CISSP Test 1 Missed Questions

A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?. Implement software-defined network (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices and applications. Implement a virtual network (VLAN) to logically seperate the local area network (LAN) from the physical switches. Implement a virtual local area network (VLAN) for each department and create a seperate subnet for each VLAN. Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes.

A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?. Logging and monitoring. Data Validation. Data sanitization. Service accounts removal.

Which of the following is included in change management?. Technical review by business owner. User Acceptance Testing (UAT) before implementation. Cost-benefit analysis (CBA) after implementation. Business continuity testing.

An organization is looking to include mobile devices in its asset management system for better tracking. In which system tier of the reference architecture would mobile devices be tracked?. 0. 1. 2. 3.

Which of the following is the BEST way to protect an organization's data assets?. Encrypt data in transit and at rest using up-to-date cryptographic algorithms. Monitor and enforce adherence to security policies. Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD). Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.

When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should the considerations be prioritized?. Public safety, duties to individuals, duties to the profession, and duties to principals. Public safety, duties to principals, duties to the profession, and duties to individuals. Public safety, duties to principals, duties to individuals, and duties to the profession. Public safety, duties to the profession, duties to principals, and duties to individuals.

Which of the following attacks, if successful, could give an intruder complete control of a software-defined networking (SDN) architecture?. A brute force password attack on the Secure Shell (SSH) port of the controller. Sending control messages to open a flow that does not pass a firewall from a compromised host within the network. Remote Authentication Dial-In User Service (RADIUS) token replay attack. Sniffing the traffic of a compromised host inside the network.

In the context of disaster recovery what is the MOST crucial aspect to consider when creating a recovery time objective (RTO)?. The cost of implementing disaster recovery measures. The availability of backup data. The criticality of business functions. The geographical location of the disaster recovery site.

Which of the following security models is MOST likely to be used in a highly classified government agency where data confidentiality is upmost important?. Biba model. Bell-Lapadula Model. Clark-Wilson Model. Brewer-Nash Model.

Which Cryptographic algorithm is BEST suited for ensuring the integrity of large files or messages?. RSA. AES. SHA-256. DES.

In the context of network security, which of the following protocols is LEAST likely to be used for securely transmitting sensitive information?. HTTPS. SSH. FTP. SNMPv3.

In a cloud computing environment, which of the following is the MOST critical factor for ensuring data security and privacy?. Services provided by the cloud provider. Strong access controls and authentication. Regular security audits and assesments. Service-level agreements (SLAs) with the cloud provider.

Which one of the following cryptographic techniques does cryptographic shredding predominantly depend on?. Symmetric. Asymmetric. Hash functions. Seganography.

In the context of security incident response, which of the following is the MOST important consideration when determining the severity of the incident?. The number of affected systems. The financial impact on the organization. The level of media attention. The potential harm to the organization's repuation.

Which of the following is the MOST critical step in the Secure Software Development Lifecycle (SDLC) for preventing security vulnreabilities?. Penetration Testing. Code review. Requirements Gathering. User Acceptance Testing.

In the context of security governance, what is the PRIMARY role of a steering committee?. Developing technical secuity controls. Managing day-to-day security operations. Setting strategic security objectives and priorities. Conducting security risk assesments.

In the context of cryptography, which of the following statements about "birthday attack" is TRUE?. It is a type of cryptographic attack that targets weak encryption. It is a collision attack that occurs when two different inputs produce the same hash value. It is a form of side-channel attack that exploits the physical characteristics of cryptographic devices. It is an attack on the birthday paradox to compromise encryption keys.

Which of the following is the PRIMARY goal of a security awareness training program within an organization?. To ensure all employees can respond effectively to security incidents. To reduce the likelihood of insider threats and data breaches. To achieve compliance with industry security standards. To teach employees the organization security expectations.

In a security incident response plan, what is the PRIMARY purpose of a post-incident review?. Identifying and prosecuting the attackers responsible for the incident. Assessing the effectiveness of the response and identifying areas for improvement. Communicating the incident to external parties, such as customers and the media. Restoring affected systems and services to normal operation.

Which of the following security controls is MOST effective in preventing a malware infection from malicious email attachments?. IPS. Email Content filtering. Host-based firewall. Patch management.

Which of the following is the most critical aspect of Privacy by design?. Encrypting sensitive data at rest and in transit. Appointing a Data protection officer. Involving privacy experts from the inception of the project. Regularly updating the organization's privacy policy.

Which of the following security assesment methods is MOST suitable for evaluating the security posture of an application's source code?. Vulnerability Scanning. Static analysis. Social engineering. Network Scanning.

Which of the following best captures the primary intent of GDPR?. Ensuring EU citizens can shop online securely. Protecting the fundamental right to data privacy of EU residents. Encouraging international businesses to operate within the EU. Streamlining and upgrading legacy EU privacy regulations.

In a symmetric key network of 100 nodes where each node securely communicates with every other node using unique keys how many symmetric keys are needed?. 1000. 4950. 10000. 4950.

When assessing the risk to PHI in a cloud environment, which of the following should be of the primary concern?. Location of data centers. Type of encryption used in the data storage. SLA uptime guaruntees by the cloud provider. Data access control agreements with the cloud provider.

Which of the following security assessment methods is MOST effective for identifying unknown vulnerabilities that not disclosed publicly?. Vulnerability Scanning. Penetration Testing. Code Review. Security information and event monitoring.

Which of the following is the MOST critical factor for ensuring the success of a security governance program?. Advanced technology solutions. Comprehensive security policies. Strong executive support. Experienced security staff.

In a tokenization system, what primarily distinguishes a token from the original sensitive data it represents?. The token is always longer than the original data. The token, on its own, has no meaningful value or information. The token contains encrypted segments of the orginal data. The token must be reversible to the orginal data without any additional information.

In a DevSecOps environment, where does the responsibility for security primarily lie in the context of CI/CD vs. Agile?. Solely with the security team in CI/CD and with developers in Agile. Equally distributed across all teams in both CI/CD and Agile. Primarily with developers in CI/CD and equally across all teams in Agile. Solely with the operations team in CI/CD and with the security team in Agile.