Prepare for CISSP exam success with this series of practice tests designed to cover all aspects of information security. Dive deep into topics such as security assessment and testing, software development security, and communication and network security as you hone your skills and expertise.
1. Which principle suggests that a criminal always leaves behind evidence while also taking something from the crime scene?
A. Meyer’s principle of legal non-liability
B. Principles of criminalistics
C. IOCE/Group of 8 Nations principles for computer forensics
D. Locard’s exchange principle
Correct Answer: D
2. Which combination correctly represents the essential rules of evidence?
A. Be genuine, be duplicated, and be permissible in court.
B. Be exhaustive, be genuine, and be permissible in court.
C. Be exhaustive, be duplicated, and be genuine.
D. Be duplicated, be permissible in court, and be exhaustive.
Correct Answer: B
3. Which of the following is not typically considered a stage in the incident response process?
A. Recordkeeping
B. Legal action
C. Isolation
D. Examination
Correct Answer: B
4. Which legal system primarily focuses on theoretical legal concepts and is influenced by academic writings and scholars?
A. Criminal law
B. Civil law
C. Theocratic law
D. Regulatory law
Correct Answer: B
5. Which form of intellectual property protection covers the representation of ideas, rather than the ideas themselves?
A. Brand mark
B. Invention protection
C. Literary and artistic works protection
D. Business confidential information
Correct Answer: C
6. Which intellectual property right safeguards the reputation and brand recognition a business establishes for its products?
A. Brand mark
B. Invention protection
C. Literary and artistic works protection
D. Business confidential information
Correct Answer: A
7. Which combinations represent recognized guidelines in the field of computer forensics?
A. IOCE, Method of Operation (MOM), and SWGDE
B. Method of Operation (MOM), SWGDE, and IOCE
C. IOCE, SWGDE, and ACPO
D. ACPO, Method of Operation (MOM), and IOCE
Correct Answer: C
8. Which of the following options lists types of software licenses?
A. No-cost software, open source, and paid software
B. Paid software, educational, and open source
C. Educational, no-cost software, and open source
D. No-cost software, paid software, and educational
Correct Answer: A
9. Which term best describes the rights and responsibilities related to the handling of personal data?
A. Personal rights
B. Confidentiality
C. Data accessibility
D. Data trustworthiness
Correct Answer: A
10. Which of the following best describes the initial stages of responding to an incident?
A. Gathering, moving, testifying
B. Tracing, replying, returning
C. Spotting, recognizing, alerting
D. Securing, ensuring, providing
Correct Answer: C
11. How can the authenticity of a forensic digital copy be verified?
A. By comparing digital signatures with the original
B. Through meticulous recordkeeping
C. By photographing the process
D. Using cryptographic keys
Correct Answer: A
12. Regarding digital evidence, the crime scene should
A. Remain untouched
B. Be able to be duplicated in court
C. Be located in a single jurisdiction
D. Have minimal interference
Correct Answer: D
13. When IT systems are outsourced
A. All legal and compliance responsibilities are transferred to the service provider.
B. The outsourcing organization no longer has compliance responsibilities.
C. The outsourced IT systems are exempt from compliance responsibilities.
D. The service provider is exempt from compliance responsibilities.
Correct Answer: A
14. How does the ISC2 Code of Ethics address conflicts between its principles?
A. It states that conflicts between principles are impossible.
B. It resolves them through a formal adjudication process.
C. It uses the order in which the principles are listed.
D. It refers all conflicts to its board of directors for resolution.
Correct Answer: C
15. To ensure proper forensic procedures are followed when needed, an incident response program should
A. Ensure the organization’s legal team is not involved
B. Regularly create digital copies of all computers
C. Only escalate closed incidents to law enforcement
D. Approach every incident as if it might lead to legal action
Correct Answer: D
16. If a hard drive is recovered from a submerged vehicle and is needed for a court case, what is the best method to retrieve data from the drive?
A. Let the drive dry, install it in a computer, and use standard commands to access the data.
B. Dry the drive in a forensic oven, use a degausser to remove humidity, then access the data using a laptop.
C. Make a forensic copy of the drive while it’s still wet.
D. Contact a professional data recovery service, explain the situation, and ask them to create a forensic image.
Correct Answer: D
17. Among the listed cloud service models, which one grants an organization the highest degree of administrative control while also necessitating that the organization undertake comprehensive maintenance responsibilities for both the operating systems and applications?
A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. Public Cloud Service
Correct Answer: A
18. Which of the following is the most secure method for storing log files?
A. On the same server as the application
B. On a dedicated logging server
C. On removable media
D. In a public cloud storage service
Correct Answer: B
19. Which of the following IDS types is best suited for detecting zero-day attacks?
A. Signature-based IDS
B. Anomaly-based IDS
C. Stateful protocol analysis IDS
D. Heuristic-based IDS
Correct Answer: B
20. Which phase of the Software Development Life Cycle (SDLC) emphasizes the importance of risk analysis and threat modeling?
A. Deployment
B. Maintenance
C. Early phases
D. Decommissioning
Correct Answer: C
21. Which development methodology does not allow revisiting a previous phase?
A. Agile
B. Spiral Method
C. Waterfall
D. Cleanroom
Correct Answer: C
22. What does DevOps ideally incorporate to make security an integral part of the development process?
A. DevSecOps
B. DevTestOps
C. DevNetOps
D. DevSysOps
Correct Answer: A
23. Which maturity model is described as “the prime maturity model for software assurance” by OWASP?
A. Capability Maturity Model (CMM)
B. Software Assurance Maturity Model (SAMM)
C. Development Maturity Model (DMM)
D. Application Maturity Model (AMM)
Correct Answer: B
24. Which type of testing focuses on quick preliminary testing after a change to identify any simple failures of the most important existing functionality?
A. Regression testing
B. Canary testing
C. Smoke testing
D. Black box testing
Correct Answer: C
25. Which of the following refers to a storage location for software and application source code?
A. Integrated Development Environment (IDE)
B. Code repository
C. Software Development Kit (SDK)
D. Application Programming Interface (API)
Correct Answer: B
26. What does the term “polyinstantiation” refer to in the context of software development?
A. Code that can vary based on requirements
B. Instantiating into multiple separate or independent instances
C. Code that can be placed inside another
D. Code that can inherit characteristics of previously created objects
Correct Answer: B
27. Which of the following is a common software vulnerability arising from the use of insecure coding practices?
A. Buffer overflow
B. Code encapsulation
C. Code inheritance
D. Code polymorphism
Correct Answer: A
28. Which of the following APIs is XML based?
A. Representational State Transfer (REST)
B. Simple Object Access Protocol (SOAP)
C. Code Repository API
D. Integrated Development Environment (IDE) API
Correct Answer: B
29. In the context of software development, what does the term “encapsulation” refer to?
A. The ability of an object to inherit characteristics of other objects
B. Code that can vary based on requirements
C. The idea that an object can be placed inside another, protecting it by wrapping it in other objects
D. Hiding or obscuring code to protect it from unauthorized viewing
Correct Answer: C
30. Which of the following best describes “code obfuscation”?
A. The process of making code more efficient
B. The practice of writing code in multiple programming languages
C. Intentionally creating source code that is difficult for humans to understand
D. The process of documenting code for better readability
Correct Answer: C
31. Which software development approach is risk-driven and follows an iterative model while also including waterfall elements?
A. Agile
B. Spiral Method
C. Waterfall
D. Cleanroom
Correct Answer: B
32. What is the primary purpose of “software configuration management (SCM)” in the software development process?
A. To accelerate the development process
B. To manage changes in software
C. To integrate security into the development process
D. To facilitate communication between development teams
Correct Answer: B
33. Which of the following is NOT a characteristic of a Relational Database Management System (RDBMS)?
A. Allows objects and data to be stored and linked together.
B. Data is stored in two-dimensional tables composed of rows and columns.
C. Data is stored hierarchically with parent-child relationships.
D. Information can be related to other information, driving inference and deeper understanding.
Correct Answer: C
34. Which of the following best describes the term “metadata”?
A. Data that is encrypted for security purposes
B. Data that offers insights into other data
C. Data that is stored in a relational database
D. Data that is used for backup purposes
Correct Answer: B
35. What does the term “ACID” stand for in the context of an RDBMS environment?
A. Atomicity, Clarity, Isolation, Durability
B. Accuracy, Consistency, Integrity, Durability
C. Atomicity, Consistency, Isolation, Durability
D. Accuracy, Clarity, Integrity, Durability
Correct Answer: C
36. Which of the following is a primary concern when citizen developers write code?
A. They often produce highly optimized code.
B. They typically follow best practices for secure coding.
C. They often have access to powerful programming tools but may lack secure coding practices.
D. They always rely on open source software.
Correct Answer: C
37. Which of the following APIs provides a way for applications to communicate using HTTP?
A. Representational State Transfer (REST)
B. Simple Object Access Protocol (SOAP)
C. Code Repository API
D. Integrated Development Environment (IDE) API
Correct Answer: A
38. In software development, what does “coupling” refer to?
A. The level of relatedness between units of a codebase
B. The process of making code more efficient
C. The practice of writing code in multiple programming languages
D. The process of documenting code for better readability
Correct Answer: A
39. In the context of software development, what does “cohesion” refer to?
A. The level of relatedness between different units of a codebase
B. The level of relatedness between the code that makes up a unit of code
C. The process of making code more efficient
D. The practice of writing code in multiple programming languages
Correct Answer: B
40. Which of the following best describes “sandboxing” in software development?
A. A method to test new code in isolation
B. The process of documenting code for better readability
C. A technique to optimize code performance
D. The practice of writing code in a collaborative environment
Correct Answer: A
41. What is the primary purpose of “code signing” in the software development process?
A. To optimize the performance of the code
B. To verify the authenticity and integrity of the code
C. To document the changes made in the code
D. To make the code more readable
Correct Answer: B
42. Which of the following is NOT a characteristic of “object-oriented programming (OOP)”?
A. Polymorphism
B. Encapsulation
C. Cohesion
D. Inheritance
Correct Answer: C
43. Which of the following best describes “race conditions” in software development?
A. Conditions where two or more threads access shared data simultaneously
B. Conditions where the software runs faster than expected
C. Conditions where the software is tested for speed and performance
D. Conditions where the software is developed in a competitive environment
Correct Answer: A
44. What is the primary concern of “secure coding practices”?
A. To accelerate the development process
B. To ensure the code is optimized for performance
C. To ensure the software is free from vulnerabilities
D. To make the code more readable and maintainable
Correct Answer: C
45. In the context of databases, what does “normalization” refer to?
A. The process of optimizing database performance
B. The process of ensuring data integrity and reducing data redundancy
C. The process of backing up the database regularly
D. The process of encrypting the database for security purposes
Correct Answer: B
46. Which of the following is a common method to prevent SQL injection attacks?
A. Using regular expressions to validate input
B. Encrypting the database
C. Using parameterized queries
D. Increasing the database’s storage capacity
Correct Answer: C
47. What is the primary purpose of “version control” in the software development process?
A. To optimize the performance of the software
B. To ensure the software is free from vulnerabilities
C. To track and manage changes to the codebase
D. To make the code more readable
Correct Answer: C
48. Which of the following best describes “fuzz testing” in software development?
A. Testing the software’s user interface for usability
B. Testing the software by providing random and unexpected inputs
C. Testing the software for speed and performance
D. Testing the software in a real-world environment
Correct Answer: B
49. Which of the following best describes the “principle of least privilege” in software development?
A. Granting users only the permissions they need to perform their tasks
B. Encrypting sensitive data to prevent unauthorized access
C. Ensuring that software is updated regularly
D. Making the codebase open source for transparency
Correct Answer: A
50. What is the primary goal of “threat modeling” in the software development process?
A. To identify potential threats and vulnerabilities in the software
B. To optimize the performance of the software
C. To document the software development process
D. To ensure code readability and maintainability
Correct Answer: A
51. Which of the following is NOT a type of software testing?
A. Canary testing
B. Waterfall testing
C. Regression testing
D. Penetration testing
Correct Answer: B
52. In the context of software development, what does “refactoring” refer to?
A. Adding new features to the software
B. Testing the software for vulnerabilities
C. Rewriting certain parts of the code to improve its structure without changing its functionality
D. Changing the user interface of the software
Correct Answer: C
53. Which of the following best describes “static code analysis”?
A. Analyzing the software’s performance during runtime
B. Reviewing the codebase without executing the program
C. Testing the software in a production environment
D. Analyzing user feedback about the software
Correct Answer: B
You may also like:- Top 30 Linux Questions (MCQs) with Answers and Explanations
- 75 Important Cybersecurity Questions (MCQs with Answers)
- 260 One-Liner Information Security Questions and Answers for Fast Learning
- Top 20 HTML5 Interview Questions with Answers
- 80 Most Important Network Fundamentals Questions With Answers
- 100 Most Important SOC Analyst Interview Questions
- Top 40 Cyber Security Questions and Answers
- Top 10 React JS Interview Theory Questions and Answers
- CISSP – Practice Test Questions – 2024 – Set 20 (53 Questions)
- Part 2: Exploring Deeper into CCNA – Wireless (145 Practice Test Questions)