Certified Information Systems Security Professional v1.0 (CISSP)

Page:    1 / 33   
Total 492 questions

What is the MOST significant benefit of role-based access control (RBAC)?

  • A. Reduces inappropriate access
  • B. Management of least privilege
  • C. Most granular form of access control
  • D. Reduction in authorization administration overhead


Answer : D

What is the MOST common security risk of a mobile device?

  • A. Data spoofing
  • B. Malware infection
  • C. Insecure communications link
  • D. Data leakage


Answer : B

What level of Redundant Array of Independent Disks (RAID) is configured PRIMARILY for high-performance data reads and writes?

  • A. RAID-0
  • B. RAID-1
  • C. RAID-5
  • D. RAID-6


Answer : A

What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?

  • A. Control risk
  • B. Demand risk
  • C. Supply risk
  • D. Process risk


Answer : D

International bodies established a regulatory scheme that defines how weapons are exchanged between the signatories. It also addresses cyber weapons, including malicious software, Command and Control (C2) software, and internet surveillance software. This is a description of which of the following?

  • A. International Traffic in Arms Regulations (ITAR)
  • B. Palermo convention
  • C. Wassenaar arrangement
  • D. General Data Protection Regulation (GDPR)


Answer : C

An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer
(CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?

  • A. Port security
  • B. Two-factor authentication (2FA)
  • C. Strong passwords
  • D. Application firewall


Answer : B

Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?

  • A. Findings definition section
  • B. Risk review section
  • C. Executive summary with full details
  • D. Key findings section


Answer : D

Why is data classification control important to an organization?

  • A. To enable data discovery
  • B. To ensure security controls align with organizational risk appetite
  • C. To ensure its integrity, confidentiality and availability
  • D. To control data retention in alignment with organizational policies and regulation


Answer : B

To monitor the security of buried data lines inside the perimeter of a facility, which of the following is the MOST effective control?

  • A. Fencing around the facility with closed-circuit television (CCTV) cameras at all entry points
  • B. Ground sensors installed and reporting to a security event management (SEM) system
  • C. Regular sweeps of the perimeter, including manual inspection of the cable ingress points
  • D. Steel casing around the facility ingress points


Answer : C

An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?

  • A. It should be expressed as general requirements.
  • B. It should be expressed as technical requirements.
  • C. It should be expressed in business terminology.
  • D. It should be expressed in legal terminology.


Answer : B

Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?

  • A. Mandatory Access Control (MAC)
  • B. Attribute Based Access Control (ABAC)
  • C. Role Based Access Control (RBAC)
  • D. Discretionary Access Control (DAC)


Answer : B

What is a security concern when considering implementing software-defined networking (SDN)?

  • A. It has a decentralized architecture.
  • B. It increases the attack footprint.
  • C. It uses open source protocols.
  • D. It is cloud based.


Answer : B

What is the BEST way to restrict access to a file system on computing systems?

  • A. Use least privilege at each level to restrict access.
  • B. Restrict access to all users.
  • C. Allow a user group to restrict access.
  • D. Use a third-party tool to restrict access.


Answer : A

Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?

  • A. Avoid lengthy audit reports
  • B. Enable generation of corrective action reports
  • C. Facilitate a root cause analysis (RCA)
  • D. Lower costs throughout the System Development Life Cycle (SDLC)


Answer : B

What is the correct order of execution for security architecture?

  • A. Governance, strategy and program management, operations, project delivery
  • B. Governance, strategy and program management, project delivery, operations
  • C. Strategy and program management, project delivery, governance, operations
  • D. Strategy and program management, governance, project delivery, operations


Answer : C

Page:    1 / 33   
Total 492 questions