CISSP – Practice Test Questions – 2024 – Set 13 (53 Questions)

Get ready to tackle the CISSP exam head-on with this dynamic series of practice tests. Each article is packed with challenging questions spanning all domains of information security, providing a rigorous yet rewarding preparation experience to help you achieve your certification goals.

1. When devising a schedule for security testing of a specific system, which of the following factors should be excluded from your considerations?

A. The sensitivity level of the data stored on the system
B. The complexity involved in executing the test
C. The inclination to experiment with novel testing tools
D. The system’s attractiveness as a target for attackers

Correct Answer: C

2. For whom is a security assessment report primarily intended?

A. Organizational management
B. The individual conducting the security audit
C. Security professionals within the organization
D. The organization’s customer base

Correct Answer: A

3. Which port number is customarily designated for establishing administrative connections via the Secure Shell (SSH) protocol?

A. 20
B. 22
C. 25
D. 80

Correct Answer: B

4. Among the listed testing methodologies, which one furnishes the most comprehensive and precise insights into a server’s security posture?

A. Unauthenticated scan
B. Port scan
C. Half-open scan
D. Authenticated scan

Correct Answer: D

5. Which variant of network discovery scan employs only the initial two steps of the TCP three-way handshake and does not complete the connection?

A. TCP connect scan
B. Xmas scan
C. TCP SYN scan
D. TCP ACK scan

Correct Answer: C

6. Which tool from the following options is most suitable for SQL injection vulnerability detection?

A. Port scanner
B. Network vulnerability scanner
C. Network discovery scanner
D. Web vulnerability scanner

Correct Answer: D

7. On a system operating an HTTP server without encryption, which port is generally left open to facilitate communication?

A. 22
B. 80
C. 143
D. 443

Correct Answer: B

8. Following a recent cyberattack that led to an extended service outage within your organization, you are tasked with inspecting systems for known vulnerabilities that could be exploited in future attacks. Which of the following options would be the most effective for identifying such vulnerabilities?

A. Versioning tracker
B. Vulnerability scanner
C. Security audit
D. Security review

Correct Answer: B

9. Among the listed processes, which one is most likely to provide a comprehensive inventory of all security risks present within a system?

A. Configuration management
B. Patch management
C. Hardware inventory
D. Vulnerability scan

Correct Answer: D

10. A newly appointed Chief Information Officer (CIO) discovers that the organization lacks a formal change management program and mandates its immediate implementation. What would be a primary objective of instituting such a program?

A. Ensuring the safety of personnel
B. Facilitating the rollback of changes
C. Ensuring that implemented changes do not compromise security
D. Auditing privileged access

Correct Answer: C

11. Among the following cloud service models, which affords an organization the highest degree of administrative control while also necessitating that the organization assume full responsibility for maintaining operating systems and applications?

A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. Public Cloud Service

Correct Answer: A

12. Among the following elements, which one is typically not a component of a comprehensive security assessment?

A. Conducting a vulnerability scan
B. Performing a risk assessment
C. Implementing vulnerability mitigation measures
D. Carrying out a threat assessment

Correct Answer: C

13. For whom is a security assessment report primarily intended?

A. Organizational management
B. The individual conducting the security audit
C. Security professionals within the organization
D. The organization’s customer base

Correct Answer: A

14. Which of the following steps is executed first?

A. Response
B. Mitigation
C. Remediation
D. Lessons learned

Correct Answer: A

15. Security administrators are in the process of reviewing the entire set of data collected through event logging. What is the most accurate term to describe this collection of data?

A. Identification
B. Audit trails
C. Authorization
D. Confidentiality

Correct Answer: B

16. Which network device is most likely to be connected to this mirrored port?

A. An intrusion prevention system (IPS)
B. An intrusion detection system (IDS)
C. A honeypot
D. A sandbox

Correct Answer: B

17. A network is equipped with a network-based intrusion detection system (NIDS). Security administrators later discover that an attack penetrated the network without triggering an alarm from the NIDS. What is this scenario best described as?

A. A false positive
B. A false negative
C. A Fraggle attack
D. A Smurf attack

Correct Answer: B

18. Among the following actions, which one is most likely to be indicative of a terrorist attack, as opposed to other forms of cyberattacks?

A. Tampering with sensitive trade secret documents
B. Disrupting communication capabilities in preparation for a physical attack
C. Exfiltrating unclassified information
D. Illicitly transferring funds to foreign countries

Correct Answer: B

19. Which of the following actions would not align with the primary objectives typically associated with a grudge attack?

A. Publicly disclosing embarrassing personal information
B. Deploying a virus on the target organization’s systems
C. Sending emails with inappropriate content from a spoofed address of the victim organization
D. Utilizing automated tools to scan for vulnerable ports on the organization’s systems

Correct Answer: D

20. What is the paramount rule to adhere to during the process of evidence collection in a cyber investigation?

A. Refrain from shutting down the computer until the screen is photographed
B. Document the names of all individuals present during the collection
C. Avoid altering the evidence during the collection process
D. Transport all collected equipment to a secure storage facility

Correct Answer: C

21. What category of evidence encompasses written documents presented in court to substantiate a particular fact?

A. Best evidence
B. Parol evidence
C. Documentary evidence
D. Testimonial evidence

Correct Answer: C

22. Among the following types of investigations, which one necessitates the highest standard of evidence for prosecution?

A. Administrative
B. Civil
C. Criminal
D. Regulatory

Correct Answer: C

23. What is the expected conduct for CISSP holders?

A. Act honestly, diligently, responsibly, and legally
B. Act honorably, honestly, justly, responsibly, and legally
C. Uphold the security policy and protect the organization
D. Act in a trustworthy, loyal, friendly, and courteous manner

Correct Answer: B

24. Which kind of identity platform would be most suitable for ensuring the continuous availability of authentication services?

A. On-site
B. Cloud based
C. Hybrid
D. Outsourced

Correct Answer: B

25. Which technology should you consider implementing to facilitate sharing identity information with a business partner?

A. Single Sign-On
B. Multifactor authentication
C. Federation
D. Identity as a Service (IDaaS)

Correct Answer: C

26. Which guiding principle mandates that an individual exerts every effort to fulfill their responsibilities accurately and within a reasonable time frame?

A. Least privilege
B. Separation of duties
C. Due care
D. Due diligence

Correct Answer: C

27. Which metric would provide crucial information regarding the maximum duration the organization can afford without a particular service before incurring irreparable damage?

A. Maximum tolerable downtime (MTD)
B. Annualized loss expectancy (ALE)
C. Recovery point objective (RPO)
D. Recovery time objective (RTO)

Correct Answer: A

28. Which of the following best describes the primary focus of the chain of custody in evidence handling?

A. Documenting the location of evidence
B. Taking photographs of the crime scene
C. Control of evidence to maintain its integrity for court presentation
D. Sealing off access to the area where a crime may have occurred

Correct Answer: C

29. Which of the following is NOT a type of evidence that might be considered during a computer security investigation?

A. Corroborative evidence
B. Hearsay evidence
C. Secondary evidence
D. Predictive evidence

Correct Answer: D

30. What is the primary difference between a virus and a worm in terms of malware?

A. A virus requires human interaction to trigger, while a worm can self-propagate.
B. A virus can self-propagate, while a worm requires human interaction to trigger.
C. Both virus and worm require human interaction to trigger.
D. Both virus and worm can self-propagate without human interaction.

Correct Answer: A

31. Which of the following is a key characteristic of a Trojan horse in the context of malware?

A. It can self-propagate and spread through a network.
B. It looks harmless or desirable but contains malicious code.
C. It changes aspects of itself, like file name or code structure, to evade detection.
D. It is a piece of malware that makes minimal changes over a long period to evade detection.

Correct Answer: B

32. In the context of backup strategies, what does the term “mirror backup” refer to?

A. A backup that is an exact copy of a dataset without any compression
B. A backup that includes only the changes since the last full backup
C. A backup that includes changes since the last incremental backup
D. A backup that changes its structure to evade detection

Correct Answer: A

33. Which of the following best describes the concept of “live evidence” in digital forensics?

A. Evidence that is stored on a hard drive
B. Evidence that is stored in places like RAM, cache, and buffers of a running system
C. Evidence that is taken from surveillance footage from security cameras
D. Evidence that is stored on backup tapes

Correct Answer: B

34. In the context of security operations, what does the term “Service-Level Agreements (SLAs)” primarily refer to?

A. Agreements that specify the minimum security standards to be maintained
B. Agreements that denote time frames against the performance of specific operations
C. Agreements that define the roles and responsibilities of security personnel
D. Agreements that outline the backup and recovery strategies

Correct Answer: B

35. Which of the following is NOT a step in the incident response process?

A. Detection
B. Encryption
C. Mitigation
D. Remediation

Correct Answer: B

36. What is the primary purpose of user and entity behavior analytics (UEBA)?

A. To monitor network traffic and block malicious IPs
B. To analyze and correlate log data from multiple sources
C. To monitor the behavior and patterns of users and entities
D. To provide threat intelligence and analysis of emerging threat trends

Correct Answer: C

37. Which of the following malware types is designed to make minimal changes over a long period to avoid detection?

A. Ransomware
B. Rootkit
C. Data diddler
D. Logic bomb

Correct Answer: C

38. In the context of malware, which type changes aspects of itself, like file name, file size, and code structure, to evade detection every time it replicates across a network?

A. Trojan
B. Rootkit
C. Polymorphic malware
D. Logic bomb

Correct Answer: C

39. Which of the following is NOT a type of evidence considered in computer security investigations?

A. Oral/written statements
B. Visual/audio evidence
C. Digital footprints
D. Hearsay evidence

Correct Answer: C

40. What is the primary goal of the incident response process?

A. To detect and prevent future attacks
B. To provide an effective and efficient response to reduce impact to the organization
C. To identify the attackers and prosecute them
D. To restore all compromised systems to their original state

Correct Answer: B

41. Which option is least likely to be employed to mitigate single points of failure?

A. RAID 0
B. RAID 1
C. Utilizing an alternative Internet connection through a distinct ISP
D. Employing a load-balanced server cluster

Correct Answer: A

42. In a black box penetration test, what level of knowledge is typically granted to the red team regarding the target infrastructure?

A. The specific targets and the duration of the test
B. Comprehensive details
C. No information
D. The enterprise’s IP subnet layout

Correct Answer: C

43. Which terminology pertains to the statistical evaluation of a system or device’s operational lifespan?

A. Maximum tolerable downtime (MTD)
B. Statistical deviation
C. Mean time to repair (MTTR)
D. Mean time between failures (MTBF)

Correct Answer: D

44. How is Hierarchical Storage Management (HSM) best characterized?

A. The organization of files and directories on a hard drive
B. The method of transporting tapes to off-site locations using armored vehicles and armed personnel
C. The process of transitioning files from high-cost, high-speed storage to more affordable, slower storage solutions
D. The technique of powering down disk drives to conserve energy, reduce heat, and extend disk lifespan when the stored files are not in use

Correct Answer: C

45. During which stage of a targeted assault would a sniffer tool most likely be initially employed?

A. Active reconnaissance
B. Passive reconnaissance
C. Pillaging
D. Fingerprinting

Correct Answer: B

46. What best defines the reason for collusion and the most effective countermeasure against it?

A. A comprehensive penetration testing contract
B. Implementing separation of duties and rotating job responsibilities
C. Addressing software vulnerabilities through consistent OS and application updates
D. Employing data redundancy and fault-tolerant technologies

Correct Answer: B

47. Upon Nicole’s transfer to a different department and role, why is it essential for an administrator to revoke her previous access rights?

A. To mitigate single points of failure
B. To prevent sequential access procedures
C. To reset the archive attribute
D. To counteract privilege accumulation

Correct Answer: D

48. Which statement best captures the essence of Hierarchical Storage Management (HSM)?

A. The structure in which files and directories are saved on a hard drive
B. The procedure of securely transporting tapes to off-site locations using armored vehicles and security personnel
C. The strategy of transitioning files from high-speed, high-cost storage to more economical, slower storage media
D. The practice of deactivating disk drives to conserve energy, diminish heat, and extend their lifespan when the stored files are not being accessed

Correct Answer: C

49. When analyzing a suspicious attachment by running it within a controlled virtual setting, how is this environment best described?

A. Honeypot
B. Hyperjacking
C. Sandbox
D. Decompiler

Correct Answer: C

50. Which of the following does not provide a security or operational justification for enforcing mandatory vacations?

A. The chance for the organization to review an employee’s work
B. Ensuring the employee is rejuvenated
C. Preventing a single individual from easily conducting clandestine activities
D. Making employees aware that unauthorized actions might be detected

Correct Answer: B

51. What kind of security measure is represented by an audit trail?

A. Application
B. Administrative
C. Preventative
D. Detective

Correct Answer: D

52. Which option does not represent an advantage of RAID (Redundant Array of Independent Disks)?

A. Enhanced storage capacity
B. Prolonged recovery time
C. Performance enhancements
D. Fault resilience

Correct Answer: B

53. Which concept is closely associated with the principle of separation of duties?

A. Dual controls
B. Principle of least privilege
C. Job rotation
D. Principle of privilege

Correct Answer: A

You may also like: