a customs official demands to examine a personal computer, which of the
following should be assumed?

  • A. The hard drive has been stolen.
  • B. The Internet Protocol (IP) address has been copied.
  • C. The hard drive has been copied.
  • D. The Media Access Control (MAC) address was stolen
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Spyware is BEST described as

  • A. data mining for advertising.
  • B. a form of cyber-terrorism,
  • C. an information gathering technique,
  • D. a web-based attack.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

a large organization uses biometrics to allow access to its facilities. It adjusts the biometric value for
incorrectly granting or denying access so that the two numbers are the same.
What is this value called?

  • A. False Rejection Rate (FRR)
  • B. Accuracy acceptance threshold
  • C. Equal error rate
  • D. False Acceptance Rate (FAR)
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which of the following would be considered an incident if reported by a security information and
event management (SIEM) system?

  • A. An administrator is logging in on a server through a virtual private network (VPN).
  • B. A log source has stopped sending data.
  • C. A web resource has reported a 404 error.
  • D. A firewall logs a connection between a client on the Internet and a web server using Transmission Control Protocol (TCP) on port 80.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

At which phase of the software assurance life cycle should risks associated with software acquisition
strategies be identified?

  • A. Follow-on phase
  • B. Planning phase
  • C. Monitoring and acceptance phase
  • D. Contracting phase
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which of the following are the B EST characteristics of security metrics?

  • A. They are generalized and provide a broad overview
  • B. They use acronyms and abbreviations to be concise
  • C. They use bar charts and Venn diagrams
  • D. They are consistently measured and quantitatively expressed
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

What is the P R IM A R Y reason criminal law is difficult to enforce when dealing with cyber-crime?

  • A. Extradition treaties are rarely enforced.
  • B. Numerous language barriers exist.
  • C. Law enforcement agencies are understaffed.
  • D. Jurisdiction is hard to define.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

After the INITIAL input o f a user identification (ID) and password, what is an authentication system
that prompts the user for a different response each time the user logs on?

  • A. Persons Identification Number (PIN)
  • B. Secondary password
  • C. Challenge response
  • D. Voice authentication
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which of the following terms BEST describes a system which allows a user to log in and access
multiple related servers and applications?

  • A. Remote Desktop Protocol (RDP)
  • B. Federated identity management (FIM)
  • C. Single sign-on (SSO)
  • D. Multi-factor authentication (MFA)
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which of the following MUST the administrator of a security information and event management
(SIEM) system ensure?

  • A. All sources are reporting in the exact same Extensible Markup Language (XML) format.
  • B. Data sources do not contain information infringing upon privacy regulations.
  • C. All sources are synchronized with a common time reference.
  • D. Each source uses the same Internet Protocol (IP) address for reporting.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which of the following addresses requirements of security assessment during software acquisition?

  • A. Software assurance policy
  • B. Continuous monitoring
  • C. Software configuration management (SCM)
  • D. Data loss prevention (DLP) policy
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

A recent information security risk assessment identified weak system access controls on mobile
devices as a high me In order to address this risk and ensure only authorized staff access company
information, which of the following should the organization implement?

  • A. Intrusion prevention system (IPS)
  • B. Multi-factor authentication (MFA)
  • C. Data loss protection (DLP)
  • D. Data at rest encryption
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which of the following attack types can be used to compromise the integrity of data during
transmission?

  • A. Keylogging
  • B. Packet sniffing
  • C. Synchronization flooding
  • D. Session hijacking
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2