CISSP ISC2 Exam Questions and Free Practice Test

Question 49

- (Exam Topic 9)
The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

A. log auditing.

B. code reviews.

C. impact assessments.

D. static analysis.

Correct Answer:B

Question 50

- (Exam Topic 12)
Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a

A. clear-text attack.

B. known cipher attack.

C. frequency analysis.

D. stochastic assessment.

Correct Answer:C

Question 51

- (Exam Topic 10)
Refer to the information below to answer the question.
A security practitioner detects client-based attacks on the organization’s network. A plan will be necessary to address these concerns.
What is the BEST reason for the organization to pursue a plan to mitigate client-based attacks?

A. Client privilege administration is inherently weaker than server privilege administration.

B. Client hardening and management is easier on clients than on servers.

C. Client-based attacks are more common and easier to exploit than server and network based attacks.

D. Client-based attacks have higher financial impact.

Correct Answer:C

Question 52

- (Exam Topic 11)
Which of the following is the MOST important output from a mobile application threat modeling exercise according to Open Web Application Security Project (OWASP)?

A. Application interface entry and endpoints

B. The likelihood and impact of a vulnerability

C. Countermeasures and mitigations for vulnerabilities

D. A data flow diagram for the application and attack surface analysis

Correct Answer:D

Question 53

- (Exam Topic 9)
Why is a system's criticality classification important in large organizations?

A. It provides for proper prioritization and scheduling of security and maintenance tasks.

B. It reduces critical system support workload and reduces the time required to apply patches.

C. It allows for clear systems status communications to executive management.

D. It provides for easier determination of ownership, reducing confusion as to the status of the asset.

Correct Answer:A

Question 54

- (Exam Topic 9)
What is the ultimate objective of information classification?

A. To assign responsibility for mitigating the risk to vulnerable systems

B. To ensure that information assets receive an appropriate level of protection

C. To recognize that the value of any item of information may change over time

D. To recognize the optimal number of classification categories and the benefits to be gained from their use

Correct Answer:B

START CISSP EXAM