CISSP Practice Questions 581-600

Q: What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses? A. ICS often run on UNIX operating systems. B. ICS often do not have availability requirements. C. ICS are often sensitive to unexpected traffic. D. ICS are often isolated and difficult to access.

Correct answer: C. ICS environments prioritize stability and continuous uptime, so introducing unexpected traffic can disrupt operations and cause failures.

Q: The security team plans to use automated account reconciliation in the corporate user access review process. Which of the following must be implemented for the BEST results with the fewest errors when running the audit? A. Frequent audits B. Segregation of Duties (SoD) C. Removal of service accounts from review D. Clear provisioning policies

Correct answer: D. Clear and consistent provisioning policies ensure that automated reconciliation works correctly by aligning accounts and entitlements with policy standards.

Q: In the Common Criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements? A. Organizational Security Policy B. Security Target (ST) C. Protection Profile (PP) D. Target of Evaluation (TOE)

Correct answer: C. A Protection Profile defines security requirements independent of implementation, providing a reusable baseline for multiple evaluations.

Q: Which of the following is an example of a vulnerability of full-disk encryption (FDE)? A. Data on the device cannot be restored from backup. B. Data on the device cannot be backed up. C. Data in transit has been compromised when the user has authenticated to the device. D. Data at rest has been compromised when the user has authenticated to the device.

Correct answer: D. Once authenticated, FDE decrypts the disk, leaving data vulnerable to compromise while the user session remains active.

Q: What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks? A. Implement network access control lists (ACL). B. Implement an intrusion prevention system (IPS). C. Implement a web application firewall (WAF). D. Implement egress filtering at the organization’s network boundary.

Correct answer: A. The first step in reducing ICMP attack exposure is restricting inbound ICMP traffic using access control lists. IPS and egress controls are secondary measures.

Q: A large organization’s HR and security teams plan to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve these issues? A. Implement a Privileged Access Management (PAM) system. B. Implement a role-based access control (RBAC) system. C. Implement an identity and access management (IAM) platform. D. Implement a single sign-on (SSO) platform.

Correct answer: C. IAM platforms automate user provisioning, access certification, and review processes, improving efficiency and compliance.

Q: A cloud service accepts SAML assertions from users for authentication between domains. An attacker spoofed a registered account and queried the SAML provider. What is the MOST common attack leveraged against this flaw? A. Attacker leverages SAML assertion to register an account on the security domain. B. Attacker forges requests to authenticate as a different user. C. Attacker exchanges authentication and authorization data between domains. D. Attacker conducts denial-of-service (DoS) attacks by authenticating repeatedly.

Correct answer: B. Forged SAML assertions allow attackers to impersonate users and gain unauthorized access across federated domains.

Q: An organization is implementing security review as part of system development. Which of the following is the BEST technique to follow? A. Perform incremental assessments. B. Engage a third-party auditing firm. C. Review security architecture. D. Conduct penetration testing.

Correct answer: A. Incremental assessments throughout development detect and address security issues early, reducing rework and deployment risks.

Q: What HTTP response header can be used to disable the execution of inline JavaScript and eval()-type functions? A. X-XSS-Protection B. Content-Security-Policy C. X-Frame-Options D. Strict-Transport-Security

Correct answer: B. The Content-Security-Policy (CSP) header provides granular control over script execution, allowing organizations to block inline JavaScript, eval(), and other unsafe scripting behaviors.

Q: A security professional is rebuilding a company’s wireless infrastructure. Which of the following are the MOST important factors when deciding which wireless spectrum to deploy? A. Facility size, intermodulation, and direct satellite service B. Performance, geographic location, and radio signal interference C. Existing client devices, manufacturer reputation, and electrical interference D. Hybrid frequency band, SSID, and interpolation

Correct answer: B. Performance, environment, and interference determine optimal wireless spectrum selection and overall signal reliability.

Question 581

Question 581

What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?
A. ICS often run on UNIX operating systems.
B. ICS often do not have availability requirements.
C. ICS are often sensitive to unexpected traffic.
D. ICS are often isolated and difficult to access.

Question 582

Question 582

The security team plans to use automated account reconciliation in the corporate user access review process. Which of the following must be implemented for the BEST results with the fewest errors when running the audit?
A. Frequent audits
B. Segregation of Duties (SoD)
C. Removal of service accounts from review
D. Clear provisioning policies

Question 583

Question 583

In the Common Criteria, which of the following is a formal document that expresses an implementation-independent set of security requirements?
A. Organizational Security Policy
B. Security Target (ST)
C. Protection Profile (PP)
D. Target of Evaluation (TOE)

Question 584

Question 584

Which of the following is an example of a vulnerability of full-disk encryption (FDE)?
A. Data on the device cannot be restored from backup.
B. Data on the device cannot be backed up.
C. Data in transit has been compromised when the user has authenticated to the device.
D. Data at rest has been compromised when the user has authenticated to the device.

