CISSP ISC2 Exam Questions and Free Practice Test

Question 25

- (Exam Topic 11)
What does an organization FIRST review to assure compliance with privacy requirements?

A. Best practices

B. Business objectives

C. Legal and regulatory mandates

D. Employee's compliance to policies and standards

Correct Answer:C

Question 26

- (Exam Topic 10)
Host-Based Intrusion Protection (HIPS) systems are often deployed in monitoring or learning mode during their initial implementation. What is the objective of starting in this mode?

A. Automatically create exceptions for specific actions or files

B. Determine which files are unsafe to access and blacklist them

C. Automatically whitelist actions or files known to the system

D. Build a baseline of normal or safe system events for review

Correct Answer:D

Question 27

- (Exam Topic 11)
The MAIN reason an organization conducts a security authorization process is to

A. force the organization to make conscious risk decisions.

B. assure the effectiveness of security controls.

C. assure the correct security organization exists.

D. force the organization to enlist management support.

Correct Answer:A

Question 28

- (Exam Topic 10)
Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session. Application access is based on job classification. The organization is subject to periodic independent reviews of access controls and violations. The organization uses wired and wireless networks and remote access. The organization also uses secure connections to branch offices and secure backup and recovery strategies for selected information and processes.
Which of the following BEST describes the access control methodology used?

A. Least privilege

B. Lattice Based Access Control (LBAC)

C. Role Based Access Control (RBAC)

D. Lightweight Directory Access Control (LDAP)

Correct Answer:C

Question 29

- (Exam Topic 13)
When developing solutions for mobile devices, in which phase of the Software Development Life Cycle (SDLC) should technical limitations related to devices be specified?

A. Implementation

B. Initiation

C. Review

D. Development

Correct Answer:A

Question 30

- (Exam Topic 9)
The PRIMARY purpose of a security awareness program is to

A. ensure that everyone understands the organization's policies and procedures.

B. communicate that access to information will be granted on a need-to-know basis.

C. warn all users that access to all systems will be monitored on a daily basis.

D. comply with regulations related to data and information protection.

Correct Answer:A

START CISSP EXAM