Take your CISSP preparation to the next level with this dynamic series of practice tests. From security operations management to software development security, each article offers a unique set of questions to challenge your understanding and reinforce key concepts required for CISSP certification.
1. What two categories do uninterruptible power supplies (UPS) fall into?
A. Inbuilt and external
B. Continuous and disconnected
C. Inbuilt and disconnected
D. Continuous and standby
Correct Answer: B
2. Can you name the four necessary elements for a fire?
A. Fuel, oxygen, contaminants, and chemicals
B. Fuel, chemical reaction, water, and temperature
C. Oxygen, fuel, Halon, and temperature
D. Fuel, oxygen, temperature, and chemical reaction
Correct Answer: D
3. What are the five classes of fire?
A. A, B, C, D, K
B. A, B, C, D, E
C. A, B, C, D, F
D. L, M, N, O
Correct Answer: A
4. What four main outcomes should a suppressant agent achieve either independently or in collaboration with another agent?
A. Lower the temperature, reduce the smoke, minimize free radicals, disrupt chemical reactions
B. Flood the environment, capture the smoke, control the flame, open doors in fail-safe mode
C. Lower the temperature, decrease the oxygen supply, reduce the fuel supply, interfere with the chemical reaction
D. Simply extinguish the fire
Correct Answer: C
5. What purpose do security zones serve?
A. Security zones differentiate varying security levels within a premise.
B. Security zones are regions where tailgating is prohibited.
C. Security zones necessitate armed guards at the entrance.
D. Security zones refer to complete walls that segregate individuals into their respective departments.
Correct Answer: A
6. Where should a data center ideally be situated within a facility?
A. A data center should be in a separate facility and should not be merged with any other function of an organization.
B. A data center should be situated in the basement of a facility, underground for added protection.
C. A data center should be situated on the top floor of the building to ensure that intruders cannot access it from the ground.
D. A data center should be situated in the center of the facility.
Correct Answer: D
7. What element does not belong in a security domain?
A. Adaptability
B. Domain parameters
C. Customized protections
D. Domain interrelationships
Correct Answer: A
8. What is external to the trusted computing base (TCB)?
A. Memory channel
B. Exploitable channel
C. Communications channel
D. Security-compliant channel
Correct Answer: B
9. Which is not an example of a first line of defense?
A. Physical security
B. Network monitors
C. Software testing
D. Quality assurance
Correct Answer: D
10. From a security perspective, what acts as a first line of defense?
A. Remote server
B. Web server
C. Firewall
D. Secure shell program
Correct Answer: C
11. Within a fire suppression setting, how would you define a dry pipe?
A. A sprinkler system where water is introduced into the pipes only when an automatic sensor detects a fire in the vicinity
B. A sprinkler system with water inside the pipe, but the exterior of the pipe remains dry
C. A Halon gas system incorporating a dry pipe
D. A carbon dioxide (CO2) gas system that employs a dry chemical to quench a fire
Correct Answer: A
12. Generally, what is the safest method to extract heat from a fire?
A. Water
B. Carbon dioxide
C. Soda ash
D. Halon gas
Correct Answer: A
13. What is an electric power undervoltage referred to as?
A. Brownout
B. Blackout
C. Burnout
D. Dropout
Correct Answer: A
14. Which type of fire is most prevalent?
A. Furniture fires
B. Electrical fires
C. Paper fires
D. Gasoline fires
Correct Answer: B
15. Which stage of fire does not generate smoke?
A. Incipient stage
B. Smoldering stage
C. Flame stage
D. Heat stage
Correct Answer: C
16. What component of a water sprinkler system comprises fire-triggered devices?
A. Water supply
B. Water heads
C. Water control valves
D. Alarm system
Correct Answer: B
17. What is the initial action to take in the event of a fire?
A. Report the fire.
B. Extinguish the fire.
C. Remain calm.
D. Avoid using elevators.
Correct Answer: A
18. Which term refers to an organization’s certainty in its controls meeting security requirements?
A. Trust
B. Credentialing
C. Verification
D. Assurance
Correct Answer: D
19. What kind of security weakness are developers most prone to introduce into their code when trying to simplify their access for testing purposes in their software?
