Welcome to the FREE CISSP Practice Exam page. These exams are provided solely as a courtesy for your learning pleasure. These exams are updated monthly however we will not provide support on these.

If you require support on your practice exams than consider our practice exams on Udemy.

Good Luck on the exams. You may also want to review the posts I have on these exams that provide a top ten list and a deep dive on this blog site.

Exams in Beta Mode

/50
0 votes, 0 avg
30

CISSP FREE PRACTICE EXAM 1

This is FREE practice exam provided as a courtesy to help prepare for the CISSP examination.

1 / 50

What is an XML based open standard for exchanging authentication and authorization information between different parties? Select One

2 / 50

What security technique can be used to make an encryption scheme more resistant to a known plaintext attack?

3 / 50

Franklin is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What is the name of the tool Franklin is using?

4 / 50

What wireless protocol is generally vulnerable to IV attack exploits? Select One

5 / 50

The email above was received by your CEO.  He states he is not sure what this about or knows this person.  What type of attack was attempted here? Select One

 

6 / 50

Which of the following is used by the Point-to-Point Protocol (PPP) to determine packet formats?

7 / 50

Which security service is serviced by the process of encrypting plaintext with the sender’s private key and decrypting cipher text with the sender’s public key?

8 / 50

Which of these should not be in an X.509 certificate?  Select One

9 / 50

What vulnerability classification occurs when holes are left in the security framework of an application by systems administrators, DBAs or developers? Select One

10 / 50

What type of site is a duplicate of the original site of the organization with full computer systems as well as near-complete backups of user data. Select One

11 / 50

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST? Select One

12 / 50

When assessing an organization’s security policy according for adherence to the strict standards established by the International Organization for Standardization (ISO) 27001 and 27002 when can the actual management responsibilities be clearly defined?

13 / 50

What type of cloud service would you want to select if you want to solve a particular business solution like CRM?  Select One

14 / 50

Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?

15 / 50

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model? Select One

16 / 50

At what level of the Open System Interconnection (OSI) model is data at rest on a storage array be located?

17 / 50

______  is whatever hardware/software/policies you have in place to prevent confidential data from leaving your company? Select One

18 / 50

Which of the following hypervisor technologies would your company MOST likely use to virtualize your Macbook? Select One

19 / 50

Which layer of the OSI protocol is responsible for keeping track of multiple conversations at once? Select One

20 / 50

Transmission Control Protocol/Internet Protocol (TCP/IP) stack uses what layer for negotiating and establishing a connection with another node?

21 / 50

What type of DOS attack allows an attacker to violates the three-way handshake and  then open a large number of half-open TCP connections? Select One

22 / 50

Which of the following protocols are deployed for Federated Identities and Single Sign On (SSO) ? Select Two

23 / 50

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server.
Which of the following is these examples of? Select One

24 / 50

Which of the following social engineering vulnerabilities can be a risk to your company especially if someone by passes security mechanisms such as badge readers, security guards, biometrics, etc.  Select Two

25 / 50

When classifying data it is important to consider which of the following?

26 / 50

In regards to the United States federal law.  What law was passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.   Select One

27 / 50

A CISO wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature? Select One

28 / 50

Which of the following mobile code security models relies only on trust?

29 / 50

You would like to scan for XSS flaws .  What tools would could you use?  Select one answer.

30 / 50

During the process of data classification it is important to ensure little granularity for what reason?

31 / 50

Kerberos is a network authentication protocol that enables secure logon by individuals to a computer network and enables secure authentication by a client computer to a server hosting a network resource  Kerberos authentication involves three types of entities: What are they?

32 / 50

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model? Select One

33 / 50

What is the purpose of an Internet Protocol (IP) spoofing attack?

34 / 50

Your organization is a large software development firm that has currently ran out of resources for their software application hosting.   What type of Cloud service could be used to help alleviate the lack of developer resources? The developers do not want to manage resources such as VMS or storage.

Select One

35 / 50

A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as?  (Select One)

36 / 50

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?

37 / 50

An important principle of Defense in Depth is that achieving comfort in information security requires a balanced focus on which PRIMARY elements?

38 / 50

What type of an attack makes a copy of the transmission before sending it to the recipient for use at a later time? Select One

39 / 50

A penetration tester is hired to do a risk assessment of a company’s DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed? Select One

40 / 50

A ___________________________ is a legally enforceable contract that creates a confidential relationship between a person who holds some kind of trade secret and a person to whom the secret will be disclosed. Select One

41 / 50

Your new role as a security engineer for a military base includes validating AD.   Which of these authentication methods would you most commonly find in a Windows Active Directory environment? Select One

42 / 50

You manager has been notified an external hacker has compromised you organization’s network security perimeter. The hacker installed a sniffer onto an inside computer and it appears to be collecting information. Which of the following is the MOST effective layer of security your enterprise could have implemented to mitigate the hackers ability to gain further information?

43 / 50

When your enterprise is reviewing ownership of an asset what should you consider to be the most important?

44 / 50

The National Institute of Standards and Technology (NIST) outlines ______ steps toward FISMA Compliance. Select One

45 / 50

When using NMAP what does specifying no port ranges scans.  Scans how many ports by default? Select One

46 / 50

The use of private and public encryption keys critical in the implementation of which of the following?

47 / 50

Which wireless protocol supports TKIP (Temporal Key Integrity Protocol) to enhance data encryption. Select One

48 / 50

You have just had an audit completed and the results are in. The reports states confidentiality is the main focus for improvement. Which of the following could help remove the greatest risk?

