CISSP Free Practice Test

- (Exam Topic 11)
Which of the following BEST describes a rogue Access Point (AP)?

1. A. An AP that is not protected by a firewall
2. B. An AP not configured to use Wired Equivalent Privacy (WEP) with Triple Data Encryption Algorithm (3DES)
3. C. An AP connected to the wired infrastructure but not under the management of authorized network administrators
4. D. An AP infected by any kind of Trojan or Malware

Correct Answer: C

- (Exam Topic 15)
When testing password strength, which of the following is the BEST method for brute forcing passwords?

1. A. Conduct an offline attack on the hashed password information.
2. B. Conduct an online password attack until the account being used is locked.
3. C. Use a comprehensive list of words to attempt to guess the password.
4. D. Use social engineering methods to attempt to obtain the password.

Correct Answer: C

- (Exam Topic 15)
What is the BEST reason to include supply chain risks in a corporate risk register?

1. A. Risk registers help fund corporate supply chain risk management (SCRM) systems.
2. B. Risk registers classify and categorize risk and allow risks to be compared to corporate risk appetite.
3. C. Risk registers can be used to illustrate residual risk across the company.
4. D. Risk registers allow for the transfer of risk to third parties.

Correct Answer: B

- (Exam Topic 15)
When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?

1. A. The actual origin and tools used for the test can be hidden.
2. B. Information may be found on related breaches and hacking.
3. C. Vulnerabilities can be tested without impact on the tested environment.
4. D. Information may be found on hidden vendor patches.

Correct Answer: D

- (Exam Topic 15)
An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users were not informed as to what information collected would be shared. What technical controls should be put in place to remedy the privacy issue while still trying to accomplish the organization's business goals?

1. A. Default the user to not share any information.
2. B. Inform the user of the sharing feature changes after implemented.
3. C. Share only what the organization decides is best.
4. D. Stop sharing data with the other users.

Correct Answer: D