Certified Information Systems Security Professional (CISSP) Sample Questions

  1. Home
  2. Certified Information Systems Security Professional (CISSP) Sample Questions
Certified Information Systems Security Professional (CISSP) Sample Questions

The Certified Information Systems Security Professional (CISSP) Exam candidates are expected to demonstrate their range of abilities. The CISSP test approves your abilities and surveys your capacity to really configure, carry out and deal with a top-tier network protection program. The CISSP test estimates your skill and assists you with turning into an (ISC)² part, in this way opening a wide exhibit of selective assets, instructive devices, and shared systems administration open doors.

Here are some of the most vital and helpful sample questions listed for you to go through and prepare for the exam in a better way-

1.) The accompanying things ought to be all remembered for a Business Impact Analysis (BIA) poll EXCEPT questions that

A. decide the gamble of a business interference happening
B. decide the innovative reliance of the business processes
C. Distinguish the functional effects of a business interference
D. Distinguish the monetary effects of a business interference

Right Answer: B

2.) Which of the accompanying activities will lessen the gamble on a PC prior to venturing out to a high-take a chance with the region?

A. Look at the gadget for actual altering
B. Carry out more rigid pattern setups
C. Cleanse or re-picture the hard circle drive
D. Change access codes

Right Answer: B

3.) Which of the accompanying implies the GREATEST danger to information classification?

A. Network redundancies are not executed
B. Security mindfulness preparation isn’t finished
C. Reinforcement tapes are created decoded
D. Clients have managerial honors

Right Answer: D

4.) What is the MOST significant thought from an information security point of view when an association intends to migrate?

A. Guarantee the fire anticipation and location frameworks are adequate to safeguard the workforce
B. Audit the design intends to decide the number of crisis exits is available
C. Lead a hole examination of another office against existing security prerequisites
D. Change the Disaster Recovery and Business Continuity (DR/BC) plan

Right Answer: C

5.) An organization whose Information Technology (IT) administrations are being conveyed from a Tier 4 server farm, is setting up an expansive Business Continuity Planning (BCP). Which of the accompanying disappointments should the IT supervisor be worried about?

A. Application
B. Capacity
C. Power
D. Network

Right Answer: A

Explanation: Data center tiers

6.) While surveying an association’s security strategy as indicated by principles laid out by the International Organization for Standardization (ISO) 27001 and 27002, when can the board liabilities be characterized?

A. Just when resources are plainly characterized
B. Just when guidelines are characterized
C. Just when controls are set up
D. Just methods are characterized

Right Answer: A

7.) Which of the accompanying kinds of advances could be the savviest technique to give receptive control to safeguarding the workforce in open regions?

A. Introduce mantraps at the structure doors
B. Encase the workforce section region with a polycarbonate plastic
C. Supply a coercion caution for staff presented to general society Most Voted
D. Employ a gatekeeper to safeguard the public region

Right Answer: C

8.) A significant standard of protection top to bottom is that accomplishing data security requires a decent spotlight on which PRIMARY components?

A. Advancement, testing, and organization
B. Counteraction, discovery, and remediation
C. Individuals, innovation, and activities
D. Affirmation, certification, and observing

Right Answer: C

9.) Licensed innovation freedoms are PRIMARY worried about which of the accompanying?

A. Proprietor’s capacity to acknowledge the monetary benefit
B. Proprietor’s capacity to keep up with copyright
C. Right of the proprietor to partake in their creation
D. Right of the proprietor to control conveyance technique

Right Answer: A

10.) A control to shield from a Denial-of-Service (DoS) assault is not set in stone to stop half of the attacks, and moreover, lessen the effect of attacks by half.
What is the residual risk?

A. 25%
B. half
C. 75%
D. 100 percent

Right Answer: A

11.) Which of the accompanying BEST depicts the obligations of a data owner?

A. Guaranteeing quality and approval through occasional reviews for continuous information uprightness
B. Keeping up with central information accessibility, including information stockpiling and chronicling
C. Guaranteeing availability to suitable clients, keeping up with fitting degrees of information security
D. Deciding the effect the data has on the mission of the association

Right Answer: C

Explanation: Data and system ownership

12.) An association has multiplied in size because of a fast piece of the pie increment. The size of the Information Technology (IT) staff has kept up with the pace of this development.
The association employs a few workers for hire whose on-location time is restricted. The IT division has stretched its boundaries building servers and carrying out workstations and has an excess of records the board demands.
Which agreement is BEST in offloading the assignment from the IT staff?

A. Platform as a Service (PaaS)
B. Identity as a Service (IDaaS)
C. Desktop as a Service (DaaS)
D. Software as a Service (SaaS)

Right Answer: B

13.) While executing a data classification program, for what reason is it essential to stay away from a lot of granularity?

A. The interaction will require an excessive number of assets
B. It will be challenging to apply to both equipment and programming
C. Allotting proprietorship to the data will be troublesome
D. The cycle will be seen as having esteem

Right Answer: A

14.) In a data classification scheme, the data is possessed by the

A. system security managers
B. business managers
C. Information Technology (IT) managers
D. end users

Right Answer: B

15.) Which coming up next is an underlying thought while fostering data security in the executive’s framework?

A. Recognize the authoritative security commitments that apply to the associations
B. Grasp the worth of the data resources
C. Distinguish the degree of leftover gamble that is mediocre to the executives
D. Recognize important administrative and administrative consistence necessities

Right Answer: B

16.) Which coming up next is a compelling control in forestalling electronic cloning of Radio Frequency Identification (RFID) based admittance cards?

A. Personal Identity Verification (PIV)
B. Cardholder Unique Identifier (CHUID) authentication
C. Physical Access Control System (PACS) repeated attempt detection
D. Asymmetric Card Authentication Key (CAK) challenge-reaction

Right Answer: D

17.) Which variables MUST be thought about while grouping the data and supporting resources for the risk to the executives, legitimate revelation, and consistence?

A. Framework proprietor jobs and obligations, information dealing with norms, stockpiling, and secure advancement lifecycle prerequisites
B. Information stewardship jobs, information taking care of, and capacity norms, information lifecycle prerequisites
C. Consistency of office jobs and obligations, arranged material dealing with principles, capacity framework lifecycle prerequisites
D. Framework approval jobs and obligations, distributed computing principles, lifecycle necessities

Right Answer: A

18.) When network the board is moved to outsiders, which coming up next is the MOST successful strategy for safeguarding basic information resources?

A. Log movements of every sort related to delicate frameworks
B. Give connects to security approaches
C. Affirm that secretly arrangements are agreed upon
D. Utilize solid access controls

Right Answer: D

19.) Which coming up next is the MOST suitable activity while reusing media that contains sensitive data?

A. Delete
B. Sanitize
C. Scramble
D. Degauss

Right Answer: B

20.) An association of late led a survey of the security of its organization applications. One of the weaknesses found was that the meeting key utilized in encoding delicate data to an outsider server had been hard-coded in the client and server applications. Which of the accompanying could be MOST viable in moderating this weakness?

A. Diffle-Hellman (DH) calculation
B. Elliptic Curve Cryptography (ECC) calculation
C. Advanced Signature calculation (DSA)
D. Rivest-Shamir-Adleman (RSA) calculation

Right Answer: A

Certified Information Systems Security Professional (CISSP) practice tests