Proper study guides for Most recent ISC2 Certified Information Systems Security Professional (CISSP) certified begins with ISC2 CISSP preparation products which designed to deliver the Free CISSP questions by making you pass the CISSP test at your first time. Try the free CISSP demo right now.

2021 Mar CISSP test questions

Q21. While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used? 

A. Trusted path 

B. Malicious logic 

C. Social engineering 

D. Passive misuse 

Answer:


Q22. Which of the following secures web transactions at the Transport Layer? 

A. Secure HyperText Transfer Protocol (S-HTTP) 

B. Secure Sockets Layer (SSL) 

C. Socket Security (SOCKS) 

D. Secure Shell (SSH) 

Answer:


Q23. Which of the following questions can be answered using user and group entitlement reporting? 

A. When a particular file was last accessed by a user 

B. Change control activities for a particular group of users 

C. The number of failed login attempts for a particular user 

D. Where does a particular user have access within the network 

Answer:


Q24. Which of the following is a reason to use manual patch installation instead of automated patch management? 

A. The cost required to install patches will be reduced. 

B. The time during which systems will remain vulnerable to an exploit will be decreased. 

C. The likelihood of system or application incompatibilities will be decreased. 

D. The ability to cover large geographic areas is increased. 

Answer:


Q25. Which one of the following effectively obscures network addresses from external exposure when implemented on a firewall or router? 

A. Network Address Translation (NAT) 

B. Application Proxy 

C. Routing Information Protocol (RIP) Version 2 

D. Address Masking 

Answer:


Update CISSP exam fees:

Q26. Which of the following does the Encapsulating Security Payload (ESP) provide? 

A. Authorization and integrity 

B. Availability and integrity 

C. Integrity and confidentiality 

D. Authorization and confidentiality 

Answer:


Q27. According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit? 

A. In-house security administrators 

B. In-house Network Team 

C. Disaster Recovery (DR) Team 

D. External consultants 

Answer:


Q28. An organization has hired a security services firm to conduct a penetration test. Which of the following will the organization provide to the tester? 

A. Limits and scope of the testing. 

B. Physical location of server room and wiring closet. 

C. Logical location of filters and concentrators. 

D. Employee directory and organizational chart. 

Answer:


Q29. Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review? 

A. It has normalized severity ratings. 

B. It has many worksheets and practices to implement. 

C. It aims to calculate the risk of published vulnerabilities. 

D. It requires a robust risk management framework to be put in place. 

Answer:


Q30. Which of the following is the BEST way to verify the integrity of a software patch? 

A. Cryptographic checksums 

B. Version numbering 

C. Automatic updates 

D. Vendor assurance 

Answer: