CISSP Online Practice Questions and Answers

Which of the following countermeasures is the MOST effective in defending against a social engineering attack?

A. Mandating security policy acceptance

B. Changing individual behavior

C. Evaluating security awareness training

D. Filtering malicious e-mail content

Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?

A. Maintaining an inventory of authorized Access Points (AP) and connecting devices

B. Setting the radio frequency to the minimum range required

C. Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator

D. Verifying that all default passwords have been changed

Alternate encoding such as hexadecimal representations is MOST often observed in which of the following forms of attack?

A. Smurf

B. Rootkit exploit

C. Denial of Service (DoS)

D. Cross site scripting (XSS)

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

A. Development, testing, and deployment

B. Prevention, detection, and remediation

C. People, technology, and operations

D. Certification, accreditation, and monitoring

Which of the following techniques BEST prevents buffer overflows?

A. Boundary and perimeter offset

B. Character set encoding

C. Code auditing

D. Variant type and bit length

Why should Open Web Application Security Project (OWASP) Application Security Verification Standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web application?

A. Most regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications

B. Securing applications at ASVS Level 1 provides adequate protection for sensitive data

C. ASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats

D. Opportunistic attackers will look for any easily exploitable vulnerable applications

An Intrusion Detection System (IDS) is based on the general hypothesis that a security violation is associated with a pattern of system usage, which can be

A. differentiated from a normal usage pattern

B. used to detect known violations

C. used to detect a masquerader

D. differentiated to detect all security violations

A customer continues to experience attacks on their email, web, and File Transfer Protocol (FTP) servers. These attacks are impacting their business operations. Which of the following is the BEST recommendation to make?

A. Configure an intrusion detection system (IDS).

B. Create a demilitarized zone (DMZ).

C. Deploy a bastion host.

D. Setup a network firewall.

Which element of software supply chain management has the GREATEST security risk to organizations?

A. New software development skills are hard to acquire.

B. Unsupported libraries are often used.

C. Applications with multiple contributors are difficult to evaluate.

D. Vulnerabilities are difficult to detect.

What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?

A. Make all stakeholders aware of the program's progress.

B. Measure the effect of the program on the organization's workforce.

C. Facilitate supervision of periodic training events.

D. Comply with legal regulations and document due diligence in security practices.