Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CISSPFree trial

By isc

Verified

25Q per page

Question 51

What are the essential elements of a Risk Assessment Report (RAR)?

A: Executive summary, body of the report, and appendices
B: Executive summary, graph of risks, and process
C: Table of contents, testing criteria, and index
D: Table of contents, chapters, and executive summary

—

Question 52

The security operations center (SOC) has received credible intelligence that a threat actor is planning to attack with multiple variants of a destructive virus. After obtaining a sample set of this virus' variants and reverse engineering them to understand how they work, a commonality was found. All variants are coded to write to a specific memory location. It is determined this virus is of no threat to the organization because they had the foresight to enable what feature on all endpoints?

A: Address Space Layout Randomization (ASLR)
B: Trusted Platform Module (TPM)
C: Virtualization
D: Process isolation

—

Question 53

The Chief Information Security Officer (CISO) is to establish a single, centralized, and relational repository to hold all information regarding the software and hardware assets. Which of the following s ions would be the BEST option?

A: Information Security Management System (ISMS)
B: Configuration Management Database (CMDB)
C: Security Information and Event Management (SIEM)
D: Information Technology Asset Management (ITAM)

—

Question 54

What type of investigation applies when malicious behavior is suspected between two organizations?

A: Regulatory
B: Operational
C: Civil
D: Criminal

—

Question 55

Which of the following techniques evaluates the secure design principles of network or software architectures?

A: Risk modeling
B: Waterfall method
C: Threat modeling
D: Fuzzing

—

Question 56

Which element of software supply chain management has the GREATEST security risk to organizations?

A: Unsupported libraries are often used.
B: Applications with multiple contributors are difficult to evaluate.
C: Vulnerabilities are difficult to detect.
D: New software development skills are hard to acquire.

—

Question 57

When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?

A: SOC 1 Type 1
B: SOC 2 Type 1
C: SOC 2 Type 2
D: SOC 3

—

Question 58

Which of the following should be done at a disaster site before any item is removed, repaired, or replaced?

A: Communicate with the press following the communications plan
B: Dispatch personnel to the disaster recovery (DR) site
C: Take photos of the damage
D: Notify all of the Board of Directors

—

Question 59

When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users accessing the VoIP network.
Which of the following will BEST help secure the VoIP network?

A: 802.11g
B: Web application firewall (WAF)
C: Transport Layer Security (TLS)
D: 802.1x

—

Question 60

A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?

A: Use a salted cryptographic hash of the password.
B: Validate passwords using a stored procedure.
C: Allow only the application to have access to the password field in order to verify user authentication.
D: Encrypt the entire database and embed an encryption key in the application.

—

Question 61

Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?

A: Common Vulnerabilities and Exposures (CVE)
B: Center for Internet Security (CIS)
C: Common Vulnerability Scoring System (CVSS)
D: Open Web Application Security Project (OWASP)

—

Question 62

A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all of the application infrastructure located within one co-location data center. Which security principle is the architect currently assessing?

A: Disaster recovery (DR)
B: Availability
C: Redundancy
D: Business continuity (BC)

—

Question 63

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

A: System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements
B: Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements
C: Data stewardship roles, data handling and storage standards, data lifecycle requirements
D: System authorization roles and responsibilities, cloud computing standards, lifecycle requirements

—

Question 64

The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the model?

A: Headcount and capacity
B: Scope and service catalog
C: Skill set and training
D: Tools and technologies

—

Question 65

An organization would like to ensure that all new users have a predefined departmental access template applied upon creation. The organization would also like additional access for users to be granted on a per-project basis. What type of user access administration is BEST suited to meet the organization's needs?

A: Decentralized
B: Hybrid
C: Centralized
D: Federated

—

Question 66

Which of the following is a secure design principle for a new product?

A: Restrict the use of modularization.
B: Do not rely on previously used code.
C: Build in appropriate levels of fault tolerance.
D: Utilize obfuscation whenever possible.

—

Question 67

What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?

A: Standardize specifications between software security products.
B: Achieve organizational compliance with international standards.
C: Improve vulnerability assessment capabilities.
D: Save security costs for the organization.

—

Question 68

Which application type is considered high risk and provides a common way for malware and viruses to enter a network?

A: Instant messaging or chat applications
B: Peer-to-Peer (P2P) file sharing applications
C: E-mail applications
D: End-to-end applications

—

Question 69

What are the three key benefits that application developers should derive from the northbound application programming interface (API) of software defined networking (SDN)?

A: Network syntax, abstraction of network flow, and abstraction of network protocols
B: Network syntax, abstraction of network commands, and abstraction of network protocols
C: Familiar syntax, abstraction of network topology, and definition of network protocols
D: Familiar syntax, abstraction of network topology, and abstraction of network protocols

—

Question 70

Which of the following is a unique feature of attribute-based access control (ABAC)?

A: A user is granted access to a system at a particular time of day.
B: A user is granted access to a system based on username and password.
C: A user is granted access to a system based on group affinity.
D: A user is granted access to a system with biometric authentication.

—

Question 71

Which of the following is the BEST approach to implement multiple servers on a virtual system?

A: Implement one primary function per virtual server and apply individual security configuration for each virtual server.
B: Implement multiple functions within the same virtual server and apply individual security configurations to each function.
C: Implement one primary function per virtual server and apply high security configuration on the host operating system.
D: Implement multiple functions per virtual server and apply the same security configuration for each virtual server.

—

Question 72

Which of the following is the MOST common cause of system or security failures?

A: Lack of physical security controls
B: Lack of change control
C: Lack of logging and monitoring
D: Lack of system documentation

—

Question 73

The Chief Information Officer (CIO) has decided that as part of business modernization efforts the organization will move towards a cloud architecture. All business-critical data will be migrated to either internal or external cloud services within the next two years. The CIO has a PRIMARY obligation to work with personnel in which role in order to ensure proper protection of data during and after the cloud migration?

A: Chief Security Officer (CSO)
B: Information owner
C: Chief Information Security Officer (CISO)
D: General Counsel

—

Question 74

A developer is creating an application that requires secure logging of all user activity. What is the BEST permission the developer should assign to the log file to ensure requirements are met?

A: Execute
B: Read
C: Write
D: Append

—

Question 75

When performing an investigation with the potential for legal action, what should be the analyst's FIRST consideration?

A: Data decryption
B: Chain-of-custody
C: Authorization to collect
D: Court admissibility

—

Page 3 of 20 • Questions 51-75 of 484

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!