CISSP Practice Questions 501-520

Q: An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge? A. IM clients can interoperate between multiple vendors. B. IM clients can run as executables that do not require installation. C. IM clients can utilize random port numbers. D. IM clients can run without administrator privileges.

Correct answer: A. The interoperability across multiple IM vendors complicates enforcing consistent encryption and filtering policies, increasing data leakage and malware risk.

Q: Using the ciphertext and resultant cleartext message to derive the monoalphabetic cipher key is an example of which method of cryptanalytic attack? A. Known-plaintext attack B. Ciphertext-only attack C. Frequency analysis D. Probable-plaintext attack

Correct answer: A. In a known-plaintext attack, the attacker has samples of both plaintext and ciphertext and uses them to deduce the encryption key or algorithm patterns.

Q: When developing an organization’s information security budget, it is important that the: A. Requested funds are at an equal amount to the expected cost of breaches. B. Expected risk can be managed appropriately with the funds allocated. C. Requested funds are part of a shared funding pool with other areas. D. Expected risk to the organization does not exceed the funds allocated.

Correct answer: B. Budgets must ensure funding aligns with risk management priorities, balancing protection against potential losses realistically and cost-effectively.

Q: A subscription service which provides power, climate control, raised flooring, and telephone wiring equipment is BEST described as a: A. Cold site B. Warm site C. Hot site D. Reciprocal site

Correct answer: B. A warm site has infrastructure ready (power, environment, connectivity) but lacks up-to-date systems and data — offering a balance between cost and recovery speed.

Q: An international trading organization with ISO 27001 certification is outsourcing security monitoring to an MSSP. What MUST be included in the contract? A. A detailed overview of all equipment involved B. The right to perform security compliance tests on the MSSP’s equipment C. The MSSP having an executive responsible for information security D. The right to audit the MSSP’s security process

Correct answer: D. ISO 27001 requires retaining the right to audit outsourced processes to ensure controls remain effective and compliant.

Q: Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document? A. Hashing B. Message digest (MD) C. Symmetric D. Asymmetric

Correct answer: D. Digital signatures rely on asymmetric key pairs, allowing verification of the sender’s identity and ensuring non-repudiation.

Q: What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems? A. Two-factor authentication B. Reusable tokens for application level authentication C. High performance encryption algorithms D. Secure Sockets Layer (SSL) for all communications

Correct answer: A. Implementing two-factor authentication (2FA) adds a critical layer of identity assurance to SSO, minimizing the risk from compromised credentials.

Q: Which of the following is MOST appropriate to collect evidence of a zero-day attack? A. Honeypot B. Antispam C. Antivirus D. Firewall

Correct answer: A. A honeypot is designed to lure attackers and record unknown exploits, making it the best method for collecting data on zero-day attacks.

Q: When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test? A. Information may be found on hidden vendor patches. B. The actual origin and tools used for the test can be hidden. C. Information may be found on related breaches and hacking. D. Vulnerabilities can be tested without impact on the tested environment.

Correct answer: C. The dark web can reveal data from previous breaches or exposed credentials — providing valuable threat intelligence for targeted penetration testing.

Q: The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated? A. Change management B. Separation of environments C. Program management D. Mobile code controls

Correct answer: A. Skipping QA steps bypasses the change management process, which ensures that all modifications are tested, reviewed, and approved before deployment.

Question 501

Question 501

An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?
A. IM clients can interoperate between multiple vendors.
B. IM clients can run as executables that do not require installation.
C. IM clients can utilize random port numbers.
D. IM clients can run without administrator privileges.

Question 502

Question 502

Using the ciphertext and resultant cleartext message to derive the monoalphabetic cipher key is an example of which method of cryptanalytic attack?
A. Known-plaintext attack
B. Ciphertext-only attack
C. Frequency analysis
D. Probable-plaintext attack

Question 503

Question 503

When developing an organization’s information security budget, it is important that the:
A. Requested funds are at an equal amount to the expected cost of breaches.
B. Expected risk can be managed appropriately with the funds allocated.
C. Requested funds are part of a shared funding pool with other areas.
D. Expected risk to the organization does not exceed the funds allocated.

