ISC CISSP Practice Questions

We would implement defense in depth everywhere. We would not implement it "no where", the double negative would cancel each other out. Remember this is also an exam in the English language assuming you take it in English, it does intend to trick you at times.

Question 292

One of our senior VPs calls you up to explain a term he heard at a conference. He heard about cybersquatting and wants to know more. Which of these is TRUE about it?

Potentially illegal.

Never profitable.

Legal.

Always illegal.

check_circle

Correct AnswerC

Cybersquatting – Buying an URL you know someone else will need (To sell at huge profit – not illegal).

Question 293

Looking at the governance of our organization, our standards could be described by which of these?

Recommendations.

Specific: all laptops are W10, 64-bit, 8GB memory.

Low level step-by-step guides.

Non-specific, but can contain patches, updates, strong encryption.

check_circle

Correct AnswerB

Standards – Mandatory. Describes a specific use of technology (All laptops are W10, 64-bit, 8GB memory, etc.)

Question 294

We are designing a new data center. At a presentation to senior management and the board of directors, you are asked: "Why do we need to keep the humidity controlled in the data center?" What should your reply be?

To prevent EMI.

To keep it nice in there for employees.

To ensure the data is safe.

To prevent corrosion on our equipment.

check_circle

Correct AnswerC

To ensure the data is safe: We want to keep the humidity between 40 and 60% rH (Relative Humidity), too low humidity will cause static electricity and high humidity will corrode metals (electronics).

While "Prevent corrosion" is correct, "Keep data safe" is more correct.

Question 295

In newer computer architecture, we have split the bus into a north and a southbridge. The northbridge is much faster than the southbridge. Which of these is the northbridge?

check_circle

Correct AnswerB

The Northbridge (Host bridge) is connected to the CPU, the RAM, GPU, and the southbridge. The southbridge is connected to the peripherals and the northbridge. There are no North/Southbridge standards, but they must be able to work with each other.

Question 296

We are, as part of our server hardening, blocking unused ports on our servers. One of the ports we are blocking is Transmission Control Protocol (TCP) port 23. What are we blocking?

FTP control.

FTP data transfer.

SSH.

Telnet.

check_circle

Correct AnswerD

Telnet: Remote access over a network. Uses TCP port 23, all data is plaintext including usernames and passwords, should not be used. Attackers with network access can easily sniff credentials and alter data and take controls of telnet sessions.

Question 297

Having a single, well-controlled, defined data integrity system increases all of these EXCEPT which?

Maintainability.

Redundant data.

Stability.

Performance.

check_circle

Correct AnswerB

Having a single, well controlled, and well defined data-integrity system increases: Stability: One centralized system performs all data integrity operations. Performance: All data integrity operations are performed in the same tier as the consistency model. Re-usability: All applications benefit from a single centralized data integrity system. Maintainability: One centralized system for all data integrity administration.

Question 298

Brute force can, in theory, break any password, even one-time pads. Is that a problem we should consider if we use proper security measures around our one-time pads?

No. There would be too many false positives for it to matter.

Brute force can't break one-time pads.

Yes, The attacker would have the key.

Yes. If broken, the one-time pad is useless.

check_circle

Correct AnswerA

Brute Force attacks uses the entire key space (every possible key). With enough time, any plaintext can be decrypted. Effective against all key-based ciphers except the one-time pad; it would eventually decrypt it, but it would also generate so many false positives the data would be useless.

Question 299

Bob has been tasked with adding content-based access control, in addition to our existing security controls. Which of these could be part of what he implements?

Access to data only between 0800 (8AM) and 1700 (5PM).

Hiding or showing menus in an application.

Access to data dependent on job title.

Access to data depending on labels and clearance.

check_circle

Correct AnswerB

Content-based access control: Access is provided based on the attributes or content of an object, then it is known as a content-dependent access control. Hiding or showing menus in an application, views in databases, and access to confidential information are all content-dependent. In this type of control, the value and attributes of the content that is being accessed determines the control requirements.

Question 300

We are finishing our software development and we are doing the software acceptance testing. What is the purpose of user acceptance testing?

To ensure the software is as secure or more secure than the rules, laws and regulations of our industry.

To ensure the software is functional for and tested by the end user and the application manager.

To ensure the software perform as expected in our live environment vs. our development environment.

To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities.

check_circle

Correct AnswerB

The User Acceptance test: Is the software functional for the users who will be using it, it is tested by the users and application managers.

chevron_left 1...29 30 31...33 chevron_right

AcingExam

Precision in Certification. Momentum in Career.

Product

Home
View All Exams

Company

About Us
Privacy Policy
Terms of Service

Connect

public alternate_email share

System Status: Optimal

AcingExam

homeHome local_fire_departmentPopular Exams library_booksView All Exams mailContact

AcingExam

Precision in Certification. Momentum in Career.

Product

Home
View All Exams

Company

About Us
Privacy Policy
Terms of Service

Connect

public alternate_email share

System Status: Optimal

ISC CISSP Practice Questions - AcingExam

mail[email protected]

Trusted by 1.5M+ IT Professionals

AcingExam

homeHome local_fire_departmentPopular Exams library_booksView All Exams mailContact

Homechevron_rightISCchevron_rightCISSPchevron_rightPractice Questions

The latest changes and updates from the administration for this exam.

verified

Latest Update: Jun 13 2026

All questions are working fine.

All Questions (645)bookmarkBookmarked (0)

All645Show all accessible questions in this exam.Missed645Questions you haven't attempted yet.Incorrect0Questions you answered incorrectly on your last attempt.

Question 291

Where would be a good place for us to NOT implement defense in depth?

Our VPNs

Our call center.

Nowhere.

Our data centers.

check_circle

Correct AnswerC

Question 292

One of our senior VPs calls you up to explain a term he heard at a conference. He heard about cybersquatting and wants to know more. Which of these is TRUE about it?

Potentially illegal.

Never profitable.

Legal.

Always illegal.

check_circle

Correct AnswerC

Cybersquatting – Buying an URL you know someone else will need (To sell at huge profit – not illegal).

Question 293

Looking at the governance of our organization, our standards could be described by which of these?

Recommendations.

Specific: all laptops are W10, 64-bit, 8GB memory.

Low level step-by-step guides.

Non-specific, but can contain patches, updates, strong encryption.

check_circle

Correct AnswerB

Standards – Mandatory. Describes a specific use of technology (All laptops are W10, 64-bit, 8GB memory, etc.)

Question 294

To prevent EMI.

To keep it nice in there for employees.

To ensure the data is safe.

To prevent corrosion on our equipment.

check_circle

Correct AnswerC

To ensure the data is safe: We want to keep the humidity between 40 and 60% rH (Relative Humidity), too low humidity will cause static electricity and high humidity will corrode metals (electronics).

While "Prevent corrosion" is correct, "Keep data safe" is more correct.

Question 295

In newer computer architecture, we have split the bus into a north and a southbridge. The northbridge is much faster than the southbridge. Which of these is the northbridge?

check_circle

Correct AnswerB

Question 296

We are, as part of our server hardening, blocking unused ports on our servers. One of the ports we are blocking is Transmission Control Protocol (TCP) port 23. What are we blocking?

FTP control.

FTP data transfer.

SSH.

Telnet.

check_circle

Correct AnswerD

Question 297

Having a single, well-controlled, defined data integrity system increases all of these EXCEPT which?

Maintainability.

Redundant data.

Stability.

Performance.

check_circle

Correct AnswerB

Question 298

Brute force can, in theory, break any password, even one-time pads. Is that a problem we should consider if we use proper security measures around our one-time pads?

No. There would be too many false positives for it to matter.

Brute force can't break one-time pads.

Yes, The attacker would have the key.

Yes. If broken, the one-time pad is useless.

check_circle

Correct AnswerA

Question 299

Bob has been tasked with adding content-based access control, in addition to our existing security controls. Which of these could be part of what he implements?

Access to data only between 0800 (8AM) and 1700 (5PM).

Hiding or showing menus in an application.

Access to data dependent on job title.

Access to data depending on labels and clearance.

check_circle

Correct AnswerB

Question 300

We are finishing our software development and we are doing the software acceptance testing. What is the purpose of user acceptance testing?

To ensure the software is as secure or more secure than the rules, laws and regulations of our industry.

To ensure the software is functional for and tested by the end user and the application manager.

To ensure the software perform as expected in our live environment vs. our development environment.

To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities.

check_circle

Correct AnswerB

The User Acceptance test: Is the software functional for the users who will be using it, it is tested by the users and application managers.

chevron_left 1...29 30 31...33 chevron_right

AcingExam

Precision in Certification. Momentum in Career.

Product

Home
View All Exams

Company

About Us
Privacy Policy
Terms of Service

Connect

public alternate_email share

System Status: Optimal

Update History

Update History