CISSP (Information Systems Security) Practice Tests 2019 Set 5

Which of the following statements is true related to the RBAC model?



Options are :

  • A. A RBAC model allows users membership in multiple groups. (Correct)
  • C. A RBAC model is nonhierarchical.
  • B. A RBAC model allows users membership in a single group.
  • D. A RBAC model uses labels.

Answer : A. A RBAC model allows users membership in multiple groups.

CISSP Security Engineering Certification Practice Exam Set 7

Which of the following provides authentication based on a physical characteristic of a subject?



Options are :

  • D. PIN
  • B. Biometrics (Correct)
  • A. Account ID
  • C. Token

Answer : B. Biometrics

What is it called when email itself is used as an attack mechanism?



Options are :

  • D. Smurf attack
  • C. Spoofing
  • B. Mail-bombing (Correct)
  • A. Masquerading

Answer : B. Mail-bombing

What type of interface testing would identify flaws in a programís command-line interface?



Options are :

  • C. Physical
  • B. User interface testing (Correct)
  • A. Application programming interface testing

Answer : B. User interface testing

CISSP - Security Operations Mock Questions

Which of the following steps would not be included in a change management process?



Options are :

  • D. Document the change.
  • B. Request the change.
  • A. Immediately implement the change if it will improve performance. (Correct)
  • C. Create a rollback plan for the change.

Answer : A. Immediately implement the change if it will improve performance.

Matthew would like to test systems on his network for SQL injection vulnerabilities. Which one of the following tools would be

best suited to this task?



Options are :

  • B. Network vulnerability scanner
  • D. Web vulnerability scanner (Correct)
  • C. Network discovery scanner
  • A. Port scanner

Answer : D. Web vulnerability scanner

Which of the following is true related to a subject?



Options are :

  • C. The subject is always the entity that receives information about or data from an object. (Correct)
  • D. A single entity can never change roles between subject and object.
  • B. The subject is always the entity that provides or hosts the information or data.
  • A. A subject is always a user account.

Answer : C. The subject is always the entity that receives information about or data from an object.

CISSP - Mock Questions with all domains

Which of the following is not a part of a patch management process?



Options are :

  • C. Deploy all patches. (Correct)
  • B. Test patches.
  • A. Evaluate patches.
  • D. Audit patches.

Answer : C. Deploy all patches.

Which of the following statements best describes why separation of duties is important for security purposes?



Options are :

  • D. It helps employees concentrate their talents where they will be most useful.
  • C. It prevents any single IT security person from making major security changes without involving other individuals. (Correct)
  • B. It prevents an organization from losing important information when they lose important people.
  • A. It ensures that multiple people can do the same job.

Answer : C. It prevents any single IT security person from making major security changes without involving other individuals.

Servers within your organization were recently attacked causing an excessive outage. You are asked to check systems for known issues that attackers may use to exploit other systems in your network. Which of the following is the best choice to meet this need?



Options are :

  • B. Vulnerability (Correct)
  • A. Versioning tracker
  • D. Security review
  • C. Security audit

Answer : B. Vulnerability

CISSP Communication and Network Security Practice Exam Set 4

What can you use to prevent users from rotating between two passwords?



Options are :

  • A. Password complexity
  • C. Password age
  • D. Password length
  • B. Password history (Correct)

Answer : B. Password history

Which of the following is an example of a Type 2 authentication factor?



Options are :

  • B. Something you are
  • D. Something you know
  • C. Something you do
  • A. Something you have (Correct)

Answer : A. Something you have

What is needed to allow an external client to initiate a communication session with an internal system if the network uses

a NAT proxy?



Options are :

  • C. Static private IP address
  • B. Static mode NAT (Correct)
  • A. IPsec tunnel
  • D. Reverse DNS

Answer : B. Static mode NAT

CISSP (Information Systems Security) Practice Tests 2019 Set 7

What information security management task ensures that the organizationís data protection requirements are met effectively?



Options are :

  • A. Account management
  • C. Log review
  • D. Key performance indicators
  • B. Backup verification (Correct)

Answer : B. Backup verification

Of the following choices, what is not a valid security practice related to special privileges?



Options are :

  • C. Monitor special privilege usage.
  • A. Monitor special privilege assignments.
  • B. Grant access equally to administrators and operators. (Correct)
  • D. Grant access to only trusted employees.

Answer : B. Grant access equally to administrators and operators.