Question 504

Question 504

A subscription service which provides power, climate control, raised flooring, and telephone wiring equipment is BEST described as a:
A. Cold site
B. Warm site
C. Hot site
D. Reciprocal site

Question 505

Question 505

An international trading organization with ISO 27001 certification is outsourcing security monitoring to an MSSP. What MUST be included in the contract?
A. A detailed overview of all equipment involved
B. The right to perform security compliance tests on the MSSP’s equipment
C. The MSSP having an executive responsible for information security
D. The right to audit the MSSP’s security process

Question 506

Question 506

Which of the following is the PRIMARY type of cryptography required to support non-repudiation of a digitally signed document?
A. Hashing
B. Message digest (MD)
C. Symmetric
D. Asymmetric

Question 507

Question 507

What is the MOST effective method to enhance security of a single sign-on (SSO) solution that interfaces with critical systems?
A. Two-factor authentication
B. Reusable tokens for application level authentication
C. High performance encryption algorithms
D. Secure Sockets Layer (SSL) for all communications

Question 508

Question 508

Which of the following is MOST appropriate to collect evidence of a zero-day attack?
A. Honeypot
B. Antispam
C. Antivirus
D. Firewall

Question 509

Question 509

When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?
A. Information may be found on hidden vendor patches.
B. The actual origin and tools used for the test can be hidden.
C. Information may be found on related breaches and hacking.
D. Vulnerabilities can be tested without impact on the tested environment.

Question 510

Question 510

The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated?
A. Change management
B. Separation of environments
C. Program management
D. Mobile code controls

Question 511

Question 511

Which of the following criteria ensures information is protected relative to its importance to the organization?
A. Legal requirements, value, criticality, and sensitivity to unauthorized disclosure or modification
B. The value of the data to the organization’s senior management
C. Organizational stakeholders, with classification approved by the management board
D. Legal requirements determined by the organization headquarters' location

Question 512

Question 512

What is the FIRST step when developing an Information Security Continuous Monitoring (ISCM) program?
A. Collect the security-related information required for metrics, assessments, and reporting.
B. Establish an ISCM program determining metrics, status monitoring frequencies, and control assessment frequencies.
C. Define an ISCM strategy based on risk tolerance.
D. Establish an ISCM technical architecture.

Question 513

Question 513

Which RAID level provides the BEST redundancy and fault tolerance?
A. RAID level 1
B. RAID level 3
C. RAID level 4
D. RAID level 5

Question 514

Question 514

Compared to a traditional network, which of the following is a security-related benefit that software-defined networking (SDN) provides?
A. Centralized network provisioning
B. Reduced network latency when scaled
C. Centralized network administrative control
D. Reduced hardware footprint and cost

Question 515

Question 515

What is the MOST effective response to a hacker who has already gained access to a network and will attempt to pivot to other resources?
A. Warn users of a breach.
B. Reset all passwords.
C. Segment the network.
D. Shut down the network.

Question 516

Question 516

Which of the following is a common term for log reviews, synthetic transactions, and code reviews?
A. Application development
B. Spiral development functional testing
C. Security control testing
D. DevOps Integrated Product Team (IPT) development

Question 517

Question 517

A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?
A. Data sanitization
B. Data validation
C. Service accounts removal
D. Logging and monitoring

Question 518

Question 518

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is the MOST challenging aspect of this investigation?
A. Group policy implementation
B. SCADA network latency
C. Physical access to the system
D. Volatility of data

Question 519

Question 519

What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?
A. Configuration item
B. Configuration element
C. Ledger item
D. Asset register

Question 520

Question 520

A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?
A. Implement software-defined networking (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices, and applications.
B. Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN.
C. Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes.
D. Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.