A. Maintenance hook
B. Cross-site scripting
C. SQL injection
D. Buffer overflow
Correct Answer: A
20. If Alice sends an encrypted message to Bob, what key does she use to encrypt the message?
A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key
Correct Answer: C
21. When Bob receives the encrypted message from Alice, what key does he use to decrypt the message’s plaintext content?
A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key
Correct Answer: D
22. In this scenario, which key would Bob not have access to?
A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key
Correct Answer: B
23. Bouke has discovered a SQL injection vulnerability in an application within his organization. Which of the following measures is not an appropriate response to this vulnerability?
A. Upgrading the version of the database
B. Utilizing parameterized queries
C. Reengineering the web application
D. Implementing stored procedures
Correct Answer: A
24. Gina wants to send an encrypted message to her coworker, Eric, ensuring both confidentiality and authenticity. She plans to encrypt the message and append a digital signature to achieve this. What cryptographic goal does the digital signature fulfill?
A. Non-repudiation
B. Integrity
C. Confidentiality
D. Authentication
Correct Answer: A
25. To create a secure message digest for a digital signature, which of the following cryptographic functions might Gina use?
A. SHA
B. AES
C. MD5
D. RSA
Correct Answer: A
26. In a secure communication scenario, Bouke wants to send an encrypted message to Hayate and also provide a digital signature to ensure authenticity. They are using a public key infrastructure where each person has a pair of keys: a public key known to everyone and a private key known only to the individual. Consider the following questions based on this scenario: To encrypt the message content, ensuring that only Hayate can decrypt it, which key should Bouke use?
A. Bouke’s private key
B. Hayate’s public key
C. Hayate’s private key
D. Bouke’s public key
Correct Answer: B
27. To create the digital signature, allowing Hayate to verify that the message indeed came from Bouke, which key should Bouke use?
A. Hayate’s private key
B. Hayate’s public key
C. Bouke’s public key
D. Bouke’s private key
Correct Answer: D
28. Which security model property dictates that an individual should not have read access to objects at a lower security level than their own?
A. Integrity Property
B. Security Property
C. Simple Security Property
D. Simple Integrity Property
Correct Answer: C
29. Which ring houses the operating system kernel in systems that implement the ring protection model?
A. Ring 3
B. Ring 1
C. Ring 2
D. Ring 0
Correct Answer: D
30. In the context of VM escape attacks, which component prevents such attacks?
A. Guest operating system
B. Hypervisor
C. Virtual security module
D. Host operating system
Correct Answer: B
31. When a web browser verifies a website’s digital certificate, which key does it use?
A. Server’s public key
B. Certificate authority’s (CA’s) public key
C. CA’s private key
D. Server’s private key
Correct Answer: B
32. Who are the stakeholders involved in the architecture of a secure network?
A. Suppliers of the company
B. Operators of the system
C. Developers of the software
D. All individuals invested in the system’s functionality or usability
Correct Answer: D
33. What is the term for computers utilizing multiple CPUs to enhance performance?
A. Multiprocessing computers
B. Computers with multiple CPUs
C. Multithreaded computers
D. Multiheaded computers
Correct Answer: A
34. What loads the kernel when a computer is switched on and proceeds to boot the Linux operating system?
A. BIOS
B. MBR
C. UEFI
D. USER
Correct Answer: C
35. What is the primary difference between a virtual machine and a container?
A. Containers include an operating system, while virtual machines do not.
B. Virtual machines are platform independent, while containers are not.
C. Virtual machines include their own operating system, while containers share the host’s operating system.
D. Containers are less resource-intensive than virtual machines.
Correct Answer: C
36. How does the Internet of Things (IoT) influence data management?
A. It decreases the amount of data generated.
B. It increases the need for real-time processing.
C. It makes data management less complex.
D. It reduces the need for data storage.
Correct Answer: B
37. What is a key benefit of cloud computing?
A. Increased infrastructure cost
B. Limited scalability
C. Lower maintenance responsibility
D. Increased data security risk
Correct Answer: C
38. What is a primary security concern when using containerization?
A. Increased complexity of network configuration
B. Difficulty in monitoring application performance
C. Vulnerabilities in the shared host operating system
D. Reduced data isolation compared to traditional virtualization
Correct Answer: C
39. What does the term “elasticity” refer to in the context of cloud computing?
A. The ability to handle varying workloads by dynamically allocating and deallocating resources.
B. The ability to store large amounts of data.
C. The ability to operate without Internet connectivity.
D. The ability to recover quickly from hardware failures.
Correct Answer: A
40. What is the primary function of a hypervisor in virtualization?
A. It provides a graphical interface for managing virtual machines.
B. It manages the virtual machines and allocates host system resources to them.
C. It encrypts the data stored on virtual machines.
D. It provides network connectivity for virtual machines.
Correct Answer: B
41. What is the main advantage of containerization?
A. Containers use more resources than virtual machines.
B. Containers are more isolated than virtual machines.
C. Containers start up faster than virtual machines.
D. Containers are harder to manage than virtual machines.
Correct Answer: C
42. In IoT, what is the role of an edge device?
A. It serves as the central hub that connects all other devices.
B. It processes and analyzes data locally before sending it to the network.
C. It provides security for the IoT network.
D. It stores all the data generated by the IoT devices.
Correct Answer: B
43. What is the main reason to use a multi-cloud strategy?
A. To make applications run faster
B. To reduce the dependence on a single cloud provider
C. To simplify the management of cloud resources
D. To make the transition to the cloud easier
Correct Answer: B
44. What is “Docker” in the context of containerization?
A. A type of virtual machine
B. An operating system designed for containers
C. A platform used to develop and manage containers
D. A programming language used to create containerized applications
Correct Answer: C
45. Which device listed as follows does not function at the Data Link or Layer 2?
A. Hub
B. Switch
C. Wireless access point
D. Bridge
Correct Answer: A
46. Who creates and publishes the OSI model from the following organizations?
A. IEEE
B. ISO
C. IANA
D. IETF
Correct Answer: B
47. Which protocols work at the Transport Layer, or Layer 4, and offer a best-effort, connectionless method for delivering segments?
A. ARP
B. IGMP
C. TCP
D. UDP
Correct Answer: D
48. What is the term for the data and header information processed at the Network Layer, or Layer 3, of the OSI model?
A. Packet
B. Data stream
C. Frame
D. Segment
Correct Answer: A
49. Which of the following sequences accurately represents the order of the OSI model layers when processing incoming data from the network media?
A. Application, Presentation, Session, Transport, Network, Data Link, Physical
B. Physical, Transport, Network, Data Link, Presentation, Session, Application
C. Application, Session, Presentation, Transport, Network, Data Link, Physical
D. Physical, Data Link, Network, Transport, Session, Presentation, Application
Correct Answer: D
50. Which of the following media types offers the highest protection against the detection of emanations?
A. Coax
B. Shielded twisted pair
C. Unshielded twisted pair
D. Fiber optic
Correct Answer: D
51. Which of the following media access control methods is based on contention?
A. Token-passing bus
B. Carrier Sense Multiple Access with Collision Detection (CSMA/CD)
C. Token-passing ring
D. Polling
Correct Answer: B
52. What filter is used in firewalls to block packets leaving a private network using a public source IP address?
A. Ingress filter
B. Content filter
C. Egress filter
D. Stateful filter
Correct Answer: C
53. How is a bastion host best described?
A. A system that has been hardened against attack
B. A system that uses a default deny rule
C. A system that performs FQDN-to-IP-address resolution
D. A system that replaces private IP addresses with public IP addresses as the packet exits the private network
Correct Answer: A
You may also like:- Top 30 Linux Questions (MCQs) with Answers and Explanations
- 75 Important Cybersecurity Questions (MCQs with Answers)
- 260 One-Liner Information Security Questions and Answers for Fast Learning
- Top 20 HTML5 Interview Questions with Answers
- 80 Most Important Network Fundamentals Questions With Answers
- 100 Most Important SOC Analyst Interview Questions
- Top 40 Cyber Security Questions and Answers
- Top 10 React JS Interview Theory Questions and Answers
- CISSP – Practice Test Questions – 2024 – Set 20 (53 Questions)
- Part 2: Exploring Deeper into CCNA – Wireless (145 Practice Test Questions)