Welcome to the FREE CISSP Practice Exam page. These exams are provided solely as a courtesy for your learning pleasure. These exams are updated monthly however we will not provide support on these.

If you require support on your practice exams than consider our practice exams on Udemy.

Good Luck on the exams. You may also want to review the posts I have on these exams that provide a top ten list and a deep dive on this blog site.

Exams in Beta Mode


/50
0 votes, 0 avg
1

CISSP FREE PRACTICE EXAM 1

This is FREE practice exam provided as a courtesy to help prepare for the CISSP examination.

1 / 50

Your organization is a large software development firm that has currently ran out of resources for their software application hosting.   What type of Cloud service could be used to help alleviate the lack of developer resources? The developers do not want to manage resources such as VMS or storage.

Select One

2 / 50

When using NMAP what does specifying no port ranges scans.  Scans how many ports by default? Select One

3 / 50

A CISO wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? Select One

4 / 50

What wireless protocol is generally vulnerable to IV attack exploits? Select One

5 / 50

Which of these should not be in an X.509 certificate?  Select One

6 / 50

When your enterprise is reviewing ownership of an asset what should you consider to be the most important?

7 / 50

What is the purpose of an Internet Protocol (IP) spoofing attack?

8 / 50

You would like to scan for XSS flaws .  What tools would could you use?  Select one answer.

9 / 50

What vulnerability classification occurs when holes are left in the security framework of an application by systems administrators, DBAs or developers? Select One

10 / 50

Which layer of the OSI protocol is responsible for keeping track of multiple conversations at once? Select One

11 / 50

Which of the following hypervisor technologies would your company MOST likely use to virtualize your Macbook? Select One

12 / 50

What type of site is a duplicate of the original site of the organization with full computer systems as well as near-complete backups of user data. Select One

13 / 50

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server.
Which of the following is these examples of? Select One

14 / 50

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

15 / 50

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

16 / 50

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as?  (Select One)

17 / 50

Which of the following protocols are deployed for Federated Identities and Single Sign On (SSO) ? Select Two

18 / 50

A penetration tester is hired to do a risk assessment of a company’s DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed? Select One

19 / 50

When classifying data it is important to consider which of the following?

20 / 50

The use of private and public encryption keys critical in the implementation of which of the following?

21 / 50

When assessing an organization’s security policy according for adherence to the strict standards established by the International Organization for Standardization (ISO) 27001 and 27002 when can the actual management responsibilities be clearly defined?

22 / 50

An important principle of Defense in Depth is that achieving comfort in information security requires a balanced focus on which PRIMARY elements?

23 / 50

What security technique can be used to make an encryption scheme more resistant to a known plaintext attack?

24 / 50

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model? Select One

25 / 50

At what level of the Open System Interconnection (OSI) model is data at rest on a storage array be located?

26 / 50

Franklin is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What is the name of the tool Franklin is using?

27 / 50

What type of an attack makes a copy of the transmission before sending it to the recipient for use at a later time? Select One

28 / 50

Which security service is serviced by the process of encrypting plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

29 / 50

What is an XML based open standard for exchanging authentication and authorization information between different parties? Select One

30 / 50

The BEST way to prevent tailgating is the use of _______________?   Select One

31 / 50

The National Institute of Standards and Technology (NIST) outlines ______ steps toward FISMA Compliance. Select One

32 / 50

During the process of data classification it is important to ensure little granularity for what reason?

33 / 50

What type of DOS attack allows an attacker to violates the three-way handshake and  then open a large number of half-open TCP connections? Select One

34 / 50

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model? Select One

35 / 50

Reviewing the picture below what type of an attack has likely occurred? Select One

36 / 50

In regards to the United States federal law.  What law was passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.   Select One

37 / 50

______  is whatever hardware/software/policies you have in place to prevent confidential data from leaving your company? Select One

38 / 50

Kerberos is a network authentication protocol that enables secure logon by individuals to a computer network and enables secure authentication by a client computer to a server hosting a network resource  Kerberos authentication involves three types of entities: What are they?

39 / 50

Which of the following mobile code security models relies only on trust?

40 / 50

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

41 / 50

A ___________________________ is a legally enforceable contract that creates a confidential relationship between a person who holds some kind of trade secret and a person to whom the secret will be disclosed. Select One

42 / 50

Transmission Control Protocol/Internet Protocol (TCP/IP) stack uses what layer for negotiating and establishing a connection with another node?

43 / 50

Which of the following social engineering vulnerabilities can be a risk to your company especially if someone by passes security mechanisms such as badge readers, security guards, biometrics, etc.  Select Two

44 / 50

Which wireless protocol supports TKIP (Temporal Key Integrity Protocol) to enhance data encryption. Select One

45 / 50

What type of cloud service would you want to select if you want to solve a particular business solution like CRM?  Select One

46 / 50

You have just had an audit completed and the results are in. The reports states confidentiality is the main focus for improvement. Which of the following could help remove the greatest risk?

47 / 50

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST? Select One

48 / 50

Your new role as a security engineer for a military base includes validating AD.   Which of these authentication methods would you most commonly find in a Windows Active Directory environment? Select One

49 / 50

You manager has been notified an external hacker has compromised you organization’s network security perimeter. The hacker installed a sniffer onto an inside computer and it appears to be collecting information. Which of the following is the MOST effective layer of security your enterprise could have implemented to mitigate the hackers ability to gain further information?

