Free Practice Questions for ISC2 CISSP Exam

Which of the following BEST describes the responsibilities of a data owner?

• Ensuring quality and validation through periodic audits for ongoing data integrity
• Maintaining fundamental data availability, including data storage and archiving
• Ensuring accessibility to appropriate users, maintaining appropriate levels of data security
• Determining the impact the information has on the mission of the organization

What method could be used to prevent passive attacks against secure voice communications between an organization and its vendor?

• Encryption in transit
• Configure a virtual private network (VPN)
• Configure a dedicated connection
• Encryption at rest

Which of the following is a key responsibility for a data steward assigned to manage an enterprise data lake?

• Ensure proper business definition, value, and usage of data collected and stored within the enterprise data lake.
• Ensure proper and identifiable data owners for each data element stored within an enterprise data lake.
• Ensure adequate security controls applied to the enterprise data lake.
• Ensure that any data passing within remit is being used in accordance with the rules and regulations of the business.

Which of the following is MOST important to follow when developing information security controls for an organization?

• Exercise due diligence with regard to all risk management information to tailor appropriate controls.
• Perform a risk assessment and choose a standard that addresses existing gaps.
• Use industry standard best practices for security controls in the organization.
• Review all local and international standards and choose the most stringent based on location.

A security professional has been requested by the Board of Directors and Chief Information Security Officer (CISO) to perform an internal and external penetrationtest. What is the BEST course of action?

• Review data localization requirements and regulations.
• Review corporate security policies and procedures,
• With notice to the Configuring a Wireless Access Point (WAP) with the same Service Set Identifier external test.
• With notice to the organization, perform an external penetration test first, then an internal test.

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

• Personal Identity Verification (PIV)
• Cardholder Unique Identifier (CHUID) authentication
• Physical Access Control System (PACS) repeated attempt detection
• Asymmetric Card Authentication Key (CAK) challenge-response

Which of the following is the MOST important first step in preparing for a security audit?

• Identify team members.
• Define the scope.
• Notify system administrators.
• Collect evidence.

What does an organization FIRST review to assure compliance with privacy requirements?

• Best practices
• Business objectives
• Legal and regulatory mandates
• Employee's compliance to policies and standards

Before allowing a web application into the production environment, the security practitioner performs multiple types of tests to confirm that the web application performs asexpected. To test the username field, the security practitioner creates a test that enters more characters into the field than is allowed. Which of the followingBEST describes the type of test performed?

• Misuse case testing
• Penetration testing
• Web session testing
• Interface testing

What should be the FIRST action for a security administrator who detects an intrusion on the network based on precursors and other indicators?

• Isolate and contain the intrusion.
• Notify system and application owners.
• Apply patches to the Operating Systems (OS).
• Document and verify the intrusion.