CISSP Practice Questions 181-200

Q: Which technique evaluates secure design principles of network or software architectures? A. Risk modeling B. Threat modeling C. Fuzzing D. Waterfall method

Correct answer: B. Threat modeling systematically identifies vulnerabilities, threats, and mitigation strategies in an architecture, ensuring design aligns with secure principles.

Q: How does RFID assist with asset management? A. Uses biometric identification B. Uses two-factor authentication C. Transmits unique MAC addresses wirelessly D. Transmits unique serial numbers wirelessly

Correct answer: B. RFID tags communicate unique identifiers wirelessly to help track, locate, and manage assets efficiently without manual scanning.

Q: What is the MOST effective strategy to prevent an attacker from disabling a network? A. Test DR plans B. Design adaptive and failover networks C. Implement segmentation D. Follow security guidelines to prevent unauthorized access

Correct answer: D. Preventing unauthorized access through strong authentication, monitoring, and access control is the primary method to stop attackers from disabling systems.

Q: Who should perform the design review to uncover security design flaws in the SDLC? A. Business owner B. Security SME C. Application owner D. Developer SME

Correct answer: B. A security subject matter expert conducts design reviews to identify flaws early in the SDLC, ensuring security integration before development.

Q: At which phase of the software assurance life cycle should software acquisition risks be identified? A. Follow-on phase B. Planning phase C. Monitoring and acceptance phase D. Contracting phase

Correct answer: C. During the monitoring and acceptance phase, organizations verify that security and quality requirements were met and assess risk prior to operational use.

Q: How should the retention period for social media content be defined? A. Wireless Access Points B. Token-based authentication C. Host-based firewalls D. Trusted platforms

Correct answer: C. Retention policies depend on host-based systems maintaining logs, compliance records, and audit data locally or within the organization’s control.

Q: A SaaS web app requires temporary access to logs during transition. Which privileges are MOST suitable? A. OS administrative B. Web server administrative C. Application privileges on the hypervisor D. Administrative privileges on the application folders

Correct answer: D. The least-privilege principle applies — granting access only to application log directories ensures necessary functionality without broader risk exposure.

Q: Which of the following actions will reduce risk to a laptop before traveling to a high risk area? A. Examine the device for physical tampering B. Implement more stringent baseline configurations C. Purge or re-image the hard disk drive D. Change access codes

Correct answer: D. Changing access codes (such as passwords or PINs) before traveling to a high-risk area reduces the risk of unauthorized access if previous credentials were compromised.

Q: Intellectual property rights are PRIMARY concerned with which of the following? A. Owner’s ability to realize financial gain B. Owner’s ability to maintain copyright C. Right of the owner to enjoy their creation D. Right of the owner to control delivery method

Correct answer: D. Intellectual property rights focus on the owner's control over the distribution and delivery of their creation, ensuring the creator determines how their work is used or shared.

Q: Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas? A. Install mantraps at the building entrances B. Enclose the personnel entry area with polycarbonate plastic C. Supply a duress alarm for personnel exposed to the public D. Hire a guard to protect the public area

Correct answer: D. Hiring a guard provides a reactive control that can respond to incidents in public areas, offering immediate deterrence and intervention compared to static measures.

Question 181

Question 181

Which technique evaluates secure design principles of network or software architectures?
A. Risk modeling
B. Threat modeling
C. Fuzzing
D. Waterfall method

Question 182

Question 182

How does RFID assist with asset management?
A. Uses biometric identification
B. Uses two-factor authentication
C. Transmits unique MAC addresses wirelessly
D. Transmits unique serial numbers wirelessly

Question 183

Question 183

What is the MOST effective strategy to prevent an attacker from disabling a network?
A. Test DR plans
B. Design adaptive and failover networks
C. Implement segmentation
D. Follow security guidelines to prevent unauthorized access

Question 184

Question 184

Who should perform the design review to uncover security design flaws in the SDLC?
A. Business owner
B. Security SME
C. Application owner
D. Developer SME

Question 185

Question 185

At which phase of the software assurance life cycle should software acquisition risks be identified?
A. Follow-on phase
B. Planning phase
C. Monitoring and acceptance phase
D. Contracting phase

Question 186

Question 186

How should the retention period for social media content be defined?
A. Wireless Access Points
B. Token-based authentication
C. Host-based firewalls
D. Trusted platforms

Question 187

Question 187

A SaaS web app requires temporary access to logs during transition. Which privileges are MOST suitable?
A. OS administrative
B. Web server administrative
C. Application privileges on the hypervisor
D. Administrative privileges on the application folders

Question 188

Question 188

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?
A. Examine the device for physical tampering
B. Implement more stringent baseline configurations
C. Purge or re-image the hard disk drive
D. Change access codes

Question 189

Question 189

Intellectual property rights are PRIMARY concerned with which of the following?
A. Owner’s ability to realize financial gain
B. Owner’s ability to maintain copyright
C. Right of the owner to enjoy their creation
D. Right of the owner to control delivery method

Question 190

Question 190

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?
A. Install mantraps at the building entrances
B. Enclose the personnel entry area with polycarbonate plastic
C. Supply a duress alarm for personnel exposed to the public
D. Hire a guard to protect the public area

Question 191

Question 191

Which one of the following affects the classification of data?
A. Assigned security label
B. Multilevel Security (MLS) architecture
C. Minimum query size
D. Passage of time

Question 192

Question 192

Which component of the Security Content Automation Protocol (SCAP) specification contains the data required to estimate the severity of vulnerabilities identified automated vulnerability assessments?
A. Common Vulnerabilities and Exposures (CVE)
B. Common Vulnerability Scoring System (CVSS)
C. Asset Reporting Format (ARF)
D. Open Vulnerability and Assessment Language (OVAL)

Question 193

Question 193

The use of private and public encryption keys is fundamental in the implementation of which of the following?
A. Diffie-Hellman algorithm
B. Secure Sockets Layer (SSL)
C. Advanced Encryption Standard (AES)
D. Message Digest 5 (MD5)

Question 194

Question 194

What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
A. Implementation Phase
B. Initialization Phase
C. Cancellation Phase
D. Issued Phase

Question 195

Question 195

Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?
A. Packet filtering
B. Port services filtering
C. Content filtering
D. Application access control

Question 196

Question 196

An external attacker has compromised an organization’s network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker’s ability to gain further information?
A. Implement packet filtering on the network firewalls
B. Install Host Based Intrusion Detection Systems (HIDS)
C. Require strong authentication for administrators
D. Implement logical network segmentation at the switches

Question 197

Question 197

At what level of the Open System Interconnection (OSI) model is data at rest on a Storage Area Network (SAN) located?
A. Link layer
B. Physical layer
C. Session layer
D. Application layer

Question 198

Question 198

A Virtual Machine (VM) environment has five guest Operating Systems (OS) and provides strong isolation. What MUST an administrator review to audit a user’s access to data files?
A. Host VM monitor audit logs
B. Guest OS access controls
C. Host VM access controls
D. Guest OS audit logs

Question 199

Question 199

In which of the following programs is it MOST important to include the collection of security process data?
A. Quarterly access reviews
B. Security continuous monitoring
C. Business continuity testing
D. Annual security training

Question 200

Question 200

A Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) will provide which of the following?
A. Guaranteed recovery of all business functions
B. Minimization of the need decision making during a crisis
C. Insurance against litigation following a disaster
D. Protection from loss of organization resources