Step into the world of CISSP certification preparation with this series of practice tests! Each article is packed with a diverse array of questions meticulously crafted to challenge your understanding of information security principles. Explore into topics ranging from risk management to network security as you sharpen your skills and get one step closer to achieving CISSP certification.
1. Which of the following is NOT a component of the CIA triad?
A. Confidentiality
B. Integrity
C. Availability
D. Privacy
Correct Answer: D
2. Which of the following is NOT a category of access control?
A. Physical
B. Administrative
C. Technical
D. Financial
Correct Answer: D
3. What is the primary goal of a security risk assessment?
A. To eliminate all risks
B. To reduce risks to an acceptable level
C. To identify all possible risks
D. To transfer all risks to a third party
Correct Answer: B
4. Which of the following is an example of symmetric key cryptography?
A. RSA
B. AES
C. ElGamal
D. Diffie-Hellman
Correct Answer: B
5. Which of the following is NOT a common Software Development Life Cycle (SDLC) model?
A. Waterfall
B. Agile
C. Spiral
D. Sequential
Correct Answer: D
6. What is the primary purpose of a firewall?
A. To prevent unauthorized access to a network
B. To detect and remove viruses from a network
C. To provide secure remote access to a network
D. To encrypt all network traffic
Correct Answer: A
7. Which of the following is NOT an example of a physical security control?
A. Security cameras
B. Biometric scanners
C. Firewalls
D. Fences
Correct Answer: C
8. Which of the following is NOT a type of encryption key?
A. Public key
B. Private key
C. Session key
D. Public-private key
Correct Answer: D
9. Which of the following is an example of security control that falls under the security operations domain?
A. Penetration testing
B. Security awareness training
C. Access control
D. Application security testing
Correct Answer: B
10. Which of the following is NOT a security incident response plan component?
A. Preparation
B. Detection
C. Mitigation
D. Penetration
Correct Answer: D
11. Which of the following is an example of technical security control?
A. Background checks
B. Security awareness training
C. Intrusion detection system
D. Facility access controls
Correct Answer: C
12. Which of the following is NOT an example of a common authentication factor?
A. Something you know
B. Something you have
C. Something you are
D. Something you want
Correct Answer: D
13. Which of the following is a security control that falls under the security assessment and testing domain?
A. Change management
B. Vulnerability scanning
C. Disaster recovery
D. Incident response
Correct Answer: B
14. Which of the following is NOT a common type of access control model?
A. Discretionary access control (DAC)
B. Mandatory access control (MAC)
C. Role-based access control (RBAC)
D. Access control list (ACL)
Correct Answer: D
15. Which of the following is a key consideration when designing a secure network architecture?
A. High availability
B. Low cost
C. Easy administration
D. High bandwidth
Correct Answer: A
16. What is the purpose of a security baseline?
A. To establish the minimum-security requirements for a system or application
B. To identify and prioritize security risks based on their potential impact
C. To monitor and report on security events and incidents
D. To test the effectiveness of security controls in a simulated attack environment
Correct Answer: A
17. Which of the following is NOT a common method of authentication?
A. Password
B. Certificate
C. Token
D. Proxy
Correct Answer: D
18. What is the primary goal of a security audit?
A. To identify and assess security risks
B. To monitor and report on security events and incidents
C. To test the effectiveness of security controls
D. To ensure compliance with security policies and standards
Correct Answer: D
19. Which of the following is a key principle of secure software development?
A. Agile development
B. Security by design
C. Minimum viable product
D. Continuous integration
Correct Answer: B
20. Which of the following is NOT a key component of an incident response plan?
A. Preparation
B. Detection and analysis
C. Containment, eradication, and recovery
D. Termination
Correct Answer: D
21. Which of the following are NOT examples of a non-repudiation control?
A. Digital signatures
B. Audit trails
C. Two-factor authentication
D. Passwords
Correct Answer: C
22. Which of the following is NOT an example of technical security control?
A. Firewalls
B. Biometric authentication
C. Background checks
D. Intrusion detection systems
Correct Answer: C
23. Which of the following is crucial when designing a secure network topology?
A. Network bandwidth
B. Network latency
C. Network availability
D. Network throughput
Correct Answer: C
24. Which of the following is a crucial principle of secure software development?
A. Continuous delivery
B. Code obfuscation
C. Defense in depth
D. Secure coding
Correct Answer: D
25. Which of the following is NOT a type of access control?
A. Identity verification
B. Authorization
C. Accountability
D. Authentication
Correct Answer: C
26. Which of the following is a crucial benefit of using cloud computing for security?
A. Increased control over data security
B. Improved physical security of data centers
C. Reduced risk of insider threats
D. Improved disaster recovery capabilities
Correct Answer: D
27. Which of the following is crucial when designing secure Mobile Device Management?
A. Protecting against insider threats
B. Providing high-bandwidth connectivity
C. Ensuring device compatibility with all apps
D. Enforcing data encryption and access control policies
Correct Answer: D
28. Which of the following is a key principle of secure password management?
A. Requiring password changes every 90 days
B. Using long, complex passwords
C. Storing passwords in a centralized database
D. Sharing passwords with trusted colleagues
Correct Answer: B
29. Which of the following is NOT a common type of access control model?
A. Role-based access control (RBAC)
B. Mandatory access control (MAC)
C. Discretionary access control (DAC)
D. Hierarchical access control (HAC)
Correct Answer: D
30. Which of the following is a key consideration when designing secure network segmentation?
A. Maximizing network throughput
B. Minimizing network latency
C. Isolating critical systems and resources
D. Providing open access to all users
Correct Answer: C
31. Which of the following is a primary consideration when designing secure virtualization environments?
A. Providing unrestricted access to virtual resources
B. Ensuring compatibility with all virtualization platforms
C. Securing virtual machine images and snapshots
D. Maximizing virtual machine density
Correct Answer: C
32. Which of the following is a critical principle of secure network design?
A. Maximizing network throughput
B. Minimizing network complexity
C. Providing unrestricted access to all network resources
D. Using open standards and protocols
Correct Answer: B
33. Which of the following is NOT a type of vulnerability?
A. Zero-day vulnerability
B. Privilege escalation vulnerability
C. Buffer overflow vulnerability
D. Social engineering vulnerability
Correct Answer: D
34. Which of the following is a crucial consideration when designing secure cloud architecture?
A. Maximizing control over cloud infrastructure
B. Using proprietary cloud technologies
C. Ensuring compliance with applicable regulations and standards
D. Avoiding the use of third-party cloud providers
Correct Answer: C
35. Which of the following is a key principle of secure application development?
A. Requiring all code to be written in-house
B. Using open source libraries and frameworks
C. Implementing secure coding practices
D. Focusing on functionality over security
Correct Answer: C
36. Which of the following is a primary consideration when implementing secure remote access?
A. Providing unrestricted access to all network resources
B. Using weak authentication mechanisms
C. Minimizing network segmentation and access controls
D. Enforcing strong encryption and access controls
Correct Answer: D
37. Which of the following is an essential principle of secure data classification?
A. Treating all data as sensitive and confidential
B. Using open data standards and formats
C. Applying consistent data classification criteria
D. Allowing data to be stored on any device or platform
Correct Answer: C
38. Which of the following is NOT a common type of encryption algorithm?
A. AES
B. RSA
C. SHA-256
D. HMAC
Correct Answer: D
39. Which of the following is a key principle of secure incident response?
A. Ignoring minor incidents to focus on major incidents
B. Minimizing response time to all incidents
C. Conducting thorough post-incident analysis and review
D. Assigning blame and punishing those responsible
Correct Answer: C
40. Which of the following is essential when implementing secure data storage?
A. Maximizing data availability
B. Using open data formats and standards
C. Securing data at rest and in transit
D. Storing all data on a single device or platform
Correct Answer: C
41. Which of the following is a key concept of risk management?
A. Avoid all risks
B. Accept all risks
C. Transfer all risks
D. Risk decisions should be based on the impact on the business
Correct Answer: D
42. What is the purpose of data classification?
A. To ensure data privacy
B. To ensure data integrity
C. To ensure data availability
D. To facilitate appropriate levels of protection based on value or sensitivity
Correct Answer: D
43. What is the primary purpose of a firewall in network security?
A. To facilitate network routing
B. To control network traffic based on predetermined security rules
C. To encrypt network traffic
D. To store network data
Correct Answer: B
44. Which of the following best describes “non-repudiation” in information security?
A. Ensuring that a party in a dispute cannot deny the authenticity of their signature
B. Ensuring that a party cannot deny receiving a message
C. Ensuring that a party cannot deny sending a message
D. All of the above
Correct Answer: D
45. What is the primary aspect of security in the Software Development Life Cycle?
A. Using a single programming language
B. Testing the software only at the end of the development
C. Integrating security throughout the life cycle, including design, development, and testing
D. Ignoring security during development and adding it later
Correct Answer: C
46. Which type of access control model uses labels and levels of protection to determine access?
A. Role-based access control (RBAC)
B. Discretionary access control (DAC)
C. Mandatory access control (MAC)
D. None of the above
Correct Answer: C
47. What is the primary goal of a business continuity plan (BCP)?
A. To provide a framework for building network infrastructure
B. To establish steps to take for immediate response to a security incident
C. To ensure the continuation of business processes during and after a disruption
D. To provide a framework for prosecuting hackers
Correct Answer: C
48. In the context of cryptography, what does “integrity” ensure?
A. That the data is accessible when needed
B. That the data has not been altered during transmission
C. That the data is kept confidential
D. That the sender of the data can be authenticated
Correct Answer: B
49. What is the primary purpose of penetration testing?
A. To gain unauthorized access to systems for malicious purposes
B. To evaluate the effectiveness of security controls
C. To troubleshoot network connectivity issues
D. To monitor network traffic in real time
Correct Answer: B
50. What is a key concept of identity and access management?
A. Granting every user full access to all systems
B. Granting users the minimum access necessary to perform their job function
C. Not revoking access rights when a user changes roles
D. Allowing shared accounts for convenience
Correct Answer: B
51. Which one of the following is NOT a part of the CIA triad in information security?
A. Confidentiality
B. Integrity
C. Availability
D. Authenticity
Correct Answer: D
52. What does the term “least privilege” mean in the context of information security?
A. Granting users only the permissions they need to perform their job functions
B. Giving all users the same level of access to information
C. Limiting access to information to the highest-ranking individuals in an organization
D. Granting all users full access to information but tracking their activities
Correct Answer: A
53. Which of the following best describes “phishing”?
A. A method of securing a network by blocking certain websites
B. An attack that involves sending deceptive emails to trick individuals into revealing sensitive information
C. A physical security measure used to protect sensitive information
D. A type of malware that replicates itself across a network
Correct Answer: B
You may also like:- 80 Most Important Network Fundamentals Questions With Answers
- 100 Most Important SOC Analyst Interview Questions
- Top 40 Cyber Security Questions and Answers
- Top 10 React JS Interview Theory Questions and Answers
- CISSP – Practice Test Questions – 2024 – Set 20 (53 Questions)
- Part 2: Exploring Deeper into CCNA – Wireless (145 Practice Test Questions)
- Part 1: Mastering CCNA – Wireless (145 Practice Test Questions)
- [1z0-1085-20] Oracle Cloud Infrastructure Foundations 2020 Associate MCQ Questions – Part 3
- [1z0-1085-20] Oracle Cloud Infrastructure Foundations 2020 Associate MCQ Questions – Part 2
- [1z0-1085-20] Oracle Cloud Infrastructure Foundations 2020 Associate MCQ Questions – Part 1
