ISC cissp practice test

Certified Information Systems Security Professional Exam

Last exam update: Dec 14 ,2024
Page 1 out of 100. Viewing questions 1-15 out of 1487

Question 1

An information security professional is reviewing user access controls on a customer-facing
application. The application must have multi-factor authentication (MFA) in place. The application
currently requires a username and password to login. Which of the following options would BEST
implement MFA?

  • A. Geolocate the user and compare to previous logins
  • B. Require a pre-selected number as part of the login
  • C. Have the user answer a secret question that is known to them
  • D. Enter an automatically generated number from a hardware token
Mark Question:
Answer:

C


Explanation:

User Votes:
A
50%
B
50%
C
50%
D 3 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which of the fallowing statements is MOST accurate regarding information assets?

  • A. International Organization for Standardization (ISO) 27001 compliance specifies which information assets must be included in asset inventory.
  • B. S3 Information assets include any information that is valuable to the organization,
  • C. Building an information assets register is a resource-intensive job.
  • D. Information assets inventory is not required for risk assessment.
Mark Question:
Answer:

B


User Votes:
A
50%
B 1 votes
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

What is the overall goal of software security testing?

  • A. Identifying the key security features of the software
  • B. Ensuring all software functions perform as specified
  • C. Reducing vulnerabilities within a software system
  • D. Making software development more agile
Mark Question:
Answer:

B


User Votes:
A
50%
B 1 votes
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

In setting expectations when reviewing the results of a security test, which of the following
statements is MOST important to convey to reviewers?

  • A. The target’s security posture cannot be further compromised.
  • B. The results of the tests represent a point-in-time assessment of the target(s).
  • C. The accuracy of testing results can be greatly improved if the target(s) are properly hardened.
  • D. The deficiencies identified can be corrected immediately
Mark Question:
Answer:

C


User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which of the following is an important design feature for the outer door o f a mantrap?

  • A. Allow it to be opened by an alarmed emergency button.
  • B. Do not allow anyone to enter it alone.
  • C. Do not allow it to be observed by dosed-circuit television (CCTV) cameras.
  • D. Allow it be opened when the inner door of the mantrap is also open
Mark Question:
Answer:

D


User Votes:
A 2 votes
50%
B
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

Which of the following BEST describes the use of network architecture in reducing corporate risks
associated with mobile devices?

  • A. Maintaining a "closed applications model on all mobile devices depends on demilitarized 2one (DM2) servers
  • B. Split tunneling enabled for mobile devices improves demilitarized zone (DMZ) security posture
  • C. Segmentation and demilitarized zone (DMZ) monitoring are implemented to secure a virtual private network (VPN) access for mobile devices
  • D. Applications that manage mobile devices are located in an Internet demilitarized zone (DMZ)
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

When designing a Cyber-Physical System (CPS), which of the following should be a security
practitioners first consideration?

  • A. Resiliency of the system
  • B. Detection of sophisticated attackers
  • C. Risk assessment of the system
  • D. Topology of the network used for the system
Mark Question:
Answer:

A


User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of
information security, vulnerabilities, and threats to support organizational risk management
decisions. Which of the following is the FIRST step in developing an ISCM strategy and implementing
an ISCM program?

  • A. Define a strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, and mission/business impacts.
  • B. Conduct a vulnerability assessment to discover current threats against the environment and incorporate them into the program.
  • C. Respond to findings with technical management, and operational mitigating activities or acceptance, transference/sharing, or avoidance/rejection.
  • D. Analyze the data collected and report findings, determining the appropriate response. It may be necessary to collect additional information to clarify or supplement existing monitoring data.
Mark Question:
Answer:

A


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which of the following is the FIRST requirement a data owner should consider before implementing
a data retention policy?

  • A. Training
  • B. Legal
  • C. Business
  • D. Storage
Mark Question:
Answer:

B


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

What is the MAIN purpose of conducting a business impact analysis (BIA)?

  • A. To determine the critical resources required to recover from an incident within a specified time period
  • B. To determine the effect of mission-critical information system failures on core business processes
  • C. To determine the cost for restoration of damaged information system
  • D. To determine the controls required to return to business critical operations
Mark Question:
Answer:

B


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

What is the MAIN purpose of a security assessment plan?

  • A. Provide guidance on security requirements, to ensure the identified security risks are properly addressed based on the recommendation
  • B. Provide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments.
  • C. Provide technical information to executives to help them understand information security postures and secure funding.
  • D. Provide education to employees on security and privacy, to ensure their awareness on policies and procedures
Mark Question:
Answer:

B


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

What are the first two components of logical access control?

  • A. Confidentiality and authentication
  • B. Authentication and identification
  • C. Identification and confidentiality
  • D. Authentication and availability
Mark Question:
Answer:

B


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

If traveling abroad and a customs official demands to examine a personal computer, which of the
following should be assumed?

  • A. The hard drive has been stolen.
  • B. The Internet Protocol (IP) address has been copied.
  • C. The hard drive has been copied.
  • D. The Media Access Control (MAC) address was stolen
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Spyware is BEST described as

  • A. data mining for advertising.
  • B. a form of cyber-terrorism,
  • C. an information gathering technique,
  • D. a web-based attack.
Mark Question:
Answer:

B


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

a large organization uses biometrics to allow access to its facilities. It adjusts the biometric value for
incorrectly granting or denying access so that the two numbers are the same.
What is this value called?

  • A. False Rejection Rate (FRR)
  • B. Accuracy acceptance threshold
  • C. Equal error rate
  • D. False Acceptance Rate (FAR)
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2