CISSP Practice Questions 1-20

Q: What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program? A. Establish an ISCM technical architecture. B. Collect the security-related information required for metrics, assessments, and reporting. C. Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies. D. Define an ISCM strategy based on risk tolerance.

Correct answer: D. Defining an ISCM strategy based on risk tolerance is the foundational step because it sets direction, objectives, and boundaries. Without this, subsequent design and implementation lack focus. CISSP emphasizes starting with strategy before architecture or metrics. The other options (A–C) are tactical steps that follow once the strategy is defined.

Q: An organization plans to acquire a commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the organization’s security team FIRST get involved in this acquisition’s life cycle? A. When the system is being designed, purchased, programmed, developed, or otherwise constructed B. When the system is verified and validated C. When the system is deployed into production D. When the need for a system is expressed and the purpose of the system is documented

Correct answer: D. Security involvement must begin at requirements definition — when the need and purpose are documented — to ensure security is built in rather than bolted on later. This aligns with CISSP SDLC principles emphasizing early engagement in the concept/requirements phase.

Q: In addition to life, protection of which of the following elements is MOST important when planning a data center site? A. Data and hardware B. Property and operations C. Profits and assets D. Resources and reputation

Correct answer: D. While physical safety of personnel is first, the next priority is resources and reputation — representing business continuity and stakeholder trust. CISSP exam perspective: protecting assets and maintaining operations preserves organizational viability beyond tangible items like hardware.

Q: An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution? A. Deduplication B. Compression C. Replication D. Caching

Correct answer: A. Deduplication removes redundant data by storing only unique instances, making it more efficient than compression for redundant data elimination.

Q: Which of the following is an important requirement when designing a secure remote access system? A. Configure a Demilitarized Zone (DMZ) to ensure that user and service traffic is separated. B. Provide privileged access rights to computer files and systems. C. Ensure that logging and audit controls are included. D. Reduce administrative overhead through password self service.

Correct answer: C. Logging and auditing are essential for detecting misuse and ensuring accountability in remote access systems. While a DMZ separation (A) improves network security, CISSP prioritizes visibility and traceability for remote sessions — hence C is best.

Q: In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements? A. Organizational Security Policy B. Security Target (ST) C. Protection Profile (PP) D. Target of Evaluation (TOE)

Correct answer: C. A Protection Profile (PP) defines generic, implementation-independent security requirements and objectives — it’s not tied to a specific system. The Security Target (ST) applies those requirements to an actual implementation. CISSP exams often test this distinction.

Q: Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol? A. Secure Shell (SSH) B. Internet Protocol Security (IPsec) C. Secure Sockets Layer (SSL) D. Extensible Authentication Protocol (EAP)

Correct answer: D. WPA2-Enterprise uses 802.1X with EAP for authentication; SSH, IPsec, and SSL/TLS aren’t how Wi-Fi clients authenticate onto the WLAN.

Q: Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization’s approved policies before being allowed on the network? A. Group Policy Object (GPO) B. Network Access Control (NAC) C. Mobile Device Management (MDM) D. Privileged Access Management (PAM)

Correct answer: B. Network Access Control (NAC) verifies device compliance (patch level, AV, configuration) before granting network access — exactly what the Question #describes. GPO and MDM apply policies but do not verify compliance pre-connection.

Q: Which of the following virtual network configuration options is BEST to protect virtual machines (VMs)? A. Traffic filtering B. Data encryption C. Data segmentation D. Traffic throttling

Correct answer: A. Traffic filtering using virtual firewalls or vSwitch ACLs prevents unauthorized VM-to-VM communication and limits lateral movement. This is the most effective protection method for virtualized environments.

Q: Two computers, each with a single connection on the same physical 10 gigabit Ethernet network segment, need to communicate with each other. The first machine has a single Internet Protocol (IP) Classless Inter-Domain Routing (CIDR) address at 192.168.1.3/30 and the second machine has an IP/CIDR address 192.168.1.6/30. Which of the following is correct? A. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network bridge in order to communicate. B. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network bridge in order to communicate. C. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network router in order to communicate. D. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network router in order to communicate.

Correct answer: D. 192.168.1.2/30 is in 192.168.1.0/30 and 192.168.1.6/30 is in 192.168.1.4/30—different L3 networks—so inter-subnet traffic must go through a router.

Question 1

Question 1

What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?
A. Establish an ISCM technical architecture.
B. Collect the security-related information required for metrics, assessments, and reporting.
C. Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies.
D. Define an ISCM strategy based on risk tolerance.

Question 2

Question 2

An organization plans to acquire a commercial off-the-shelf (COTS) system to replace their aging home-built reporting system. When should the organization’s security team FIRST get involved in this acquisition’s life cycle?
A. When the system is being designed, purchased, programmed, developed, or otherwise constructed
B. When the system is verified and validated
C. When the system is deployed into production
D. When the need for a system is expressed and the purpose of the system is documented

Question 3

Question 3

In addition to life, protection of which of the following elements is MOST important when planning a data center site?
A. Data and hardware
B. Property and operations
C. Profits and assets
D. Resources and reputation

Question 4

Question 4

An organization has been collecting a large amount of redundant and unusable data and filling up the storage area network (SAN). Management has requested the identification of a solution that will address ongoing storage problems. Which is the BEST technical solution?
A. Deduplication
B. Compression
C. Replication
D. Caching

Question 5

Question 5

Which of the following is an important requirement when designing a secure remote access system?
A. Configure a Demilitarized Zone (DMZ) to ensure that user and service traffic is separated.
B. Provide privileged access rights to computer files and systems.
C. Ensure that logging and audit controls are included.
D. Reduce administrative overhead through password self service.

Question 6

Question 6

In the common criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?
A. Organizational Security Policy
B. Security Target (ST)
C. Protection Profile (PP)
D. Target of Evaluation (TOE)

Question 7

Question 7

Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?
A. Secure Shell (SSH)
B. Internet Protocol Security (IPsec)
C. Secure Sockets Layer (SSL)
D. Extensible Authentication Protocol (EAP)

Question 8

Question 8

Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization’s approved policies before being allowed on the network?
A. Group Policy Object (GPO)
B. Network Access Control (NAC)
C. Mobile Device Management (MDM)
D. Privileged Access Management (PAM)

Question 9

Question 9

Which of the following virtual network configuration options is BEST to protect virtual machines (VMs)?
A. Traffic filtering
B. Data encryption
C. Data segmentation
D. Traffic throttling

Question 10

Question 10

Two computers, each with a single connection on the same physical 10 gigabit Ethernet network segment, need to communicate with each other. The first machine has a single Internet Protocol (IP) Classless Inter-Domain Routing (CIDR) address at 192.168.1.3/30 and the second machine has an IP/CIDR address 192.168.1.6/30. Which of the following is correct?
A. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network bridge in order to communicate.
B. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network bridge in order to communicate.
C. Since each computer is on the same layer 3 network, traffic between the computers may be processed by a network router in order to communicate.
D. Since each computer is on a different layer 3 network, traffic between the computers must be processed by a network router in order to communicate.

Question 11

Question 11

A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?
A. Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN.
B. Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes.
C. Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.
D. Implement software-defined networking (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices, and applications.

Question 12

Question 12

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-systems gracefully handle invalid input?
A. Unit testing
B. Integration testing
C. Negative testing
D. Acceptance testing

Question 13

Question 13

Which of the following is fundamentally required to address potential security issues when initiating software development?
A. Implement ongoing security audits in all environments.
B. Ensure isolation of development from production.
C. Add information security objectives into development.
D. Conduct independent source code review.

Question 14

Question 14

A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share with other partners in the future. Which of the following options BEST serves their needs?
A. Federated identity
B. Cloud Active Directory (AD)
C. Security Assertion Markup Language (SAML)
D. Single sign-on (SSO)

Question 15

Question 15

An organization has implemented a password complexity and an account lockout policy enforcing five incorrect logins tries within ten minutes. Network users have reported significantly increased account lockouts. Which of the following security principles is this company affecting?
A. Availability
B. Integrity
C. Confidentiality
D. Authentication

Question 16

Question 16

Which of the following is a PRIMARY security weakness in the design of Domain Name System (DNS)?
A. A DNS server can be disabled in a denial-of-service (DoS) attack.
B. A DNS server does not authenticate source of information.
C. Each DNS server must hold the address of the root servers.
D. A DNS server database can be injected with falsified checksums.

Question 17

Question 17

A cybersecurity engineer has been tasked to research and implement an ultra-secure communications channel to protect the organization’s most valuable intellectual property (IP). The primary directive in this initiative is to ensure there is no possible way the communications can be intercepted without detection. Which of the following is the only way to ensure this outcome?
A. Diffie-Hellman key exchange
B. Symmetric key cryptography
C. Public key infrastructure (PKI)
D. Quantum Key Distribution

Question 18

Question 18

Which of the following provides the MOST secure method for Network Access Control (NAC)?
A. Media Access Control (MAC) filtering
B. 802.1X authentication
C. Application layer filtering
D. Network Address Translation (NAT)

Question 19

Question 19

Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)?
A. Check the technical design.
B. Conduct a site survey.
C. Categorize assets.
D. Choose a suitable location.

Question 20

Question 20

A new employee formally reported suspicious behavior to the organization security team. The report claims that someone not affiliated with the organization was inquiring about the member’s work location, length of employment, and building access controls. The employee’s reporting is MOST likely the result of which of the following?
A. Risk avoidance
B. Security engineering
C. Security awareness
D. Phishing