Exam Code: CISSP (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Certified Information Systems Security Professional (CISSP)
Certification Provider: ISC2
Free Today! Guaranteed Training- Pass CISSP Exam.

2021 Oct CISSP practice exam

Q111. DRAG DROP 

Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM). 

Answer: 


Q112. DRAG DROP 

Drag the following Security Engineering terms on the left to the BEST definition on the right. 

Answer: 


Q113. Which of the following would be the FIRST step to take when implementing a patch management program? 

A. Perform automatic deployment of patches. 

B. Monitor for vulnerabilities and threats. 

C. Prioritize vulnerability remediation. 

D. Create a system inventory. 

Answer:


Q114. Why is a system's criticality classification important in large organizations? 

A. It provides for proper prioritization and scheduling of security and maintenance tasks. 

B. It reduces critical system support workload and reduces the time required to apply patches. 

C. It allows for clear systems status communications to executive management. 

D. It provides for easier determination of ownership, reducing confusion as to the status of the asset. 

Answer:


Q115. An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation? 

A. Clients can authenticate themselves to the servers. 

B. Mutual authentication is available between the clients and servers. 

C. Servers are able to issue digital certificates to the client. 

D. Servers can authenticate themselves to the client. 

Answer:


Up to the minute CISSP free question:

Q116. When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an organization that shares card holder information with a service provider MUST do which of the following? 

A. Perform a service provider PCI-DSS assessment on a yearly basis. 

B. Validate.the service provider's PCI-DSS compliance status on a regular basis. 

C. Validate.that the service providers security policies are in alignment with those.of the organization. 

D. Ensure that the service provider.updates and tests its Disaster Recovery Plan (DRP).on a yearly basis. 

Answer:


Q117. After acquiring the latest security updates, what must be done before deploying to production systems? 

A. Use tools to detect missing system patches 

B. Install the patches on a test system 

C. Subscribe to notifications for vulnerabilities 

D. Assess the severity of the situation 

Answer:


Q118. An Intrusion Detection System (IDS) is generating alarms that a user account has over 100 failed login attempts per minute. A sniffer is placed on the network, and a variety of passwords for that user are noted. Which of the following is MOST likely occurring? 

A. A dictionary attack 

B. A Denial of Service (DoS) attack 

C. A spoofing attack 

D. A backdoor installation 

Answer:


Q119. What type of encryption is used to protect sensitive data in transit over a network? 

A. Payload encryption and transport encryption 

B. Authentication Headers (AH) 

C. Keyed-Hashing for Message Authentication 

D. Point-to-Point Encryption (P2PE) 

Answer:


Q120. When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined? 

A. After the system preliminary design has been developed and.the data security categorization has been performed 

B. After the business functional analysis and the data security categorization have been performed 

C. After the vulnerability analysis has been performed and before the system detailed design begins 

D. After the system preliminary design has been developed and before.the.data security categorization begins 

Answer: