CISSP ISC2 Exam Questions and Free Practice Test

Question 19

- (Exam Topic 12)
What is the BEST way to encrypt web application communications?

A. Secure Hash Algorithm 1 (SHA-1)

B. Secure Sockets Layer (SSL)

C. Cipher Block Chaining Message Authentication Code (CBC-MAC)

D. Transport Layer Security (TLS)

Correct Answer:D

Question 20

- (Exam Topic 9)
Which of the following Disaster Recovery (DR) sites is the MOST difficult to test?

A. Hot site

B. Cold site

C. Warm site

D. Mobile site

Correct Answer:B

Question 21

- (Exam Topic 9)
Who must approve modifications to an organization's production infrastructure configuration?

A. Technical management

B. Change control board

C. System operations

D. System users

Correct Answer:B

Question 22

- (Exam Topic 13)
The core component of Role Based Access Control (RBAC) must be constructed of defined data elements. Which elements are required?

A. Users, permissions, operations, and protected objects

B. Roles, accounts, permissions, and protected objects

C. Users, roles, operations, and protected objects

D. Roles, operations, accounts, and protected objects

Correct Answer:C

Question 23

- (Exam Topic 10)
For a service provider, which of the following MOST effectively addresses confidentiality concerns for customers using cloud computing?

A. Hash functions

B. Data segregation

C. File system permissions

D. Non-repudiation controls

Correct Answer:B

Question 24

- (Exam Topic 11)
The PRIMARY security concern for handheld devices is the

A. strength of the encryption algorithm.

B. spread of malware during synchronization.

C. ability to bypass the authentication mechanism.

D. strength of the Personal Identification Number (PIN).

Correct Answer:C

START CISSP EXAM