CISSP Practice Questions (21–40)

Answer: A

Rationale: RAID-0 (striping) splits data across multiple disks, providing maximum read/write performance because operations occur in parallel. It offers no fault tolerance, but from a CISSP perspective, it’s the correct answer when performance — not redundancy — is the goal. RAID-1, -5, and -6 all trade some speed for redundancy.

Answer: C

Rationale: Event correlation in SIEM depends on accurate timestamps — time synchronization (usually via NTP) is critical. Without it, logs from different systems can’t be sequenced correctly. Format consistency and privacy compliance are important, but not foundational for correlation accuracy.

Answer: B

Rationale: An assessment audit evaluates how well policies, controls, and procedures achieve intended objectives — i.e., program effectiveness. “Validation” and “analysis” are parts of that process, but “assessment” is the broader CISSP-recognized term for evaluating effectiveness.

Answer: C

Rationale: Circuit-level gateways verify TCP/UDP session establishment (the handshake) before allowing packets through. They operate at the session layer (OSI Layer 5). Proxy firewalls inspect application data, and NAT firewalls rewrite addresses — not handshake behavior.

Answer: A

Rationale: Passive attacks involve eavesdropping — protecting confidentiality requires encryption in transit. Encrypting at rest only protects stored data, and a dedicated circuit alone doesn’t prevent interception. A VPN provides encryption but is a specific implementation; “encryption in transit” is the broader and therefore best CISSP answer.

Answer: C

Rationale: This describes session hijacking or fixation — exploiting flaws in session token expiration or renewal. Proper session management enforces timeouts and regeneration after authentication. Password or identity management wouldn’t prevent persistent session misuse.

Answer: A

Rationale: The policy foundation comes first. Publishing a social-media guideline document sets acceptable boundaries before enforcement or training. CISSP emphasizes “policy → standards → procedures → guidelines” order in governance hierarchy.

Answer: B

Rationale: Code review finds logic and design flaws before deployment, making it preventative. Pen testing and scanning are detective controls performed later. CISSP stresses early, manual review as most effective for prevention.

Answer: A

Rationale: Fail-closed blocks all traffic when the firewall fails — prioritizing security over availability. Fail-open maintains availability but exposes systems. CISSP principle: default-deny is safest for security devices.

Answer: D

Rationale: Chain of custody must be formally documented; the first step is reporting the breach to supervisory or legal authority. Moving or re-inventorying could compromise evidence further. CISSP expects immediate escalation in incident handling.

Answer: D

Rationale: Stored procedures separate user input from SQL logic, preventing injection of arbitrary commands. Boundary checking helps but doesn’t fully prevent injection; stored procedures are a best-practice CISSP control for this vulnerability.

Answer: C

Rationale: Early detection during SDLC means before deployment — code review identifies issues in design/logic phase. Scanning and fuzzing occur later in testing; pen testing happens post-deployment. Prevention > detection in CISSP’s SDLC model.

Answer: B

Rationale: Stateful firewalls track session state (context) — not just individual packets. Stateless filters make decisions per packet only. “Context awareness” is the hallmark distinction per CISSP domain 4 (Network Security).

Answer: D

Rationale: he wording (“features assigned to resources, operational/situational context, and policies over those features and context”) is textbook ABAC. RBAC uses predefined roles; it does not evaluate contextual/environmental attributes at decision time.

Answer: C

Rationale: Routers operate at Layer 3 (Network) and make forwarding decisions using destination IP addresses. Bridges and switches use MAC addresses (Layer 2). Repeaters simply amplify signals — no addressing.

Answer: B

Rationale: Granting excessive permissions exposes sensitive data — introducing a vulnerability. It’s not malicious by itself (so not “threat”), but it expands attack surface. Classic CISSP mobile security example.

Answer: A

Rationale: Classification assigns protection levels to data — ensuring it receives appropriate confidentiality, integrity, and availability (CIA) safeguards. The other choices describe outcomes, but CIA preservation is the primary purpose.

Answer: B

Rationale: “Something you have” (ownership) such as a token or smart card is physically tied to the user and less susceptible to remote theft compared to “something you know” (password). CISSP categorizes this as a stronger factor because it requires possession.

Answer: D

Rationale: Diversifying technology in multiple access-control layers prevents a single failure or exploit from compromising the system. CISSP stresses defense-in-depth — independent, diverse controls reduce correlated weaknesses. “Working in isolation” (A) and vendor diversity (B) don’t guarantee layered effectiveness; (C) covers only network firewalls.

Answer: D

Rationale: Geographically dispersed failover ensures availability during local outages — the essence of high-availability design. Disk redundancy (B) aids fault tolerance, not full site resilience. CISSP associates HA with redundant, load-balanced, distributed sites.