49 / 50

The BEST way to prevent tailgating is the use of _______________?   Select One

50 / 50

Reviewing the picture below what type of an attack has likely occurred? Select One Attack Review

Your score is

The average score is 26%

0%


/35
0 votes, 0 avg
1

CISSP FREE PRACTICE EXAM 2

This is a FREE CISSP Exam to help you gauge your readiness for the exam.  No support will be provided.

1 / 35

When referring to the US specifically. The defacto standard for IT Security Guidance is NIST..  NIST issues Federal Information Processing Standards and advisory guides that are called  _______________?   Select the proper answer.

2 / 35

You have been asked to create a list of rules for how your resources will be accessed. What would this be called? (Select One)

3 / 35

A ___________________________ is a legally enforceable contract that creates a confidential relationship between a person who holds some kind of trade secret and a person to whom the secret will be disclosed. Select One

4 / 35

When you developing your IT security posture what are some controls by function you could implement?  (Select the one that is NOT a function control)

NOTE:  Don’t get confused by security controls!

5 / 35

You have been notified over the weekend that there is suspicious activity on the Exchange Administrators account. What administrative controls will best to reduce the impact of an attack where a user gains control over an administrator’s account?  (Select Three)

6 / 35

Reviewing the graphic above please answer the following question.  What woud be the main control that would be accomplished from day and time restriction on a Windows server?  (Select One)

7 / 35

What type of attack is an attack where the intentions is to steal data rather than to cause damage to the network or organization? Note: This type of an attack is generally well organized. (Select One).

8 / 35

A company wants to streamline their reporting tools. They have decided to implement a third party SaaS cloud reporting tool to process additional data, but will continue to process confidential data internally. Which of the following cloud deployment models is BEST suited for the company?

9 / 35

The Common Vulnerabilities and Exposures (CVE) database defines what?  (Select One)

10 / 35

Refer to the graphic above and then answer the following question.

What are two correct statements about what has been performed in this CLI session? (Select Two)

11 / 35

You are conducting an analysis of a compromised server. You figured out that the computer had all known security patches applied prior to the computer being compromised. Which two of the following statements are probably true about this incident?

12 / 35

LUN (Logical Unit Number) Masking is an _____________ process that makes a LUN available to some hosts and unavailable to other hosts.Select One

13 / 35

What are the three main types of a fuzzer? (Select Three)

NOTE:   Fuzz testing or ” Fuzzing” is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion.

14 / 35

Which of the following BEST describes a protective countermeasure for SQL injection? Select One

15 / 35

Referring to the graphic above please answer the following question.  What is the possible intelligence that could be gathered by this “dorking” for a hacker?  (Select Three)

16 / 35

What type of cloud service would you want to select if you want to solve a particular business solution like CRM?  Select One

17 / 35

A backdoor ________ gives malicious users remote control over the infected computer. They enable the author to do anything they wish on the infected  computer – including sending, receiving, launching and deleting files, displaying data and rebooting the computer. What type of threat would this be called? (Select One)

18 / 35

You have just performed a baseline about a month ago.  You notice that there are some anomalies in the network authentications.  What type of analysis assesses threat levels with regard to historical information?  (Select One)

19 / 35

Your currently working with the infrastructure teams on building out a new datacenter. They are looking for remote access and would like to authenticate with a central server that is unix based and can enable AAA capabilities. What type of service should be enabled. (Select Two)

20 / 35

During the company’s last DR exercise, the administrator noticed that the backup site (Site B) was responding 35% slower to ICMP packets than the primary site (Site A). Which of the following tests can help the administrator determine the root cause of a slow network? Select One

21 / 35

Which of the following port is used for accessing Microsoft servers? Select One

22 / 35

You company is implementing a multi-factor authentication solution. As part of the design, you are identifying the three authentication factors. Select Three

23 / 35

What security activities are the most appropriate during the “maintenance phase” of software development?

24 / 35

Which of the following hypervisor technologies would your company MOST likely use to virtualize your Macbook? Select One

25 / 35

What type of training allows employees to develop a multi-disciplinary skillset? (Select One)

26 / 35

A company has publicly hosted web applications and an internal Intranet protected by a proxy and a firewall.

Which technique will help protect against enumeration?  Select One

27 / 35

Which of the following represents a form of steganography technique that could be used?

28 / 35

Vulnerability is the intersection of three elements when it come to IT. What are those three elements?  (Select Three)

29 / 35

Your organization is a large software development firm that has currently ran out of resources for their software application hosting.   What type of Cloud service could be used to help alleviate the lack of developer resources? The developers do not want to manage resources such as VMS or storage.

Select One

30 / 35

What part of the NIST Cybersecurity Framework is used to provide a statement of current cybersecurity outcomes? (Select One)

NOTE: There are three parts to the NIST Cybersecurity Framework and you must know all three.

31 / 35

Your currently called in to a users cubical and they are stating that they opened up an email attachment link and therefore after the email program has been stuck in this infinite loop when they click the link.   The application just hangs and it appear it was a web application.   What type of vulnerability is this likely to be?  Select One

32 / 35

Franklin is using a special tool on his Linux platform that has a database containing signatures to be able to detect hundreds of vulnerabilities in UNIX, Windows, and commonly used web CGI/ASPX scripts. Moreover, the database detects DDoS zombies and Trojans as well. What is the name of the tool Franklin is using?

33 / 35

You are leaving the CIO office with a document that has authorized your pen testing for the weekend.  What would this document be? (Select One)

34 / 35

Privilege creep among long-term employees can be mitigated by which of the following procedures? (Select One)

35 / 35

Refer to the graphic above. What does it appear the user is trying to do on their mobile device? (Select One)

Your score is

The average score is 28%

0%

Thank you for joining!