CISSP Online Practice Questions and Answers

An organization has discovered that users are visiting unauthorized websites using anonymous proxies.

Which of the following is the BEST way to prevent future occurrences?

A. Remove the anonymity from the proxy

B. Analyze Internet Protocol (IP) traffic for proxy requests

C. Disable the proxy server on the firewall

D. Block the Internet Protocol (IP) address of known anonymous proxies

Why do certificate Authorities (CA) add value to the security of electronic commerce transactions?

A. They maintain the certificate revocation list.

B. They maintain the private keys of transition parties.

C. They verify the transaction parties' private keys.

D. They provide a secure communication enamel to the transaction parties.

Which of the following access management procedures would minimize the possibility of an organization's employees retaining access to secure werk areas after they change roles?

A. User access modification

B. user access recertification

C. User access termination

D. User access provisioning

In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs?

A. Modifying source code without approval

B. Promoting programs to production without approval

C. Developers checking out source code without approval

D. Developers using Rapid Application Development (RAD) methodologies without approval

Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

A. Application monitoring procedures

B. Configuration control procedures

C. Security audit procedures

D. Software patching procedures

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

A. Development, testing, and deployment

B. Prevention, detection, and remediation

C. People, technology, and operations

D. Certification, accreditation, and monitoring

Which of the following is established to collect information Se eee ee ee nation readily available in part through implemented security controls?

A. Security Assessment Report (SAR)

B. Organizational risk tolerance

C. Information Security Continuous Monitoring (ISCM) D. Risk assessment report

An application developer receives a report back from the security team showing their automated tools were able to successfully enter unexpected data into the organization's customer service portal, causing the site to crash. This is an example of which type of testing?

A. Non-functional

B. Positive

C. Performance

D. Negative

To comply with industry requirements, a security assessment on the cloud server should identify which protocols and weaknesses are being exposed to attackers on the Internet.

Which of the following tools is the MOST appropriate to complete the assessment?

A. Use tcpdump and parse the output file in a protocol analyzer.

B. Use an IP scanner and target the cloud WAN network addressing

C. Run netstat in each cloud server and retrieve the running processes.

D. Use nmap and set the servers' public IPs as the targets.

At which layer of the Open Systems Interconnection (OSI) model does a circuit-level firewall operate?

A. Session layer

B. Network layer

C. Application layer

D. Transport layer