50 / 50

The email above was received by your CEO.  He states he is not sure what this about or knows this person.  What type of attack was attempted here? Select One

 

Your score is

The average score is 0%

0%

/50
0 votes, 0 avg
1

CISSP FREE PRACTICE EXAM 1

This is FREE practice exam provided as a courtesy to help prepare for the CISSP examination.

1 / 50

Transmission Control Protocol/Internet Protocol (TCP/IP) stack uses what layer for negotiating and establishing a connection with another node?

2 / 50

You manager has been notified an external hacker has compromised you organization’s network security perimeter. The hacker installed a sniffer onto an inside computer and it appears to be collecting information. Which of the following is the MOST effective layer of security your enterprise could have implemented to mitigate the hackers ability to gain further information?

3 / 50

Reviewing the picture below what type of an attack has likely occurred? Select One

4 / 50

Which of the following social engineering vulnerabilities can be a risk to your company especially if someone by passes security mechanisms such as badge readers, security guards, biometrics, etc.  Select Two

5 / 50

What type of cloud service would you want to select if you want to solve a particular business solution like CRM?  Select One

6 / 50

______  is whatever hardware/software/policies you have in place to prevent confidential data from leaving your company? Select One

7 / 50

The use of private and public encryption keys critical in the implementation of which of the following?

8 / 50

A penetration tester is hired to do a risk assessment of a company’s DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed? Select One

9 / 50

Which of the following mobile code security models relies only on trust?

10 / 50

During the process of data classification it is important to ensure little granularity for what reason?

11 / 50

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

12 / 50

What type of site is a duplicate of the original site of the organization with full computer systems as well as near-complete backups of user data. Select One

13 / 50

When assessing an organization’s security policy according for adherence to the strict standards established by the International Organization for Standardization (ISO) 27001 and 27002 when can the actual management responsibilities be clearly defined?

14 / 50

When using NMAP what does specifying no port ranges scans.  Scans how many ports by default? Select One

15 / 50

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

16 / 50

What wireless protocol is generally vulnerable to IV attack exploits? Select One

17 / 50

Which security service is serviced by the process of encrypting plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

18 / 50

Which of the following protocols are deployed for Federated Identities and Single Sign On (SSO) ? Select Two

19 / 50

Your new role as a security engineer for a military base includes validating AD.   Which of these authentication methods would you most commonly find in a Windows Active Directory environment? Select One

20 / 50

At what level of the Open System Interconnection (OSI) model is data at rest on a storage array be located?

21 / 50

What type of DOS attack allows an attacker to violates the three-way handshake and  then open a large number of half-open TCP connections? Select One

22 / 50

The National Institute of Standards and Technology (NIST) outlines ______ steps toward FISMA Compliance. Select One

23 / 50

Kerberos is a network authentication protocol that enables secure logon by individuals to a computer network and enables secure authentication by a client computer to a server hosting a network resource  Kerberos authentication involves three types of entities: What are they?

24 / 50

What security technique can be used to make an encryption scheme more resistant to a known plaintext attack?

25 / 50

The email above was received by your CEO.  He states he is not sure what this about or knows this person.  What type of attack was attempted here? Select One

 

26 / 50

When your enterprise is reviewing ownership of an asset what should you consider to be the most important?

27 / 50

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server.
Which of the following is these examples of? Select One

28 / 50

What vulnerability classification occurs when holes are left in the security framework of an application by systems administrators, DBAs or developers? Select One

29 / 50

An important principle of Defense in Depth is that achieving comfort in information security requires a balanced focus on which PRIMARY elements?

30 / 50

Your organization is a large software development firm that has currently ran out of resources for their software application hosting.   What type of Cloud service could be used to help alleviate the lack of developer resources? The developers do not want to manage resources such as VMS or storage.

Select One

31 / 50

The BEST way to prevent tailgating is the use of _______________?   Select One

32 / 50

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model? Select One

33 / 50

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model? Select One

34 / 50

A CISO wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? Select One

35 / 50

You have just had an audit completed and the results are in. The reports states confidentiality is the main focus for improvement. Which of the following could help remove the greatest risk?

36 / 50

What is an XML based open standard for exchanging authentication and authorization information between different parties? Select One

37 / 50

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as?  (Select One)

38 / 50

You would like to scan for XSS flaws .  What tools would could you use?  Select one answer.

39 / 50

What type of an attack makes a copy of the transmission before sending it to the recipient for use at a later time? Select One

40 / 50

What is the purpose of an Internet Protocol (IP) spoofing attack?

41 / 50

Franklin is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What is the name of the tool Franklin is using?

42 / 50

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST? Select One

43 / 50

Which layer of the OSI protocol is responsible for keeping track of multiple conversations at once? Select One

44 / 50

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

45 / 50

Which of the following hypervisor technologies would your company MOST likely use to virtualize your Macbook? Select One

46 / 50

A ___________________________ is a legally enforceable contract that creates a confidential relationship between a person who holds some kind of trade secret and a person to whom the secret will be disclosed. Select One

47 / 50

In regards to the United States federal law.  What law was passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.   Select One

48 / 50

When classifying data it is important to consider which of the following?

49 / 50

Which of these should not be in an X.509 certificate?  Select One

50 / 50

Which wireless protocol supports TKIP (Temporal Key Integrity Protocol) to enhance data encryption. Select One

Your score is

The average score is 0%

0%


%d bloggers like this: