Question Directory

CISSP Practice Questions Directory

Browse our collection of 1011 scenario-based questions to prepare for the CISSP exam.

• Security and Risk Management Who released the Ten Commandments of Computer Ethics?
• Security and Risk Management Your company recently announced the adoption of the IEEE Code of Ethics as part of its professional standards. What does...
• Asset Security Your company is in the process of identifying roles and responsibilities regarding the data stored in your Enterprise Resource Planning...
• Asset Security Your company regularly backs up data from servers onto magnetic tapes. You don’t need to worry about preserving the tapes'...
• Security Architecture and Engineering Alice and Bob are exchanging confidential messages using an asymmetric encryption algorithm. Alice wants to send a private message to...
• Communication and Network Security You are conducting a workshop on network communication models. Which of the following statements about the ISO-OSI model is incorrect?...
• Communication and Network Security During a networking class, your instructor asks which of the following statements about the ISO-OSI model is incorrect?
• Communication and Network Security Your company is planning to connect two factory sites located 1.5 miles apart. Which of the following statements is true...
• Identity and Access Management Your company is considering different methods for authenticating users for on-premise applications. Which of the following should NOT be used...
• Identity and Access Management Which of the following user lifecycle processes is likely to be the most challenging to implement and maintain within your...
• Identity and Access Management Your organization is experiencing rapid, large-scale growth across multiple cloud platforms. To prevent 'authorization creep' which technical control is most...
• Identity and Access Management As the party responsible for managing user access, what should be your primary consideration when deciding whether to suspend or...
• Security Assessment and Testing Your organization is reviewing a SOC 2 Type 2 report from a vendor. Which of the following statements does NOT...
• Security Assessment and Testing Your organization is conducting a vulnerability assessment. Which of the following are steps in the vulnerability assessment process? (Choose all...
• Security Assessment and Testing A red team is hired to perform assessments. Which of the following tasks is NOT typically within the scope of...
• Security Operations You are designing a Disaster Recovery Plan (DRP) for a data center processing critical operations. Which of the following should...
• Security Operations Your organization is experiencing a DDoS attack overwhelming the network. As part of the detection and response phase, what is...
• Security Operations Your organization identified a rise in privilege escalation attacks. Which measure would be the most effective in preventing such attacks?
• Software Development Security To ensure security vulnerabilities are minimized during the development of a new software application, which activity should you prioritize?
• Software Development Security Your web applications are under threat from SQL injection and XSS. Which of the following is the most effective method...
• Security Architecture and Engineering During a discussion about potential vulnerabilities, the topic of hash collisions arises. Which of the following statements about hashing collisions...
• Security Architecture and Engineering Your company is identifying which hashed passwords are more vulnerable to rainbow table attacks. Which two of the following are...
• Security and Risk Management A hiring manager requested assistance in outlining a job description for an IT vacancy. Which of the following are key...
• Security and Risk Management A company acted swiftly to stop a ransomware attack, but the investigation reveals ransomware wasn't addressed in any policies or...
• Security and Risk Management Your manager is concerned that the Business Impact Analysis (BIA) overlooked intangible consequences like reputational damage. How should such risks...
• Security and Risk Management After implementing physical countermeasures to protect a data center from fire, you find that security personnel’s risk of injury has...
• Security Architecture and Engineering Which of the following statements about cryptographic key lengths are incorrect? (choose all that apply)
• Security and Risk Management Your organization has signed an SLA with a cloud provider. After five months, response times are consistently slower during peak...
• Security Operations After an audit, your organization finds current measures insufficient for investigating unauthorized access. Which strategy would be the most effective...
• Identity and Access Management An international firm is transitioning to a fully remote workforce and wants to implement Zero Trust. Which strategy most effectively...
• Security Operations Your security team detected suspicious activity suggesting a possible insider threat in finance. What should be the FIRST step in...
• Security Operations A forensic analyst is investigating a suspect's computer in a financial fraud case to recover deleted files. What should be...
• Software Development Security A consultant evaluating a Python application notices heavy reliance on reflection for dynamic code execution. What primary security concern should...
• Security Operations A financial provider in a disaster-prone region needs high availability and rapid failover for customer accounts. Which strategy is most...
• Identity and Access Management A company is selecting a project management tool and needs to meet minimum security standards for authentication. Which option is...
• Security and Risk Management A financial institution is evaluating a COTS system for electronic records. To meet regulatory requirements like PCI-DSS, which feature should...
• Communication and Network Security Your organization seeks to mitigate the risk of sensitive data leakage through electromagnetic signals from network cables. Which method provides...
• Software Development Security You need to host microservices on-premises with limited hardware, aiming to minimize shared resources and overhead while maximizing performance. Which...
• Software Development Security An insurance firm's contract mandates that developers follow secure coding practices. Which measure best ensures adherence to this obligation?
• Security and Risk Management You are conducting a risk assessment for implementing a Large Language Model (LLM) in critical business functions. Which two risks...
• Security and Risk Management A data exfiltration incident was caused by a user jailbreaking a smartphone. How do you plan to address this situation?
• Security and Risk Management A startup is hiring a third-party software vendor. Which action should happen first after initial due diligence?
• Security and Risk Management A major stakeholder is concerned about operational disruptions during a migration to a cloud-based solution. What is the most appropriate...
• Software Development Security Your C-level executives have a low risk appetite and prioritize stability. How should you approach a Maturity Model (MM) report...
• Security Operations A bank encounters a critical bug in its live environment causing potential financial loss. What is the correct initial step?
• Security and Risk Management As a DPO ensuring GDPR compliance, which database action should you prioritize to meet the principle of data minimization by...
• Software Development Security What recommendation would you propose to ensure adequate protection for a company's source code?
• Security and Risk Management Your organization is seeking an internationally recognized standard to effectively manage and assess risks within its Information Security Management System...
• Security Operations Analysts have intercepted encrypted ciphertexts between suspected attackers and need actionable insights without decrypting the data. Which approach is most...
• Asset Security During a routine audit, you discover data hidden in the slack space of a workstation's hard drive. What should be...