CISSP – Practice Test Questions – 2024 – Set 4 (53 Questions)

Prepare to conquer the CISSP exam with this collection of practice tests spanning various domains of information security. Test your proficiency in communication and network security, assess your risk management skills, and fine-tune your security operations knowledge as you progress through each article in this series.

1. As a security manager, you are tasked with investigating a recent breach into the corporate network. Under what control category does this fall?

A. Retroactive control
B. Investigatory control
C. Preventative control
D. Detective control

Correct Answer: D

2. An enterprise operates in a hybrid cloud environment, employing on-site and cloud-based systems. It has adequate on-site monitoring but needs to impose security policies on user activities and report exceptions in its increasing number of cloud services. What kind of tool would be most suitable for this requirement?

A. A Next-Generation Firewall (NGFW)
B. A Cloud Access Security Broker (CASB)
C. An Intrusion Detection System (IDS)
D. A Security Orchestration, Automation, and Response (SOAR) tool

Correct Answer: B

3. In data handling, when media is tagged based on the classification of the data it houses, what principle is generally enforced about labels?

A. The data is marked according to its integrity requisites.
B. The media is tagged based on the highest classification tier of the data it accommodates.
C. The media is tagged with all tiers of classification of the data it accommodates.
D. The media is tagged with the lowest tier of classification of the data it accommodates.

Correct Answer: B

4. Among the following administrative processes, which one aids organizations in allocating suitable security control levels to sensitive data?

A. Data categorization
B. Remanence
C. Data transmission
D. Clearing

Correct Answer: A

5. What term refers to the kind of information kept about an individual that can be utilized to distinguish or trace their identity?

A. Personally Identifiable Information (PII)
B. Personal Health Information (PHI)
C. Social Security Number (SSN)
D. Secure Identity Information (SII)

Correct Answer: A

6. Among the following information security risks to data at rest, which one would inflict the most substantial reputational damage to an organization?

A. Incorrect classification
B. Data breach
C. Decryption
D. A deliberate insider threat

Correct Answer: B

7. Tools like Microsoft’s BitLocker, which employs full disk encryption, are utilized to protect data in what state?

A. Data in transit
B. Data at rest
C. Unlabeled data
D. Labeled data

Correct Answer: B

8. An employer issues mobile phones to its staff for work purposes and renews the devices every two years. How would you describe this practice if the phones are still operational and receiving system updates?

A. End of Life (EOL)
B. Planned obsolescence
C. End of Support (EOS)
D. Device risk management

Correct Answer: B

9. What is the primary objective of data classification?

A. It quantifies the cost of a data breach.
B. It prioritizes IT expenditures.
C. It enables compliance with breach notification laws.
D. It identifies the value of the data to the organization.

Correct Answer: D

10. What action is required to protect information and assets?

A. Risk assessment
B. Data categorization
C. Asset identification
D. Asset and information classification

Correct Answer: D

11. What term refers to organizing data based on its sensitivity and the impact on the business if compromised?

A. Data processing
B. Data classification
C. Data optimization
D. Data indexing

Correct Answer: B

12. What term refers to the process of identifying and categorizing an organization’s resources?

A. Resource classification
B. Asset classification
C. Asset allocation
D. Resource allocation

Correct Answer: B

13. What process involves setting the rules for how to deal with and manage information and assets within an organization?

A. Establishing data retrieval protocol
B. Setting information and asset handling guidelines
C. Creating data backup plan
D. Setting asset management policy

Correct Answer: B

14. What process involves the secure allocation of resources, assigning ownership, and managing inventory of tangible and intangible assets?

A. Asset management and secure provisioning
B. Information security audit
C. Network monitoring
D. Data backup and restoration

Correct Answer: A

15. What role in data management is responsible for the safe custody, transport, and storage of the data?

A. Data controller
B. Data processor
C. Data owner
D. Data custodian

Correct Answer: D

16. Which term refers to the residual representation of data that remains even after attempts have been made to remove or erase the data?

A. Data retention
B. Data remanence
C. Data collection
D. Data location

Correct Answer: B

17. What is the process of acquiring data for initial use?

A. Data retention
B. Data location
C. Data collection
D. Data destruction

Correct Answer: C

18. Which term refers to the procedures that keep data for a predetermined period of time, after which it is discarded?

A. Data remanence
B. Data retention
C. Data collection
D. Data maintenance

Correct Answer: B

19. What process ensures data is accurate, consistent, and reliable throughout its life cycle?

A. Data collection
B. Data maintenance
C. Data retention
D. Data destruction

Correct Answer: B

20. Who decides who, what, when, where, and how data should be used or shared?

A. Data custodian
B. Data controller
C. Data processor
D. Data owner

Correct Answer: D

21. Which term refers to the physical or virtual location where data is stored?

A. Data collection
B. Data location
C. Data maintenance
D. Data remanence

Correct Answer: B

22. Who is responsible for processing personal data on behalf of the controller?

A. Data custodian
B. Data controller
C. Data processor
D. Data owner

Correct Answer: C

23. Which term refers to eliminating data stored on memory devices, ensuring that the data is completely unreadable?

A. Data collection
B. Data retention
C. Data destruction
D. Data location

Correct Answer: C

24. Who is the person that determines the purposes for which and how personal data is processed?

A. Data owner
B. Data custodian
C. Data controller
D. Data processor

Correct Answer: C

25. What does the term “End-of-Life” (EOL) typically refer to in the context of asset retention?

A. The period when an asset is fully depreciated
B. The point at which the manufacturer no longer supports an asset
C. The time when an asset is no longer useful for the organization and is disposed of
D. The stage when an asset is upgraded or replaced with a newer model

Correct Answer: C

26. What is the primary concern when a software asset reaches its End-of-Support (EOS) stage?

A. The software will no longer function.
B. The software may no longer receive security updates and patches.
C. The software will be incompatible with newer systems.
D. The software will automatically uninstall itself.

Correct Answer: B

27. What is the primary purpose of establishing an asset retention policy in an organization?

A. To ensure data is never deleted
B. To prevent theft of organizational assets
C. To ensure compliance with legal and regulatory requirements for data retention
D. To ensure all assets are utilized to their fullest potential

Correct Answer: C

28. In the context of data management, what is the main reason for properly managing an asset’s End-of-Life (EOL) stage?

A. To maximize the asset’s value
B. To ensure data contained on the asset is properly backed up
C. To prevent unauthorized access or data breaches
D. To ensure the asset can be reused

Correct Answer: C

29. Which of the following is a best practice for managing assets that have reached their End-of-Support (EOS) stage?

A. Continue using them as long as they still function
B. Replace them with the latest models available
C. Isolate them from the network and use them offline
D. Evaluate risks associated with continued use and plan for their replacement or upgrade

Correct Answer: D

30. What are the three states of data that need to be secured?

A. Loaded, running, and unloaded
B. In use, in transit, and at rest
C. In motion, in storage, and processing
D. Active, passive, and idle

Correct Answer: B

31. What is the purpose of scoping and tailoring in the context of data security controls?

A. To customize security controls to fit the specific needs of the organization
B. To reduce the number of security controls applied to data
C. To expand the range of security controls applied to data
D. To standardize security controls across different types of data

Correct Answer: A

32. What is the purpose of Digital Rights Management (DRM)?

A. To prevent unauthorized access to digital media
B. To facilitate the sharing of digital media
C. To track the usage of digital media
D. All of the above

Correct Answer: D

33. How does a Cloud Access Security Broker (CASB) contribute to data security?

A. By providing a security layer between users and cloud service providers
B. By encrypting data stored in the cloud
C. By monitoring user activity in the cloud
D. All of the above

Correct Answer: D

34. What is the primary goal of data loss prevention (DLP)?

A. To prevent data breaches by detecting potential data breach/data ex-filtration transmissions
B. To recover data that has been lost due to hardware failure
C. To manage access rights to data
D. To provide an audit trail of data access

Correct Answer: A

35. What process involves analyzing retained data, determining its importance and value, and categorizing it accordingly?

A. Implementing data security controls
B. Setting data standards
C. Acting as data custodians
D. Conducting data classification

Correct Answer: D

36. What term refers to the process of removing sensitive data from storage devices in a way that prevents its reconstruction through standard system functions or software file/data recovery utilities?

A. Clearing
B. Utilizing self-encrypting USB drives
C. Purging
D. Conducting data modeling

Correct Answer: C

37. What provides more flexibility in applying encryption to specific files?

A. File encryption software
B. Categorization
C. Self-encrypting USB drives
D. Media encryption software

Correct Answer: A

38. What term describes the pivotal point where a material’s inherent magnetic alignment changes direction?

A. Data remanence
B. Clearing
C. Media encryption software
D. Curie temperature

Correct Answer: D

39. What role ensures crucial datasets are developed, maintained, and accessible within their specified parameters?

A. Conducting data classification
B. Undertaking data modeling
C. Serving as data custodians
D. Implementing data security controls

Correct Answer: C

40. In the context of US government document classifications, which signifies the least sensitive level?

A. Confidential
B. Top Secret
C. Top Secret
D. Secret

Correct Answer: A

41. Which law in Europe is responsible for the protection of personal data privacy?

A. HIPAA
B. GLBA
C. GDPR
D. DPD

Correct Answer: C

42. The TLS protocol is most effective for safeguarding which type of data?

A. Data in motion
B. Data in use
C. Data at rest
D. Data in an archived status

Correct Answer: A

43. Which protocol should you opt for if you want to replace an old Telnet server with a secure alternative?

A. SCP
B. HTTPS
C. SSH
D. SFTP

Correct Answer: C

44. Which of the following is considered the least secure method for removing data from magnetic media?

A. Destruction
B. Degaussing
C. Purging
D. Erasing

Correct Answer: D

45. Which of the following locations exemplifies “data in use”?

A. RAM
B. Network transmission
C. SSD
D. Magnetic disk

Correct Answer: A

46. When viewed independently, which data elements can be considered PII?

A. Work ZIP code
B. Home address
C. Gender
D. Age

Correct Answer: B

47. Who updates the system security plan when a significant change occurs?

A. Business owner
B. Data processor
C. Data owner
D. System owner

Correct Answer: D

48. What is the most important factor when determining a data classification level?

A. Format of the data
B. Value of the data
C. Identity of the data owner
D. Size of the data

Correct Answer: B

49. Which encryption technology among the following is capable of protecting data within an email-attached file, ensuring it remains encrypted after being received?

A. AES
B. TLS
C. SSL
D. DES

Correct Answer: A

50. What access control policy is being implemented when you set up and integrate a nondiscretionary system?

A. Physical access control
B. Mandatory access control
C. Role-based access control
D. Rule-based access control

Correct Answer: B

51. You decide to use a passphrase instead of a password that can be found in the dictionary, aiming for enhanced security. In this case, the new password transforms into what?

A. The strongest password
B. A virtual password
C. An unusual password
D. A username

Correct Answer: A

52. You want the highest security protection for your company, regardless of cost. Which of the following should you choose?

A. Passwords
B. Smart cards
C. Palm vein scanner
D. Fingerprint reader

Correct Answer: C

53. What is the term for a control category that responds after an incident?

A. Corrective control
B. Directive control
C. Preventative control
D. Deterrent control

Correct Answer: A

You may also like: