ISC CISSP Certified Information Systems Security Professional Online Training
ISC CISSP Online Training
The questions for CISSP were last updated at May 11,2025.
- Exam Code: CISSP
- Exam Name: Certified Information Systems Security Professional
- Certification Provider: ISC
- Latest update: May 11,2025
Which of the following is a web application control that should be put into place to prevent exploitation of Operating System (OS) bugs?
- A . Check arguments in function calls
- B . Test for the security patch level of the environment
- C . Include logging functions
- D . Digitally sign each application module
Which of the following is the BEST method to prevent malware from being introduced into a production environment?
- A . Purchase software from a limited list of retailers
- B . Verify the hash key or certificate key of all updates
- C . Do not permit programs, patches, or updates from the Internet
- D . Test all new software in a segregated environment
Which of the following is a limitation of the Common Vulnerability Scoring System (CVSS) as it relates to conducting code review?
- A . It has normalized severity ratings.
- B . It has many worksheets and practices to implement.
- C . It aims to calculate the risk of published vulnerabilities.
- D . It requires a robust risk management framework to be put in place.
An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls.
The BEST way to ensure document confidentiality in the repository is to
- A . encrypt the contents of the repository and document any exceptions to that requirement.
- B . utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.
- C . keep individuals with access to high security areas from saving those documents into lower security areas.
- D . require individuals with access to the system to sign Non-Disclosure Agreements (NDA).
An advantage of link encryption in a communications network is that it
- A . makes key management and distribution easier.
- B . protects data from start to finish through the entire network.
- C . improves the efficiency of the transmission.
- D . encrypts all information, including headers and routing information.
A security consultant has been asked to research an organization’s legal obligations to protect privacy-related information .
What kind of reading material is MOST relevant to this project?
- A . The organization’s current security policies concerning privacy issues
- B . Privacy-related regulations enforced by governing bodies applicable to the organization
- C . Privacy best practices published by recognized security standards organizations
- D . Organizational procedures designed to protect privacy information
An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer .
Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?
- A . Implement packet filtering on the network firewalls
- B . Require strong authentication for administrators
- C . Install Host Based Intrusion Detection Systems (HIDS)
- D . Implement logical network segmentation at the switches
Which of the following is an authentication protocol in which a new random number is generated uniquely for each login session?
- A . Challenge Handshake Authentication Protocol (CHAP)
- B . Point-to-Point Protocol (PPP)
- C . Extensible Authentication Protocol (EAP)
- D . Password Authentication Protocol (PAP)
Which of the following is an attacker MOST likely to target to gain privileged access to a system?
- A . Programs that write to system resources
- B . Programs that write to user directories
- C . Log files containing sensitive information
- D . Log files containing system calls
Which of the following elements MUST a compliant EU-US Safe Harbor Privacy Policy contain?
- A . An explanation of how long the data subject’s collected information will be retained for and how it will be eventually disposed.
- B . An explanation of who can be contacted at the organization collecting the information if corrections are required by the data subject.
- C . An explanation of the regulatory frameworks and compliance standards the information collecting organization adheres to.
- D . An explanation of all the technologies employed by the collecting organization in gathering information on the data subject.
Latest CISSP Dumps Valid Version with 981 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