Question 585

Question 585

What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?
A. Implement network access control lists (ACL).
B. Implement an intrusion prevention system (IPS).
C. Implement a web application firewall (WAF).
D. Implement egress filtering at the organization’s network boundary.

Question 586

Question 586

A large organization’s HR and security teams plan to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve these issues?
A. Implement a Privileged Access Management (PAM) system.
B. Implement a role-based access control (RBAC) system.
C. Implement an identity and access management (IAM) platform.
D. Implement a single sign-on (SSO) platform.

Question 587

Question 587

A cloud service accepts SAML assertions from users for authentication between domains. An attacker spoofed a registered account and queried the SAML provider. What is the MOST common attack leveraged against this flaw?
A. Attacker leverages SAML assertion to register an account on the security domain.
B. Attacker forges requests to authenticate as a different user.
C. Attacker exchanges authentication and authorization data between domains.
D. Attacker conducts denial-of-service (DoS) attacks by authenticating repeatedly.

Question 588

Question 588

An organization is implementing security review as part of system development. Which of the following is the BEST technique to follow?
A. Perform incremental assessments.
B. Engage a third-party auditing firm.
C. Review security architecture.
D. Conduct penetration testing.

Question 589

Question 589

What HTTP response header can be used to disable the execution of inline JavaScript and eval()-type functions?
A. X-XSS-Protection
B. Content-Security-Policy
C. X-Frame-Options
D. Strict-Transport-Security

Question 590

Question 590

A security professional is rebuilding a company’s wireless infrastructure. Which of the following are the MOST important factors when deciding which wireless spectrum to deploy?
A. Facility size, intermodulation, and direct satellite service
B. Performance, geographic location, and radio signal interference
C. Existing client devices, manufacturer reputation, and electrical interference
D. Hybrid frequency band, SSID, and interpolation

Question 591

Question 591

A software development team uses open-source libraries to reduce delivery time. What must they consider when using open-source software libraries?
A. Open source libraries contain known vulnerabilities, and adversaries regularly exploit them.
B. Open source libraries can be used by everyone safely.
C. Open source libraries contain unknown vulnerabilities, so they should not be used.
D. Open source libraries are constantly updated, reducing exploit risks.

Question 592

Question 592

A security engineer has completed research for a new patch. Where should the patch be applied FIRST?
A. Lower environment
B. Desktop environment
C. Server environment
D. Production environment

Question 593

Question 593

What BEST describes the confidentiality, integrity, availability triad?
A. A vulnerability assessment to see how well the organization’s data is protected
B. The three-step approach to determine organizational risk
C. The implementation of security systems to protect organizational data
D. A tool used to assist in understanding how to protect data

Question 594

Question 594

Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?
A. To provide precise direction for selecting recovery alternatives
B. To show commitment to continuity efforts to the board of directors
C. To provide a formal declaration for internal audit requirements
D. To demonstrate to regulators that the company takes business continuity seriously

Question 595

Question 595

A Simple Power Analysis (SPA) attack against a device directly observes which of the following?
A. Magnetism
B. Generation
C. Consumption
D. Static discharge

Question 596

Question 596

Which of the following MUST the administrator of a SIEM system ensure?
A. All sources are synchronized with a common time reference.
B. All sources are reporting in the same XML format.
C. Data sources do not contain privacy violations.
D. Each source uses the same IP address for reporting.

Question 597

Question 597

An organization wants to share data securely with partners over the Internet. Which standard port is typically used to meet this requirement?
A. UDP port 69
B. TCP port 21
C. TCP port 22
D. TCP port 80

Question 598

Question 598

When designing a business continuity plan (BCP), what is the formula to determine the Maximum Tolerable Downtime (MTD)?
A. Estimated Maximum Loss (EML) + Recovery Time Objective (RTO)
B. Business Impact Analysis (BIA) + Recovery Point Objective (RPO)
C. Annual Loss Expectancy (ALE) + Work Recovery Time (WRT)
D. Recovery Time Objective (RTO) + Work Recovery Time (WRT)

Question 599

Question 599

In systems security engineering, what does the security principle of modularity provide?
A. Minimal access to perform a function
B. Documentation of functions
C. Isolated functions and data
D. Secure distribution of programs and data

Question 600

Question 600

Which of the following is the strongest physical access control?
A. Biometrics, a password, and personal identification number (PIN)
B. Individual password for each user
C. Biometrics and badge reader
D. Biometrics, a password, and badge reader