CISSP Online Practice Questions and Answers

Functional security testing is MOST critical during which phese of the system development Life Cycle (SDLC)?

A. Acquisition / Development

B. Operations / Maintenance

C. Implementation

D. Initiation

Which of the following in the BEST way to reduce the impect of an externlly sourced flood attack?

A. Stock the source address at the firewall.

B. Have this service provide block the source address.

C. Block all inbound traffic until the flood ends.

D. Have the source service provider block the address

Which of the following authorization standards is built to handle application programming interface (API) access for Federated identity management (FIM)?

A. Terminal Access Controller Access Control System Plus (TACACS+)

B. Open Authentication (OAuth)

C. Remote Authentication Dial-In User Service (RADIUS)

D. Security Assertion Markup Language (SAM)

For network based evidence, which of the following contains traffic details of all network sessions in order to detect anomalies?

A. Alert data

B. User data

C. Content data

D. Statistical data

What are the steps of a risk assessment?

A. identification, analysis, evaluation

B. analysis, evaluation, mitigation

C. classification, identification, risk management

D. identification, evaluation, mitigation

Which of the following is a detective access control mechanism?

A. Log review

B. Least privilege

C. Password complexity

D. Non-disclosure agreement

Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?

A. Automatically create exceptions for specific actions or files

B. Determine which files are unsafe to access and blacklist them

C. Automatically whitelist actions or files known to the system

D. Build a baseline of normal or safe system events for review

What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?

A. Signature

B. Inference

C. Induction

D. Heuristic

A recent security audit is reporting several unsuccessful login attempts being repeated at specific times during the day on an Internet facing authentication server. No alerts have been generated by the security information and event management (SIEM) system. What PRIMARY action should be taken to improve SIEM performance?

A. Implement role-based system monitoring

B. Audit firewall logs to identify the source of login attempts

C. Enhance logging detail

D. Confirm alarm thresholds

Which of the following is the MOST secure protocol for zremote command access to the firewall?

A. Secure Shell (SSH)

B. Trivial File Transfer Protocol (TFTP)

C. Hypertext Transfer Protocol Secure (HTTPS)

D. Simple Network Management Protocol (SNMP) v1