ISC Certified Information Systems Security Professional (CISSP) (CISSP) Free Practice Test
Question 1
Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?
Correct Answer: D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 2
Which of the following is the name of an individual or group that is impacted by a change?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 3
Which of the following is the BEST way to protect against structured Query language (SQL) injection?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 4
A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of
15 minutes. The current design has all of the application infrastructure located within one co- location data center. Which security principle is the architect currently assessing?
15 minutes. The current design has all of the application infrastructure located within one co- location data center. Which security principle is the architect currently assessing?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 5
Drag and Drop Question
Given the various means to protect physical and logical assets, match the access management area to the technology.
Given the various means to protect physical and logical assets, match the access management area to the technology.
Correct Answer:
Question 6
Refer to the information below to answer the question.
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following documents explains the proper use of the organization's assets?
A new employee is given a laptop computer with full administrator access. This employee does not have a personal computer at home and has a child that uses the computer to send and receive e-mail, search the web, and use instant messaging. The organization's Information Technology (IT) department discovers that a peer-to-peer program has been installed on the computer using the employee's access.
Which of the following documents explains the proper use of the organization's assets?
Correct Answer: D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 7
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
In addition to authentication at the start of the user session, best practice would require re- authentication
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
In addition to authentication at the start of the user session, best practice would require re- authentication
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 8
Which of the following is an indicator that a company's new user security awareness training module has been effective?
Correct Answer: D
Question 9
Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?
Correct Answer: D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 10
Which of the following MUST a security professional do in order to quantify the value of a security program to organization management?
Correct Answer: D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).