A central authority determines which files a user can access based on the organizationís hierarchy. Which of the following best

describes this?



Options are :

  • A. DAC model
  • C. Rule-based access control model
  • D. RBAC model (Correct)
  • B. An access control list (ACL)

Answer : D. RBAC model

CISSP Security Engineering Certification Practical Exam Set 5

Alan ran an nmap scan against a server and determined that port 80 is open on the server. What tool would likely provide him the best additional information about the serverís purpose and the identity of the serverís operator?



Options are :

  • C. telnet
  • B. Web browser (Correct)
  • D. ping
  • A. SSH

Answer : B. Web browser

An organization ensures that users are granted access to only the data they need to perform specific work tasks. What principle are they following?



Options are :

  • A. Principle of least permission
  • B. Separation of duties
  • C. Need-to-know (Correct)
  • D. Role Based Access Control

Answer : C. Need-to-know

___________________ is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between the communication endpoints.



Options are :

  • D. ATM
  • B. Frame Relay (Correct)
  • A. ISDN
  • C. SMDS

Answer : B. Frame Relay

CISSP - Software Development Security Mock Questions

Which one of the following tools is used primarily to perform network discovery scans?



Options are :

  • C. Metasploit
  • A. Nmap (Correct)
  • D. lsof
  • B. Nessus

Answer : A. Nmap

Which of the following is a type of connection that can be described as a logical circuit that always exists and is waiting for the

customer to send data?



Options are :

  • D. SVC
  • C. VPN
  • A. ISDN
  • B. PVC (Correct)

Answer : B. PVC

Which of the following is one of the primary reasons an organization enforces a mandatory vacation policy?



Options are :

  • C. To increase employee productivity
  • B. To detect fraud (Correct)
  • D. To reduce employee stress levels
  • A. To rotate job responsibilities

Answer : B. To detect fraud

CISSP Communication and Network Security Practice Exam Set 4

A user logs in with a login ID and a password. What is the purpose of the login ID?



Options are :

  • C. Accountability
  • A. Authentication
  • D. Identification (Correct)
  • B. Authorization

Answer : D. Identification

Which of the following types of access control uses fences, security policies, security awareness training, and antivirus software to stop an unwanted or unauthorized activity from occurring?



Options are :

  • C. Corrective
  • D. Authoritative
  • A. Preventive (Correct)
  • B. Detective

Answer : A. Preventive

What is the intent of least privilege?



Options are :

  • C. Enforce the most restrictive rights required by users to complete assigned tasks. (Correct)
  • A. Enforce the most restrictive rights required by users to run system processes.
  • B. Enforce the least restrictive rights required by users to run system processes.
  • D. Enforce the least restrictive rights required by users to complete assigned tasks.

Answer : C. Enforce the most restrictive rights required by users to complete assigned tasks.

CISSP-ISSAP Information Systems Security Architecture Exam Set 6

Which of the following best describes a rule-based access control model?



Options are :

  • D. It uses global rules applied to all users equally. (Correct)
  • B. It uses global rules applied to users individually.
  • A. It uses local rules applied to users individually.
  • C. It uses local rules applied to all users equally.

Answer : D. It uses global rules applied to all users equally.

Which of the following cannot be linked over a VPN?



Options are :

  • D. Two systems without an intermediary network connection (Correct)
  • C. A system connected to the internet and a LAN connected to the internet
  • B. Two systems on the same LAN
  • A. Two distant internet-connected LANs

Answer : D. Two systems without an intermediary network connection

Which of the following best describes an implicit deny principle?



Options are :

  • C. All actions must be expressly denied.
  • D. None of the above.
  • B. All actions that are not expressly allowed are denied. (Correct)
  • A. All actions that are not expressly denied are allowed.

Answer : B. All actions that are not expressly allowed are denied.

CISSP - Security and Risk Management Pratice Questions

What should be done with equipment that is at the end of its lifecycle and is being donated to a charity?



Options are :

  • A. Remove all CDs and DVDs.
  • C. Sanitize it. (Correct)
  • D. Install the original software.
  • B. Remove all software licenses.

Answer : C. Sanitize it.

Paul would like to test his application against slightly modified versions of previously used input. What type of test does Paul

intend to perform?



Options are :

  • A. Code review
  • C. Mutation fuzzing (Correct)
  • D. Generational fuzzing
  • B. Application vulnerability review

Answer : C. Mutation fuzzing

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions