CISSP Certification Sample Questions

CISSP Dumps, CISSP PDF, CISSP VCE, ISC2 Information Systems Security Professional VCEThe purpose of this Sample Question Set is to provide you with information about the ISC2 Information Systems Security Professional (CISSP) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CISSP certification test. To get familiar with real exam environment, we suggest you try our Sample ISC2 CISSP Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual ISC2 Certified Information Systems Security Professional (CISSP) certification exam.

These sample questions are simple and basic questions that represent likeness to the real ISC2 Information Systems Security Professional exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium ISC2 CISSP Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.

ISC2 CISSP Sample Questions:

01. The process for developing an ISCM strategy and implementing an ISCM program is?
a) Define, analyze, implement, establish, respond, review and update
b) Analyze, implement, define, establish, respond, review and update
c) Define, establish, implement, analyze, respond, review and update
d) Implement, define, establish, analyze, respond, review and update
 
02. What are the seven main categories of access control?
a) Detective, corrective, monitoring, logging, recovery, classification, and directive
b) Directive, deterrent, preventative, detective, corrective, compensating, and recovery
c) Authorization, identification, factor, corrective, privilege, detective, and directive
d) Identification, authentication, authorization, detective, corrective, recovery, and directive
 
03. Ann installs a new Wireless Access Point (WAP) and users are able to connect to it. However, once connected, users cannot access the Internet. Which of the following is the MOST likely cause of the problem?
a) The signal strength has been degraded and latency is increasing hop count.
b) An incorrect subnet mask has been entered in the WAP configuration.
c) The signal strength has been degraded and packets are being lost.
d) Users have specified the wrong encryption type and packets are being rejected.
 
04. Qualitative risk assessment is earmarked by which of the following?
a) Ease of implementation and it can be completed by personnel with a limited understanding of the risk assessment process
b) Can be completed by personnel with a limited understanding of the risk assessment process and uses detailed metrics used for calculation of risk
c) Detailed metrics used for calculation of risk and ease of implementation
d) Can be completed by personnel with a limited understanding of the risk assessment process and detailed metrics used for the calculation of risk
 
05. Which of the following security models is primarily concerned with how the subjects and objects are created and how subjects are assigned rights or privileges?
a) Bell–LaPadula
b) Biba-Integrity
c) Chinese Wall
d) Graham–Denning
 
06. Before applying a software update to production systems, it is MOST important that
a) Full disclosure information about the threat that the patch addresses is available
b) The patching process is documented
c) The production systems are backed up
d) An independent third party attests the validity of the patch
 
07. While an Enterprise Security Architecture (ESA) can be applied in many different ways, it is focused on a few key goals. Identify the proper listing of the goals for the ESA:
a) It represents a simple, long term view of control, it provides a unified vision for common security controls, it leverages existing technology investments, it provides a fixed approach to current and future threats and also the needs of peripheral functions
b) It represents a simple, long term view of control, it provides a unified vision for common security controls, it leverages new technology investments, it provides a flexible approach to current and future threats and also the needs of core functions
c) It represents a complex, short term view of control, it provides a unified vision for common security controls, it leverages existing technology investments, it provides a flexible approach to current and future threats and also the needs of core functions
d) It represents a simple, long term view of control, it provides a unified vision for common security controls, it leverages existing technology investments, it provides a flexible approach to current and future threats and also the needs of core functions
 
08. Technical evaluation of assurance to ensure that security requirements have been met is known as?
a) Accreditation
b) Certification
c) Validation
d) Verification
 
09. A potential vulnerability of the Kerberos authentication server is
a) Single point of failure
b) Asymmetric key compromise
c) Use of dynamic passwords
d) Limited lifetimes for authentication credentials
 
10. Which of the following can BEST be used to capture detailed security requirements?
a) Threat modeling, covert channels, and data classification
b) Data classification, risk assessments, and covert channels
c) Risk assessments, covert channels, and threat modeling
d) Threat modeling, data classification, and risk assessments

Answers:

Question: 01
Answer: c
Question: 02
Answer: b
Question: 03
Answer: b
Question: 04
Answer: a
Question: 05
Answer: d
Question: 06
Answer: c
Question: 07
Answer: d
Question: 08
Answer: b
Question: 09
Answer: a
Question: 10
Answer: d

Note: For any error in ISC2 Certified Information Systems Security Professional (CISSP) certification exam sample questions, please update us by writing an email on feedback@edusum.com.

Rating: 4.8 / 5 (38 votes)