Free ISC2 CISSP Exam Dumps and CISSP Exam Questions

Question No: 1

MultipleChoice

What component of a web application that stores the session state in a cookie can be bypassed by an attacker?

Options

AAn initialization check

BAn identification check

CAn authentication check

DAn authorization check

Question No: 2

MultipleChoice

When implementing a secure wireless network, which of the following supports authentication and authorization for individual client endpoints?

Options

ATemporal Key Integrity Protocol (TKIP)

BWi-Fi Protected Access (WPA) Pre-Shared Key (PSK)

CWi-Fi Protected Access 2 (WPA2) Enterprise

DCounter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Question No: 3

MultipleChoice

What a patch management program?

Options

APerform automatic deployment of patches.

BMonitor for vulnerabilities and threats.

CPrioritize vulnerability remediation.

DCreate a system inventory.

Question No: 4

MultipleChoice

Which would result in the GREATEST import following a breach to a cloud environmet?

Options

AThe hypervisor host Is poorly seared

BThe same Logical Unit Number (LLN) is used for ail VMs

CInsufficient network segregation

DInsufficient hardening of Virtual Machines (VM)

Question No: 5

MultipleChoice

Which of the following in the BEST way to reduce the impect of an externlly sourced flood attack?

Options

AStock the source address at the firewall.

BHave this service provide block the source address.

CBlock all inbound traffic until the flood ends.

DHave the source service provider block the address

Question No: 6

MultipleChoice

Why should Open Wab Application Secuirty Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any wab application?

Options

AASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats.

BOpportunistic attackers will look for any easily exploitable vulnerable applications.

CMost regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications.

DSecuring applications at ASVS Level 1 provides adequate protection for sensitive data.

Question No: 7

MultipleChoice

Which of the following is a strategy of grouping requirements in developing a security test and Evolution (ST&E)?

Options

AStandards, policies, and procedures

BManagement, operational, and technical

CDocumentation, observation, and manual

DTactical, strategic, and financial

Question No: 8

MultipleChoice

The adoption of an enterprise-wide business continuilty program requires Which of the folllowing?

Options

AGood communication throughout the organization

BFormation of Disaster Recovery (DP) project team

CA completed Business Impact Analysis (BIA)

DWell-documented information asset classification

Question No: 9

MultipleChoice

When conduting a security assessment of access controls , Which activity is port of the data analysis phase?

Options

ACollect logs and reports.

BPresent solutions to address audit exceptions.

CCategorize and Identify evidence gathered during the audit

DConduct statiscal sampling of data transactions.

Question No: 10

MultipleChoice

The core component of Role Based Access control (RBAC) must be constructed of defined data elements, Which elements are requried?

Options

AUsers, permissions, operators, and protected objects

BUsers, rotes, operations, and protected objects

CRoles, accounts, permissions, and protected objects

DRoles, operations, accounts, and protected objects