Welcome to the FREE CISSP Practice Exam page. These exams are provided solely as a courtesy for your learning pleasure. These exams are updated monthly however we will not provide support on these.

If you require support on your practice exams than consider our practice exams on Udemy.

Good Luck on the exams. You may also want to review the posts I have on these exams that provide a top ten list and a deep dive on this blog site.

Exams in Beta Mode


/50
0 votes, 0 avg
16

CISSP FREE PRACTICE EXAM 1

This is FREE practice exam provided as a courtesy to help prepare for the CISSP examination.

1 / 50

The National Institute of Standards and Technology (NIST) outlines ______ steps toward FISMA Compliance. Select One

2 / 50

When assessing an organization’s security policy according for adherence to the strict standards established by the International Organization for Standardization (ISO) 27001 and 27002 when can the actual management responsibilities be clearly defined?

3 / 50

A penetration tester is hired to do a risk assessment of a company’s DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed? Select One

4 / 50

Reviewing the picture below what type of an attack has likely occurred? Select One

5 / 50

You manager has been notified an external hacker has compromised you organization’s network security perimeter. The hacker installed a sniffer onto an inside computer and it appears to be collecting information. Which of the following is the MOST effective layer of security your enterprise could have implemented to mitigate the hackers ability to gain further information?

6 / 50

Kerberos is a network authentication protocol that enables secure logon by individuals to a computer network and enables secure authentication by a client computer to a server hosting a network resource  Kerberos authentication involves three types of entities: What are they?

7 / 50

During the process of data classification it is important to ensure little granularity for what reason?

8 / 50

Which of the following mobile code security models relies only on trust?

9 / 50

What type of DOS attack allows an attacker to violates the three-way handshake and  then open a large number of half-open TCP connections? Select One

10 / 50

The use of private and public encryption keys critical in the implementation of which of the following?

11 / 50

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model? Select One

12 / 50

Transmission Control Protocol/Internet Protocol (TCP/IP) stack uses what layer for negotiating and establishing a connection with another node?

13 / 50

When classifying data it is important to consider which of the following?

14 / 50

What security technique can be used to make an encryption scheme more resistant to a known plaintext attack?

15 / 50

You have just had an audit completed and the results are in. The reports states confidentiality is the main focus for improvement. Which of the following could help remove the greatest risk?

16 / 50

Which of the following hypervisor technologies would your company MOST likely use to virtualize your Macbook? Select One

17 / 50

Which of these should not be in an X.509 certificate?  Select One

18 / 50

Which of the following protocols are deployed for Federated Identities and Single Sign On (SSO) ? Select Two

19 / 50

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server.
Which of the following is these examples of? Select One

20 / 50

An important principle of Defense in Depth is that achieving comfort in information security requires a balanced focus on which PRIMARY elements?

21 / 50

What type of site is a duplicate of the original site of the organization with full computer systems as well as near-complete backups of user data. Select One

22 / 50

What vulnerability classification occurs when holes are left in the security framework of an application by systems administrators, DBAs or developers? Select One

23 / 50

When your enterprise is reviewing ownership of an asset what should you consider to be the most important?

24 / 50

The BEST way to prevent tailgating is the use of _______________?   Select One

25 / 50

What type of an attack makes a copy of the transmission before sending it to the recipient for use at a later time? Select One

26 / 50

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

27 / 50

______  is whatever hardware/software/policies you have in place to prevent confidential data from leaving your company? Select One

28 / 50

Your organization is a large software development firm that has currently ran out of resources for their software application hosting.   What type of Cloud service could be used to help alleviate the lack of developer resources? The developers do not want to manage resources such as VMS or storage.

Select One

29 / 50

Which of the following social engineering vulnerabilities can be a risk to your company especially if someone by passes security mechanisms such as badge readers, security guards, biometrics, etc.  Select Two

30 / 50

A ___________________________ is a legally enforceable contract that creates a confidential relationship between a person who holds some kind of trade secret and a person to whom the secret will be disclosed. Select One

31 / 50

What type of cloud service would you want to select if you want to solve a particular business solution like CRM?  Select One

32 / 50

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

33 / 50

What is the purpose of an Internet Protocol (IP) spoofing attack?

34 / 50

Which layer of the OSI protocol is responsible for keeping track of multiple conversations at once? Select One

35 / 50

You would like to scan for XSS flaws .  What tools would could you use?  Select one answer.

36 / 50

A CISO wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? Select One

37 / 50

Which security service is serviced by the process of encrypting plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

38 / 50

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

39 / 50

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as?  (Select One)

40 / 50

Which wireless protocol supports TKIP (Temporal Key Integrity Protocol) to enhance data encryption. Select One

41 / 50

What is an XML based open standard for exchanging authentication and authorization information between different parties? Select One

42 / 50

Franklin is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What is the name of the tool Franklin is using?

43 / 50

What wireless protocol is generally vulnerable to IV attack exploits? Select One

44 / 50

When using NMAP what does specifying no port ranges scans.  Scans how many ports by default? Select One

45 / 50

The email above was received by your CEO.  He states he is not sure what this about or knows this person.  What type of attack was attempted here? Select One

 

46 / 50

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST? Select One

47 / 50

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model? Select One

48 / 50

Your new role as a security engineer for a military base includes validating AD.   Which of these authentication methods would you most commonly find in a Windows Active Directory environment? Select One

49 / 50

In regards to the United States federal law.  What law was passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.   Select One

50 / 50

At what level of the Open System Interconnection (OSI) model is data at rest on a storage array be located?

Your score is

The average score is 34%

0%

/50
0 votes, 0 avg
16

CISSP FREE PRACTICE EXAM 1

This is FREE practice exam provided as a courtesy to help prepare for the CISSP examination.

1 / 50

The BEST way to prevent tailgating is the use of _______________?   Select One

2 / 50

An important principle of Defense in Depth is that achieving comfort in information security requires a balanced focus on which PRIMARY elements?

3 / 50

Which of these should not be in an X.509 certificate?  Select One

4 / 50

What type of cloud service would you want to select if you want to solve a particular business solution like CRM?  Select One

5 / 50

What vulnerability classification occurs when holes are left in the security framework of an application by systems administrators, DBAs or developers? Select One

6 / 50

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model? Select One

7 / 50

In regards to the United States federal law.  What law was passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.   Select One

8 / 50

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server.
Which of the following is these examples of? Select One

9 / 50

During the process of data classification it is important to ensure little granularity for what reason?

10 / 50

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST? Select One

11 / 50

What type of site is a duplicate of the original site of the organization with full computer systems as well as near-complete backups of user data. Select One

12 / 50

When assessing an organization’s security policy according for adherence to the strict standards established by the International Organization for Standardization (ISO) 27001 and 27002 when can the actual management responsibilities be clearly defined?

13 / 50

A penetration tester is hired to do a risk assessment of a company’s DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed? Select One

14 / 50

Which of the following social engineering vulnerabilities can be a risk to your company especially if someone by passes security mechanisms such as badge readers, security guards, biometrics, etc.  Select Two

15 / 50

What type of DOS attack allows an attacker to violates the three-way handshake and  then open a large number of half-open TCP connections? Select One

16 / 50

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

17 / 50

Which of the following protocols are deployed for Federated Identities and Single Sign On (SSO) ? Select Two

18 / 50

Which layer of the OSI protocol is responsible for keeping track of multiple conversations at once? Select One

19 / 50

What security technique can be used to make an encryption scheme more resistant to a known plaintext attack?

20 / 50

Transmission Control Protocol/Internet Protocol (TCP/IP) stack uses what layer for negotiating and establishing a connection with another node?

21 / 50

When using NMAP what does specifying no port ranges scans.  Scans how many ports by default? Select One

22 / 50

When your enterprise is reviewing ownership of an asset what should you consider to be the most important?

23 / 50

The email above was received by your CEO.  He states he is not sure what this about or knows this person.  What type of attack was attempted here? Select One

 

24 / 50

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

25 / 50

A ___________________________ is a legally enforceable contract that creates a confidential relationship between a person who holds some kind of trade secret and a person to whom the secret will be disclosed. Select One

26 / 50

You have just had an audit completed and the results are in. The reports states confidentiality is the main focus for improvement. Which of the following could help remove the greatest risk?

27 / 50

Kerberos is a network authentication protocol that enables secure logon by individuals to a computer network and enables secure authentication by a client computer to a server hosting a network resource  Kerberos authentication involves three types of entities: What are they?

28 / 50

At what level of the Open System Interconnection (OSI) model is data at rest on a storage array be located?

29 / 50

The use of private and public encryption keys critical in the implementation of which of the following?

30 / 50

What is an XML based open standard for exchanging authentication and authorization information between different parties? Select One

31 / 50

Which of the following mobile code security models relies only on trust?

32 / 50

You manager has been notified an external hacker has compromised you organization’s network security perimeter. The hacker installed a sniffer onto an inside computer and it appears to be collecting information. Which of the following is the MOST effective layer of security your enterprise could have implemented to mitigate the hackers ability to gain further information?

33 / 50

What is the purpose of an Internet Protocol (IP) spoofing attack?

34 / 50

Your organization is a large software development firm that has currently ran out of resources for their software application hosting.   What type of Cloud service could be used to help alleviate the lack of developer resources? The developers do not want to manage resources such as VMS or storage.

Select One

35 / 50

When classifying data it is important to consider which of the following?

36 / 50

What type of an attack makes a copy of the transmission before sending it to the recipient for use at a later time? Select One

37 / 50

Which wireless protocol supports TKIP (Temporal Key Integrity Protocol) to enhance data encryption. Select One

38 / 50

______  is whatever hardware/software/policies you have in place to prevent confidential data from leaving your company? Select One

39 / 50

Which security service is serviced by the process of encrypting plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

40 / 50

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as?  (Select One)

41 / 50

Which of the following hypervisor technologies would your company MOST likely use to virtualize your Macbook? Select One

42 / 50

What wireless protocol is generally vulnerable to IV attack exploits? Select One

43 / 50

Reviewing the picture below what type of an attack has likely occurred? Select One

44 / 50

You would like to scan for XSS flaws .  What tools would could you use?  Select one answer.

45 / 50

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model? Select One

46 / 50

Franklin is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What is the name of the tool Franklin is using?

47 / 50

The National Institute of Standards and Technology (NIST) outlines ______ steps toward FISMA Compliance. Select One

48 / 50

A CISO wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? Select One

49 / 50

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

50 / 50

Your new role as a security engineer for a military base includes validating AD.   Which of these authentication methods would you most commonly find in a Windows Active Directory environment? Select One

Your score is

The average score is 34%

0%


%d bloggers like this: