Welcome to the FREE CISSP Practice Exam page. These exams are provided solely as a courtesy for your learning pleasure. These exams are updated monthly however we will not provide support on these.

If you require support on your practice exams than consider our practice exams on Udemy.

Good Luck on the exams. You may also want to review the posts I have on these exams that provide a top ten list and a deep dive on this blog site.

Exams in Beta Mode


/50
0 votes, 0 avg
10

CISSP FREE PRACTICE EXAM 1

This is FREE practice exam provided as a courtesy to help prepare for the CISSP examination.

1 / 50

Which security service is serviced by the process of encrypting plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

2 / 50

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

3 / 50

What vulnerability classification occurs when holes are left in the security framework of an application by systems administrators, DBAs or developers? Select One

4 / 50

You would like to scan for XSS flaws .  What tools would could you use?  Select one answer.

5 / 50

What type of cloud service would you want to select if you want to solve a particular business solution like CRM?  Select One

6 / 50

Reviewing the picture below what type of an attack has likely occurred? Select One

7 / 50

Kerberos is a network authentication protocol that enables secure logon by individuals to a computer network and enables secure authentication by a client computer to a server hosting a network resource  Kerberos authentication involves three types of entities: What are they?

8 / 50

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as?  (Select One)

9 / 50

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model? Select One

10 / 50

Which wireless protocol supports TKIP (Temporal Key Integrity Protocol) to enhance data encryption. Select One

11 / 50

The use of private and public encryption keys critical in the implementation of which of the following?

12 / 50

You manager has been notified an external hacker has compromised you organization’s network security perimeter. The hacker installed a sniffer onto an inside computer and it appears to be collecting information. Which of the following is the MOST effective layer of security your enterprise could have implemented to mitigate the hackers ability to gain further information?

13 / 50

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model? Select One

14 / 50

Transmission Control Protocol/Internet Protocol (TCP/IP) stack uses what layer for negotiating and establishing a connection with another node?

15 / 50

Your organization is a large software development firm that has currently ran out of resources for their software application hosting.   What type of Cloud service could be used to help alleviate the lack of developer resources? The developers do not want to manage resources such as VMS or storage.

Select One

16 / 50

A penetration tester is hired to do a risk assessment of a company’s DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed? Select One

17 / 50

Which of these should not be in an X.509 certificate?  Select One

18 / 50

What is the purpose of an Internet Protocol (IP) spoofing attack?

19 / 50

What wireless protocol is generally vulnerable to IV attack exploits? Select One

20 / 50

During the process of data classification it is important to ensure little granularity for what reason?

21 / 50

Which of the following social engineering vulnerabilities can be a risk to your company especially if someone by passes security mechanisms such as badge readers, security guards, biometrics, etc.  Select Two

22 / 50

The National Institute of Standards and Technology (NIST) outlines ______ steps toward FISMA Compliance. Select One

23 / 50

What type of DOS attack allows an attacker to violates the three-way handshake and  then open a large number of half-open TCP connections? Select One

24 / 50

A CISO wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? Select One

25 / 50

What security technique can be used to make an encryption scheme more resistant to a known plaintext attack?

26 / 50

In regards to the United States federal law.  What law was passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.   Select One

27 / 50

______  is whatever hardware/software/policies you have in place to prevent confidential data from leaving your company? Select One

28 / 50

Franklin is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What is the name of the tool Franklin is using?

29 / 50

What type of an attack makes a copy of the transmission before sending it to the recipient for use at a later time? Select One

30 / 50

When assessing an organization’s security policy according for adherence to the strict standards established by the International Organization for Standardization (ISO) 27001 and 27002 when can the actual management responsibilities be clearly defined?

31 / 50

You have just had an audit completed and the results are in. The reports states confidentiality is the main focus for improvement. Which of the following could help remove the greatest risk?

32 / 50

When classifying data it is important to consider which of the following?

33 / 50

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST? Select One

34 / 50

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

35 / 50

Which of the following protocols are deployed for Federated Identities and Single Sign On (SSO) ? Select Two

36 / 50

Which layer of the OSI protocol is responsible for keeping track of multiple conversations at once? Select One

37 / 50

Which of the following mobile code security models relies only on trust?

38 / 50

What is an XML based open standard for exchanging authentication and authorization information between different parties? Select One

39 / 50

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server.
Which of the following is these examples of? Select One

40 / 50

The email above was received by your CEO.  He states he is not sure what this about or knows this person.  What type of attack was attempted here? Select One

 

41 / 50

What type of site is a duplicate of the original site of the organization with full computer systems as well as near-complete backups of user data. Select One

42 / 50

Your new role as a security engineer for a military base includes validating AD.   Which of these authentication methods would you most commonly find in a Windows Active Directory environment? Select One

43 / 50

Which of the following hypervisor technologies would your company MOST likely use to virtualize your Macbook? Select One

44 / 50

The BEST way to prevent tailgating is the use of _______________?   Select One

45 / 50

An important principle of Defense in Depth is that achieving comfort in information security requires a balanced focus on which PRIMARY elements?

46 / 50

At what level of the Open System Interconnection (OSI) model is data at rest on a storage array be located?

47 / 50

When using NMAP what does specifying no port ranges scans.  Scans how many ports by default? Select One

48 / 50

When your enterprise is reviewing ownership of an asset what should you consider to be the most important?

49 / 50

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

50 / 50

A ___________________________ is a legally enforceable contract that creates a confidential relationship between a person who holds some kind of trade secret and a person to whom the secret will be disclosed. Select One

Your score is

The average score is 20%

0%

/50
0 votes, 0 avg
10

CISSP FREE PRACTICE EXAM 1

This is FREE practice exam provided as a courtesy to help prepare for the CISSP examination.

1 / 50

Franklin is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What is the name of the tool Franklin is using?

2 / 50

At what level of the Open System Interconnection (OSI) model is data at rest on a storage array be located?

3 / 50

In regards to the United States federal law.  What law was passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.   Select One

4 / 50

What type of DOS attack allows an attacker to violates the three-way handshake and  then open a large number of half-open TCP connections? Select One

5 / 50

Which wireless protocol supports TKIP (Temporal Key Integrity Protocol) to enhance data encryption. Select One

6 / 50

The email above was received by your CEO.  He states he is not sure what this about or knows this person.  What type of attack was attempted here? Select One

 

7 / 50

A CISO wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? Select One

8 / 50

What type of cloud service would you want to select if you want to solve a particular business solution like CRM?  Select One

9 / 50

Reviewing the picture below what type of an attack has likely occurred? Select One

10 / 50

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model? Select One

11 / 50

What is the purpose of an Internet Protocol (IP) spoofing attack?

12 / 50

Transmission Control Protocol/Internet Protocol (TCP/IP) stack uses what layer for negotiating and establishing a connection with another node?

13 / 50

You manager has been notified an external hacker has compromised you organization’s network security perimeter. The hacker installed a sniffer onto an inside computer and it appears to be collecting information. Which of the following is the MOST effective layer of security your enterprise could have implemented to mitigate the hackers ability to gain further information?

14 / 50

What is an XML based open standard for exchanging authentication and authorization information between different parties? Select One

15 / 50

When your enterprise is reviewing ownership of an asset what should you consider to be the most important?

16 / 50

You would like to scan for XSS flaws .  What tools would could you use?  Select one answer.

17 / 50

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

18 / 50

Which layer of the OSI protocol is responsible for keeping track of multiple conversations at once? Select One

19 / 50

Which of these should not be in an X.509 certificate?  Select One

20 / 50

Which of the following mobile code security models relies only on trust?

21 / 50

An important principle of Defense in Depth is that achieving comfort in information security requires a balanced focus on which PRIMARY elements?

22 / 50

Which of the following social engineering vulnerabilities can be a risk to your company especially if someone by passes security mechanisms such as badge readers, security guards, biometrics, etc.  Select Two

23 / 50

Your new role as a security engineer for a military base includes validating AD.   Which of these authentication methods would you most commonly find in a Windows Active Directory environment? Select One

24 / 50

When classifying data it is important to consider which of the following?

25 / 50

A penetration tester is hired to do a risk assessment of a company’s DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed? Select One

26 / 50

You have just had an audit completed and the results are in. The reports states confidentiality is the main focus for improvement. Which of the following could help remove the greatest risk?

27 / 50

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server.
Which of the following is these examples of? Select One

28 / 50

Kerberos is a network authentication protocol that enables secure logon by individuals to a computer network and enables secure authentication by a client computer to a server hosting a network resource  Kerberos authentication involves three types of entities: What are they?

29 / 50

What vulnerability classification occurs when holes are left in the security framework of an application by systems administrators, DBAs or developers? Select One

30 / 50

The National Institute of Standards and Technology (NIST) outlines ______ steps toward FISMA Compliance. Select One

31 / 50

What wireless protocol is generally vulnerable to IV attack exploits? Select One

32 / 50

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model? Select One

33 / 50

A ___________________________ is a legally enforceable contract that creates a confidential relationship between a person who holds some kind of trade secret and a person to whom the secret will be disclosed. Select One

34 / 50

Which security service is serviced by the process of encrypting plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

35 / 50

What security technique can be used to make an encryption scheme more resistant to a known plaintext attack?

36 / 50

During the process of data classification it is important to ensure little granularity for what reason?

37 / 50

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST? Select One

38 / 50

The use of private and public encryption keys critical in the implementation of which of the following?

39 / 50

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

40 / 50

What type of site is a duplicate of the original site of the organization with full computer systems as well as near-complete backups of user data. Select One

41 / 50

Your organization is a large software development firm that has currently ran out of resources for their software application hosting.   What type of Cloud service could be used to help alleviate the lack of developer resources? The developers do not want to manage resources such as VMS or storage.

Select One

42 / 50

______  is whatever hardware/software/policies you have in place to prevent confidential data from leaving your company? Select One

43 / 50

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as?  (Select One)

44 / 50

When using NMAP what does specifying no port ranges scans.  Scans how many ports by default? Select One

45 / 50

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

46 / 50

The BEST way to prevent tailgating is the use of _______________?   Select One

47 / 50

Which of the following protocols are deployed for Federated Identities and Single Sign On (SSO) ? Select Two

48 / 50

What type of an attack makes a copy of the transmission before sending it to the recipient for use at a later time? Select One

49 / 50

When assessing an organization’s security policy according for adherence to the strict standards established by the International Organization for Standardization (ISO) 27001 and 27002 when can the actual management responsibilities be clearly defined?

50 / 50

Which of the following hypervisor technologies would your company MOST likely use to virtualize your Macbook? Select One

Your score is

The average score is 20%

0%


%d bloggers like this: