CISSP Practice Questions 461-480

Q: Why is data classification control important to an organization? A. To enable data discovery B. To ensure security controls align with organizational risk appetite C. To ensure its integrity, confidentiality and availability D. To control data retention in alignment with organizational policies and regulation

Correct answer: B. Data classification ensures that security controls match the sensitivity of data and the organization’s risk appetite, allowing proportional protection for each classification level (e.g., public, internal, confidential).

Q: To monitor the security of buried data lines inside the perimeter of a facility, which of the following is the MOST effective control? A. Fencing around the facility with closed-circuit television (CCTV) cameras at all entry points B. Ground sensors installed and reporting to a security event management (SEM) system C. Regular sweeps of the perimeter, including manual inspection of the cable ingress points D. Steel casing around the facility ingress points

Correct answer: C. Regular manual inspections ensure detection of tampering or breaches to buried data lines — providing an active, verifiable layer of defense that automated systems alone might miss.

Q: An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard? A. It should be expressed as general requirements. B. It should be expressed as technical requirements. C. It should be expressed in business terminology. D. It should be expressed in legal terminology.

Correct answer: B. Baseline cybersecurity standards must be technically measurable and enforceable, ensuring suppliers meet defined configuration, encryption, and control criteria rather than vague or legal descriptions.

Q: Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context? A. Mandatory Access Control (MAC) B. Attribute Based Access Control (ABAC) C. Role Based Access Control (RBAC) D. Discretionary Access Control (DAC)

Correct answer: B. ABAC grants or denies access based on attributes (e.g., role, device type, location, time, and environment) — offering dynamic and context-aware access decisions.

Q: What is a security concern when considering implementing software-defined networking (SDN)? A. It has a decentralized architecture. B. It increases the attack footprint. C. It uses open source protocols. D. It is cloud based.

Correct answer: B. SDN centralizes network control, which creates a single point of failure and increases the attack surface. Compromising the controller can compromise the entire network.

Q: What is the BEST way to restrict access to a file system on computing systems? A. Use least privilege at each level to restrict access. B. Restrict access to all users. C. Allow a user group to restrict access. D. Use a third-party tool to restrict access.

Correct answer: A. Applying the principle of least privilege ensures users only have access necessary for their role, minimizing risk of unauthorized access or data exposure.

Q: Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation? A. Avoid lengthy audit reports B. Enable generation of corrective action reports C. Facilitate a root cause analysis (RCA) D. Lower costs throughout the System Development Life Cycle (SDLC)

Correct answer: B. Detailed and appropriate audit records allow auditors to generate corrective action reports, identifying the cause and recommending solutions without excessive or irrelevant data.

Q: What is the correct order of execution for security architecture? A. Governance, strategy and program management, operations, project delivery B. Governance, strategy and program management, project delivery, operations C. Strategy and program management, project delivery, governance, operations D. Strategy and program management, governance, project delivery, operations

Correct answer: C. Security architecture flows logically as: Strategy → Program Management → Project Delivery → Governance → Operations, ensuring planning, implementation, oversight, and ongoing management occur in proper sequence.

Q: An international organization has decided to use a Software as a Service (SaaS) solution to support its business operations. Which of the following compliance standards should the organization use to assess the international code security and data privacy of the solution? A. Service Organization Control (SOC) 2 B. Information Assurance Technical Framework (IATF) C. Health Insurance Portability and Accountability Act (HIPAA) D. Payment Card Industry (PCI)

Correct answer: B. The IATF (Information Assurance Technical Framework) provides international guidance on securing systems, applications, and data — suitable for evaluating SaaS providers globally.

Q: An authentication system that uses challenge and response was recently implemented on an organization’s network, because the organization conducted an annual penetration test showing that testers were able to move laterally using authenticated credentials. Which attack method was MOST likely used to achieve this? A. Hash collision B. Pass the ticket C. Brute force D. Cross-Site Scripting (XSS)

Correct answer: B. Pass-the-ticket is a Kerberos-based attack that allows lateral movement using stolen tickets (authenticated credentials), often prompting organizations to adopt challenge-response mechanisms to stop reuse.

Question 461

Question 461

Why is data classification control important to an organization?
A. To enable data discovery
B. To ensure security controls align with organizational risk appetite
C. To ensure its integrity, confidentiality and availability
D. To control data retention in alignment with organizational policies and regulation

Question 462

Question 462

To monitor the security of buried data lines inside the perimeter of a facility, which of the following is the MOST effective control?
A. Fencing around the facility with closed-circuit television (CCTV) cameras at all entry points
B. Ground sensors installed and reporting to a security event management (SEM) system
C. Regular sweeps of the perimeter, including manual inspection of the cable ingress points
D. Steel casing around the facility ingress points

Question 463

Question 463

An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?
A. It should be expressed as general requirements.
B. It should be expressed as technical requirements.
C. It should be expressed in business terminology.
D. It should be expressed in legal terminology.

Question 464

Question 464

Which access control method is based on users issuing access requests on system resources, features assigned to those resources, the operational or situational context, and a set of policies specified in terms of those features and context?
A. Mandatory Access Control (MAC)
B. Attribute Based Access Control (ABAC)
C. Role Based Access Control (RBAC)
D. Discretionary Access Control (DAC)

Question 465

Question 465

What is a security concern when considering implementing software-defined networking (SDN)?
A. It has a decentralized architecture.
B. It increases the attack footprint.
C. It uses open source protocols.
D. It is cloud based.

Question 466

Question 466

What is the BEST way to restrict access to a file system on computing systems?
A. Use least privilege at each level to restrict access.
B. Restrict access to all users.
C. Allow a user group to restrict access.
D. Use a third-party tool to restrict access.

Question 467

Question 467

Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?
A. Avoid lengthy audit reports
B. Enable generation of corrective action reports
C. Facilitate a root cause analysis (RCA)
D. Lower costs throughout the System Development Life Cycle (SDLC)

Question 468

Question 468

What is the correct order of execution for security architecture?
A. Governance, strategy and program management, operations, project delivery
B. Governance, strategy and program management, project delivery, operations
C. Strategy and program management, project delivery, governance, operations
D. Strategy and program management, governance, project delivery, operations

Question 469

Question 469

An international organization has decided to use a Software as a Service (SaaS) solution to support its business operations. Which of the following compliance standards should the organization use to assess the international code security and data privacy of the solution?
A. Service Organization Control (SOC) 2
B. Information Assurance Technical Framework (IATF)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. Payment Card Industry (PCI)

Question 470

Question 470

An authentication system that uses challenge and response was recently implemented on an organization’s network, because the organization conducted an annual penetration test showing that testers were able to move laterally using authenticated credentials. Which attack method was MOST likely used to achieve this?
A. Hash collision
B. Pass the ticket
C. Brute force
D. Cross-Site Scripting (XSS)

Question 471

Question 471

Which of the following would qualify as an exception to the “right to be forgotten” of the General Data Protection Regulation (GDPR)?
A. For the establishment, exercise, or defense of legal claims
B. The personal data has been lawfully processed and collected
C. For the reasons of private interest
D. The personal data remains necessary to the purpose for which it was collected

Question 472

Question 472

Dumpster diving is a technique used in which stage of penetration testing methodology?
A. Attack
B. Reporting
C. Planning
D. Discovery

Question 473

Question 473

Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?
A. Employee evaluation of the training program
B. Internal assessment of the training program’s effectiveness
C. Multiple choice tests to participants
D. Management control of reviews

Question 474

Question 474

The security team is notified that a device on the network is infected with malware. Which of the following is MOST effective in enabling the device to be quickly located and remediated?
A. Data loss protection (DLP)
B. Intrusion detection
C. Vulnerability scanner
D. Information Technology Asset Management (ITAM)

Question 475

Question 475

Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?
A. Distributed denial-of-service (DDoS) attack
B. Advanced persistent threat (APT) attempt
C. Zero-day attack
D. Phishing attempt

Question 476

Question 476

As a design principle, which one of the following actors is responsible for identifying and approving data security requirement in a cloud ecosystem?
A. Cloud auditor
B. Cloud broker
C. Cloud provider
D. Cloud consumer

Question 477

Question 477

Which of the following is the MOST effective way to ensure the endpoint devices used by remote users are compliant with an organization’s approved policies before being allowed on the network?
A. Network Access Control (NAC)
B. Privileged Access Management (PAM)
C. Group Policy Object (GPO)
D. Mobile Device Management (MDM)

Question 478

Question 478

Which one of the following BEST protects vendor accounts that are used for emergency maintenance?
A. Vendor access should be disabled until needed
B. Frequent monitoring of vendor access
C. Role-based access control (RBAC)
D. Encryption of routing tables

Question 479

Question 479

Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?
A. Crisis
B. Catastrophe
C. Accident
D. Disaster

Question 480

Question 480

Which of the following BEST describes the purpose of software forensics?
A. To analyze possible malicious intent of malware
B. To perform cyclic redundancy check (CRC) verification and detect changed applications
C. To determine the author and behavior of the code
D. To review program code to determine the existence of backdoors