CISSP – Practice Test Questions – 2024 – Set 10 (53 Questions)

CISSP Part 10

Gear up for CISSP exam success with this series of practice tests designed to challenge and motivate. Whether you’re tackling questions on security and privacy considerations or exploring the nuances of enterprise security architecture, each article provides a valuable opportunity to test your knowledge and skills.

1. Which of the following is a potential risk relating to Identity as a Service (IDaaS)?

A. Availability of the service
B. Protection of critical identity data
C. Entrusting a third party with sensitive or proprietary data
D. All of the above

Correct Answer: D

2. What is the purpose of the CAPTCHA security measure?

A. To prevent automated account creation, spam, and brute- force password decryption attacks
B. To encrypt data in transit
C. To provide a firewall for network security
D. To authenticate users

Correct Answer: A

3. What does the term “Just-in-Time Access” refer to in the context of access control?

A. The process of granting access to systems and data to a new employee
B. The elevation of user privileges for a short period to complete necessary but infrequent tasks
C. The process of terminating access when an employee leaves the organization
D. The process of reviewing a user’s access to assets and systems

Correct Answer: B

4. What does the term “deprovisioning” refer to in the context of the identity life cycle?

A. The process of granting access to systems and data to a new employee
B. The process of confirming or establishing that somebody is who they claim to be
C. The process of terminating access when an employee leaves the organization
D. The process of reviewing a user’s access to assets and systems

Correct Answer: C

5. What is the primary purpose of the OAuth protocol in Federated Identity Management (FIM)?

A. To provide a secure communication channel
B. To provide encryption for data in transit
C. To allow third-party services to access user data without needing to know the user’s credentials
D. To provide a firewall for network security

Correct Answer: C

6. What is the main advantage of using a Single Sign-On (SSO) system?

A. It reduces the number of passwords a user has to remember.
B. It increases the complexity of the authentication process.
C. It reduces the need for encryption.
D. It increases the need for firewalls.

Correct Answer: A

7. What is the purpose of the “need-to-know” principle in access control?

A. To ensure that users have access to all the information they might need
B. To ensure that users only have access to the information they need to perform their job functions
C. To ensure that users know how to use the systems and data they have access to
D. To ensure that users know the consequences of misusing their access rights

Correct Answer: B

8. What does the term “federation” refer to in the context of Federated Identity Management (FIM)?

A. The process of confirming or establishing that somebody is who they claim to be
B. The process of granting access to systems and data to a new employee
C. The process of allowing different organizations to share and manage identity information
D. The process of terminating access when an employee leaves the organization

Correct Answer: C

9. What is the primary purpose of the OpenID Connect protocol in Federated Identity Management (FIM)?

A. To provide a secure communication channel
B. To provide encryption for data in transit
C. To allow third-party services to access user data without needing to know the user’s credentials
D. To provide a simple identity layer on top of the OAuth 2.0 protocol

Correct Answer: D

10. What is the main disadvantage of using a Single Sign-On (SSO) system?

A. It increases the number of passwords a user has to remember.
B. If the SSO system is compromised, all services that use it are potentially at risk.
C. It reduces the need for encryption.
D. It increases the need for firewalls.

Correct Answer: B

11. What is the purpose of the “separation of duties” principle in access control?

A. To ensure that users have access to all the information they might need
B. To ensure that users only have access to the information they need to perform their job functions
C. To prevent any single individual from being able to complete a significant process or transaction on their own
D. To ensure that users know the consequences of misusing their access rights

Correct Answer: C

12. What does the term “authentication” refer to in the context of Access Control Services?

A. The process of confirming or establishing that somebody is who they claim to be
B. The process of granting access to systems and data to a new employee
C. The process of allowing different organizations to share and manage identity information
D. The process of terminating access when an employee leaves the organization

Correct Answer: A

13. What does the term “accountability” refer to in the context of Access Control Services?

A. The process of confirming or establishing that somebody is who they claim to be
B. The process of granting access to systems and data to a new employee
C. The process of allowing different organizations to share and manage identity information
D. The ability to link actions to a specific user and hold them responsible for their actions

Correct Answer: D

14. What does the term “authorization” refer to in the context of Access Control Services?

A. The process of confirming or establishing that somebody is who they claim to be
B. The process of determining what actions a user is allowed to perform
C. The process of allowing different organizations to share and manage identity information
D. The process of terminating access when an employee leaves the organization

Correct Answer: B

15. Which control offers the best defense against a rainbow table attack?

A. Strong encryption
B. Shadow file
C. Hashing
D. Salting

Correct Answer: D

16. In the Kerberos authentication protocol, which component is tasked with issuing the Ticket Granting Ticket?

A. Client
B. Authentication Server
C. Ticket Granting Server
D. Service Server

Correct Answer: B

17. What access control method is employed by the Windows NTFS file system in its standard configuration?

A. Rule-based AC
B. Role-based AC
C. MAC (mandatory access control)
D. DAC (discretionary access control)

Correct Answer: D

18. Bouke and his supervisor must confirm a request to delete user data at their Internet service provider. What access control mechanism is being utilized?

A. Separation of duties
B. Least privilege
C. Two-person control
D. Security through obscurity

Correct Answer: C

19. What access control flaw is most likely to occur in an organization where employees are frequently reassigned to new roles?

A. False negative
B. Man in the middle
C. Privilege creep
D. False positive

Correct Answer: C

20. Which metric for an access control system is least likely to be manipulated by an administrator?

A. Crossover error rate
B. False rejection rate
C. False positive rate
D. False acceptance rate

Correct Answer: A

21. In a public key infrastructure (PKI) system, what does a user send to someone else to securely provide the encryption key needed for encrypted communication?

A. Private key
B. Digital certificate
C. Public key
D. Digital signature

Correct Answer: C

22. Which combination of controls exemplifies multifactor authentication?

A. Token and access card
B. Access card and PIN
C. Eye scan and fingerprint reader
D. Password and PIN

Correct Answer: B

23. What is the correct definition of authentication?

A. The declaration of a unique identity for an individual or system
B. The procedure for confirming a user’s Identity
C. The process of outlining the specific resources a user requires and determining their access level
D. The management’s assertion that the user should have access to a system

Correct Answer: B

24. The acronym IAAA represents the four stages of access control. Which option correctly defines and orders the IAAA terms?

A. Integrity, authorization, auditing, and accounting
B. Identity, authentication, authorization, and auditing
C. Integrity, authorization, authentication, and auditing
D. Identity, accounting, authorization, and auditing

Correct Answer: B

25. What action should be taken when an employee moves to a different position within an organization?

A. They must undergo a new security review.
B. Their old system IDs must be disabled.
C. All access permissions should be reviewed.
D. They must surrender all access devices.

Correct Answer: C

26. In a mandatory access control (MAC) system, what guides the assignment of data classifications?

A. Analysis of the users in conjunction with the audit department
B. Assessment by the information security department
C. User’s evaluation of a particular information element
D. Organization’s published security policy for data classification

Correct Answer: D

27. Which security principle is at play in an access control system that grants users only the rights necessary to perform their work?

A. Discretionary access
B. Least privilege
C. Mandatory access
D. Separation of duties

Correct Answer: B

28. The “state machine model” requires a system to be protected in all states, including startup, function, and shutdown. What security concept exemplifies this method of response?

A. Open design
B. Closed design
C. Trusted recovery
D. Least privilege

Correct Answer: C

29. The Heartbleed virus exposed vulnerabilities in OpenSSL. Many believe that open design provides greater security than closed design. What consideration is typically required for open design to enhance security?

A. Peer review
B. Security through obscurity
C. Complexity of design
D. Trusted hierarchy

Correct Answer: A

30. A key recovery agent may be used to mitigate the risk of losing a private key. However, this increases non-repudiation risk. What principle can be implemented to reduce this risk?

A. Segregation of duties
B. Principle of least privilege
C. Dual control
D. Need to know

Correct Answer: C

31. During which phase of business continuity planning (BCP) development must senior management commit to support, fund, and assist in creating the BCP?

A. Project initiation
B. Planning
C. Implementation
D. Development

Correct Answer: A

32. While training can reduce social engineering attacks, it doesn’t eliminate the risk. What administrative policy is most likely to help mitigate this risk?

A. Formal onboarding policies
B. Job rotation
C. Formal off-boarding policies
D. Segregation of duties

Correct Answer: D

33. The trust in a system reflects the trust in specific components. What are these components collectively called?

A. Ring 1 elements
B. Trusted computing base
C. Operating system kernel
D. Firmware

Correct Answer: B

34. During access authorization, the conceptual ruleset is known as the __________, and the enforcement mechanism is referred to as the __________.

A. Access control list, reference monitor
B. Security enforcer, access control list
C. Reference monitor, security kernel
D. Security kernel, reference monitor

Correct Answer: A

35. Why is the alignment of security controls with business objectives important?

A. There is always a trade-off for security, so an organization has to weigh the cost vs. benefits.
B. Security is cheap and easily implemented compared to potential loss.
C. Security must be implemented as much as possible.
D. Security is too costly for small organizations.

