CISSP (Information Systems Security) Practice Tests 2019 Set 3

Which of the following is the weakest element in any security solution?



Options are :

  • B. Internet connections
  • A. Software products
  • D. Humans
  • C. Security policies

Answer : D. Humans

Which criminal law was the first to implement penalties for the creators of viruses, worms, and other types of malicious code that cause harm to computer systems?



Options are :

  • A. Computer Security Act
  • B. National Infrastructure Protection Act
  • C. Computer Fraud and Abuse Act
  • D. Electronic Communications Privacy Act

Answer : C. Computer Fraud and Abuse Act

CISSP - Mock Questions with all domains

What BIA metric can be used to express the longest time a business function can be unavailable without causing irreparable harm to the organization?



Options are :

  • C. MTD
  • A. SLE
  • B. EF
  • D. ARO

Answer : C. MTD

What kind of attack makes the Caesar cipher virtually unusable?



Options are :

  • B. Escrow attack
  • D. Transposition attack
  • A. Meet-in-the-middle attack
  • C. Frequency analysis attack

Answer : C. Frequency analysis attack

If an organization contracts with outside entities to provide key business functions or services, such as account or technical

support, what is the process called that is used to ensure that these entities support sufficient security?



Options are :

  • D. Qualitative analysis
  • B. Third-party governance
  • A. Asset identification
  • C. Exit interview

Answer : B. Third-party governance

CISSP Security Engineering Certification Practice Exam Set 3

Once the BCP team is selected, what should be the first item placed on the team’s agenda?



Options are :

  • A. Business impact assessment
  • C. Resource requirements analysis
  • B. Business organization analysis
  • D. Legal and regulatory assessment

Answer : B. Business organization analysis

Which would an administrator do to classified media before reusing it in a less secure environment?



Options are :

  • D. Overwriting
  • B. Clearing
  • C. Purging
  • A. Erasing

Answer : C. Purging

Which one of the following tasks would a custodian most likely perform?



Options are :

  • D. Back up data
  • B. Classify the data
  • A. Access the data
  • C. Assign permissions to the data

Answer : D. Back up data

CISSP Security Engineering Certification Practice Exam Set 9

When correctly implemented, what is the only cryptosystem known to be unbreakable?



Options are :

  • B. Substitution cipher
  • A. Transposition cipher
  • D. One-time pad
  • C. Advanced Encryption Standard

Answer : D. One-time pad

Which of the following is a primary purpose of an exit interview?



Options are :

  • C. To evaluate the exiting employee’s performance
  • D. To cancel the exiting employee’s network access accounts
  • B. To review the nondisclosure agreement
  • A. To return the exiting employee’s personal belongings

Answer : B. To review the nondisclosure agreement

Which of the following statements is not true?



Options are :

  • C. Risks to an IT infrastructure are all computer based.
  • D. An asset is anything used in a business process or task.
  • A. IT security can provide protection only against logical or technical attacks.
  • B. The process by which the goals of risk management are achieved is known as risk analysis.

Answer : C. Risks to an IT infrastructure are all computer based.

CISSP - Security Assessment and Testing Mock

A portion of the __________________ is the logical and practical investigation of business processes and organizational policies. This process/policy review ensures that the stated and implemented business tasks, systems, and methodologies are practical, efficient, and cost-effective, but most of all (at least in relation to security governance) that they support security through the reduction of vulnerabilities and the avoidance, reduction, or mitigation of risk.



Options are :

  • D. Documentation review
  • C. Countermeasure selection
  • A. Hybrid assessment
  • B. Risk aversion process

Answer : D. Documentation review

Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present. What type of technique is he using?



Options are :

  • C. Work function
  • D. Zero-knowledge proof
  • B. M of N Control
  • A. Split knowledge

Answer : B. M of N Control

Which one of the following is not a possible key length for the Advanced Encryption Standard Rijndael cipher?



Options are :

  • A. 56 bits
  • C. 192 bits
  • D. 256 bits
  • B. 128 bits

Answer : A. 56 bits

CISSP Security Engineering Certification Practical Exam Set 2

How many possible keys exist in a 4-bit key space?



Options are :

  • A. 4
  • B. 8
  • D. 128
  • C. 16

Answer : C. 16

What block size is used by the 3DES encryption algorithm?



Options are :

  • D. 256 bits
  • A. 32 bits
  • B. 64 bits
  • C. 128 bits

Answer : B. 64 bits

When seeking to hire new employees, what is the first step?



Options are :

  • C. Screen candidates.
  • D. Request résumés
  • A. Create a job description.
  • B. Set position classification.

Answer : A. Create a job description.

CISSP Security and Risk Management Certified Practice Exam Set 4

Which law governs information security operations at federal agencies?



Options are :

  • B. FERPA
  • D. ECPA
  • A. FISMA
  • C. CFAA

Answer : A. FISMA

What is the most important aspect of marking media?



Options are :

  • D. Classification
  • A. Date labeling
  • C. Electronic labeling
  • B. Content description

Answer : D. Classification

What law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances?



Options are :

  • B. Electronic Communications Privacy Act
  • D. Gramm-Leach-Bliley Act
  • A. Privacy Act
  • C. Health Insurance Portability and Accountability Act

Answer : A. Privacy Act

CISSP - Security Engineering Mock Questions

What type of motion detector senses changes in the electrical or magnetic field surrounding a monitored object?



Options are :

  • A. Wave
  • D. Capacitance
  • B. Photoelectric
  • C. Heat

Answer : D. Capacitance

CISSP Security Engineering Certification Practical Exam Set 9

Which of the following is not an example of network segmentation?



Options are :

  • B. DMZ
  • D. VPN
  • A. Intranet
  • C. Extranet

Answer : D. VPN

Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher security level?



Options are :

  • A. (star) Security Property
  • C. No read up property
  • B. No write up property
  • D. No read down property

Answer : C. No read up property

How many major categories do the TCSEC criteria define?



Options are :

  • B. Three
  • C. Four
  • D. Five
  • A. Two

Answer : C. Four

CISSP Communication and Network Security Practice Exam Set 5

What is a field-powered technology that can be used for inventory management without requiring direct physical contact?



Options are :

  • C. SSID
  • D. SDN
  • B. RFID
  • A. IPX

Answer : B. RFID

What is the ideal humidity range for a computer room?



Options are :

  • C. 60–75 percent
  • A. 20–40 percent
  • D. 80–95 percent
  • B. 40–60 percent

Answer : B. 40–60 percent

What is the most effective means of reducing the risk of losing the data on a mobile device, such as a notebook computer?



Options are :

  • A. Defining a strong logon password
  • C. Using a cable lock
  • D. Encrypting the hard drive
  • B. Minimizing sensitive data stored on the mobile device

Answer : B. Minimizing sensitive data stored on the mobile device

CISSP - Software Development Security Mock Questions

What part of the TCB concept validates access to every resource prior to granting the requested access?



Options are :

  • A. TCB partition
  • C. Reference monitor
  • D. Security kernel
  • B. Trusted library

Answer : C. Reference monitor

What is the major disadvantage of using certificate revocation lists?



Options are :

  • C. Record keeping
  • B. Latency
  • A. Key management
  • D. Vulnerability to brute-force attacks

Answer : B. Latency

What is the most common cause of failure for a water-based fire suppression system?




Options are :

  • D. Placement of detectors in drop ceilings
  • B. People
  • A. Water shortage
  • C. Ionization detectors

Answer : B. People

CISSP-ISSAP Information Systems Security Architecture Exam Set 6

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions

Subscribe to See Videos

Subscribe to my Youtube channel for new videos : Subscribe Now