CISSP Practice Questions (621–640)

← Back to CISSP Quiz

Question 621

Question 621

In software development, which type of queries should be used to prevent SQL injection?
A. Parameterized
B. Controlled
C. Dynamic
D. Static

Question 622

Question 622

Which type of access control allows only users meeting multiple attribute conditions (e.g., type=manager and department=sales)?
A. Role-based access control (RBAC)
B. Attribute-based access control (ABAC)
C. Discretionary access control (DAC)
D. Mandatory access control (MAC)

Question 623

Question 623

Which of the following BEST minimizes the attack surface for customer private information?
A. Data masking
B. Authentication
C. Obfuscation
D. Collection limitation

Question 624

Question 624

Which evidence collection technique is used when a rootkit is suspected and rapid analysis is required?
A. Forensic disk imaging
B. Live response
C. Memory collection
D. Malware analysis

Question 625

Question 625

An auditor finds issues in the disaster recovery procedures of a third-party funds transfer application. Which report should be filed?
A. SAS 70-1
B. SAS 70
C. SOC 1
D. SOC 2

Question 626

Question 626

Which of the following is a common component of big data environments?
A. Distributed storage locations
B. Centralized processing location
C. Distributed data collection
D. Consolidated data collection

Question 627

Question 627

A CISO is planning a cloud migration. What should be the FIRST consideration?
A. Analyze firm’s applications and data repositories to determine control requirements.
B. Request a third-party risk assessment.
C. Define the cloud migration roadmap and set application scope.
D. Ensure the contract defines shared security responsibilities.

Question 628

Question 628

Which BEST describes the purpose of Border Gateway Protocol (BGP)?
A. Provide RIP version 2 advertisements to layer 3 devices.
B. Maintain a list of network paths between routers.
C. Provide firewall services to cloud applications.
D. Maintain a list of efficient network paths between autonomous systems.

Question 629

Question 629

What is the BEST design for securing physical perimeter protection?
A. Closed-circuit television (CCTV)
B. Business continuity planning (BCP)
C. Barriers, fences, gates, and walls
D. Crime Prevention Through Environmental Design (CPTED)

Question 630

Question 630

Which solution is MOST effective at discovering a successful network breach?
A. Developing a sandbox
B. Installing an intrusion detection system (IDS)
C. Deploying a honeypot
D. Installing an intrusion prevention system (IPS)

Question 631

Question 631

Which is a benefit of implementing data-in-use controls?
A. Data must be decrypted to be opened.
B. When the data is being viewed, it can only be printed by authorized users.
C. Data in use is accessed through secure protocols.
D. Lost data cannot be accessed by unauthorized users.

Question 632

Question 632

When configuring EAP in a VoIP network, which authentication type is MOST secure?
A. PEAP
B. EAP-Transport Layer Security (TLS)
C. EAP-Tunneled TLS
D. EAP-Flexible Authentication via Secure Tunneling

Question 633

Question 633

Which is the BEST guideline to follow to avoid exposure of sensitive data?
A. Monitor mail servers for exfiltration.
B. Educate users about attacks.
C. Establish report parameters.
D. Store sensitive data only when necessary.

Question 634

Question 634

An organization with divisions in the United States (US) and the United Kingdom (UK) processes data comprised of personal information belonging to subjects living in the European Union (EU) and in the US. Which data MUST be handled according to the privacy protections of General Data Protection Regulation (GDPR)?
A. Only the UK citizens’ data
B. Only the EU residents’ data
C. Only data processed in the UK
D. Only the EU citizens’ data

Question 635

Question 635

What are the first two components of logical access control?
A. Authentication and availability
B. Authentication and identification
C. Identification and confidentiality
D. Confidentiality and authentication

Question 636

Question 636

Which of the following is the MOST effective measure for dealing with rootkit attacks?
A. Restoring the system from the last backup
B. Finding and replacing the altered binaries with legitimate ones
C. Turning off unauthorized services and rebooting the system
D. Reinstalling the system from trusted sources

Question 637

Question 637

Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy?
A. Storage
B. Training
C. Legal
D. Business

Question 638

Question 638

A new employee formally reported suspicious behavior to the organization security team. The report claims that someone not affiliated with the organization was inquiring about the member’s work location, length of employment, and building access controls. The employee’s reporting is MOST likely the result of which of the following?
A. Security engineering
B. Security awareness
C. Phishing
D. Risk avoidance

Question 639

Question 639

The disaster recovery (DR) process should always include:
A. periodic inventory review
B. financial data analysis
C. plan maintenance
D. periodic vendor review

Question 640

Question 640

An organization has determined that its previous waterfall approach to software development is not keeping pace with business demands. To adapt to the rapid changes required for product delivery, the organization has decided to move towards an Agile software development and release cycle. In order to ensure the success of the Agile methodology, who is the MOST critical in creating acceptance criteria for each release?
A. Business customers
B. Software developers
C. Independent testers
D. Project managers