Correct Answer: B

36. When evaluating a system’s security categorization based on the potential impact of unauthorized disclosure (high), integrity breach (medium), and temporary unavailability (low), what is the overall categorization?

A. High
B. Medium
C. Low
D. Medium-high

Correct Answer: A

37. While evaluating a system, trust and assurance are included in the scope. What best describes these two elements?

A. Trust describes security; assurance describes performance.
B. Assurance describes security; trust describes performance.
C. Trust describes product function; assurance describes process reliability.
D. Assurance describes product function; trust describes process reliability.

Correct Answer: C

38. Which modern encryption technology is based on the ideas implemented in the Vernam Cipher, created in 1918?

A. Asymmetric cryptography
B. Digital signatures
C. Handshake process used by IPSec
D. Session keys

Correct Answer: D

39. The Germans added a fourth rotor to the Enigma machine during World War II to increase the complexity of breaking the code. What modern relationship reflects this concept?

A. AES and Kerberos
B. DES/3DES
C. RSA and DSA
D. RSA and DES

Correct Answer: B

40. Which security service would have indicated the spoofing if a user receives a spoofed email?

A. Privacy
B. Authorization
C. Integrity
D. Non-repudiation

Correct Answer: D

41. How is non-repudiation achieved when using a combination of hashing and an asymmetric algorithm?

A. Encrypt the document with the sender’s private key, then hash the document
B. Encrypt the document with the sender’s public key, then hash the document
C. Hash the document and then encrypt the hash with the sender’s private key
D. Hash the document, then encrypt the hash with the receiver’s public key

Correct Answer: C

42. What provides the secrecy in a hashing algorithm?

A. A public key
B. A private key
C. One-way math
D. A digital signature

Correct Answer: C

43. What is a birthday attack?

A. An attack on passwords based on users choosing weak passwords such as birthdays
B. A logic bomb that triggers on the attacker’s birthday
C. An attack that attempts to find collisions in separate messages
D. An attack that focuses on personnel databases to compromise personal information

Correct Answer: C

44. If a network communication issue is caused by a Layer 1 problem, what is the most likely cause?

A. Cable
B. Router
C. Switch
D. Network Interface Card (NIC)

Correct Answer: A

45. In an Ethernet environment using CSMA/CD (Carrier Sense Multiple Access with Collision Detection), what does CSMA/CD imply?

A. Ethernet environments avoid collisions by detecting their likelihood before transmitting.
B. Ethernet environments only allow an individual host to access the cable at any given time and are capable of detecting collisions as they happen.
C. Even though Ethernet traffic is prone to collisions, a hub can all but eliminate them.
D. Though multiple systems can access the media simultaneously, the result will be a collision, which should be immediately detected.

Correct Answer: D

46. Which technique would be most appropriate if an enterprise wants to ensure that the cloud service provider can automatically provision and deprovision resources to match current demand?

A. Scalability
B. Elasticity
C. Availability
D. Reliability

Correct Answer: B

47. What is the primary purpose of Identity and Access Management (IAM)?

A. To ensure data integrity
B. To control the way assets are accessed
C. To ensure data availability
D. To ensure data confidentiality

Correct Answer: B

48. Which of the following is NOT a fundamental access control principle?

A. Need to know
B. Least privilege
C. Separation of duties
D. Maximum privilege

Correct Answer: D

49. What does the acronym SAML stand for in the context of Federated Identity Management (FIM)?

A. Security Assertion Markup Language
B. Secure Access Management Language
C. System Authentication Markup Language
D. Secure Authorization Markup Language

Correct Answer: A

50. What is the primary preventive measure for session hijacking?

A. Frequent password changes
B. Use of firewalls
C. Frequent reauthentication
D. Use of antivirus software

Correct Answer: C

51. Which of the following is NOT a component of Access Control Services?

A. Identification
B. Authentication
C. Authorization
D. Encryption

Correct Answer: D

52. What does the term “provisioning” refer to in the context of the identity life cycle?

A. The process of confirming or establishing that somebody is who they claim to be
B. The process of granting access to systems and data to a new employee or when an employee changes roles
C. The process of terminating access when an employee leaves the organization
D. The process of reviewing a user’s access to assets and systems

Correct Answer: B

53. What is the primary function of the Security Assertion Markup Language (SAML) in Federated Identity Management (FIM)?

A. To provide encryption for data in transit
B. To provide authentication and authorization
C. To provide a secure communication channel
D. To provide a firewall for network security

Correct Answer: B

You may also like:

Related Posts

Leave a Reply