ISC CISSP Certified Information Systems Security Professional Online Training
ISC CISSP Online Training
The questions for CISSP were last updated at May 05,2025.
- Exam Code: CISSP
- Exam Name: Certified Information Systems Security Professional
- Certification Provider: ISC
- Latest update: May 05,2025
What is the purpose of an Internet Protocol (IP) spoofing attack?
- A . To send excessive amounts of data to a process, making it unpredictable
- B . To intercept network traffic without authorization
- C . To disguise the destination address from a target’s IP filtering devices
- D . To convince a system that it is communicating with a known entity
At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
- A . Link layer
- B . Physical layer
- C . Session layer
- D . Application layer
In a Transmission Control Protocol/Internet Protocol (TCP/IP) stack, which layer is responsible for negotiating and establishing a connection with another node?
- A . Transport layer
- B . Application layer
- C . Network layer
- D . Session layer
Which of the following BEST describes an access control method utilizing cryptographic keys derived from a smart card private key that is embedded within mobile devices?
- A . Derived credential
- B . Temporary security credential
- C . Mobile device credentialing service
- D . Digest authentication
What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?
- A . Audit logs
- B . Role-Based Access Control (RBAC)
- C . Two-factor authentication
- D . Application of least privilege
A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies .
Which of the following is the BEST solution for the manufacturing organization?
- A . Trusted third-party certification
- B . Lightweight Directory Access Protocol (LDAP)
- C . Security Assertion Markup language (SAML)
- D . Cross-certification
Users require access rights that allow them to view the average salary of groups of employees .
Which control would prevent the users from obtaining an individual employee’s salary?
- A . Limit access to predefined queries
- B . Segregate the database into a small number of partitions each with a separate security level
- C . Implement Role Based Access Control (RBAC)
- D . Reduce the number of people who have access to the system for statistical purposes
Which of the following is of GREATEST assistance to auditors when reviewing system configurations?
- A . Change management processes
- B . User administration procedures
- C . Operating System (OS) baselines
- D . System backup documentation
Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?
- A . Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken
- B . Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability
- C . Management teams will understand the testing objectives and reputational risk to the organization
- D . Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels
In which of the following programs is it MOST important to include the collection of security process data?
- A . Quarterly access reviews
- B . Security continuous monitoring
- C . Business continuity testing
- D . Annual security training
Latest CISSP Dumps Valid Version with 981 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
