CISSP Free Practice Test

- (Exam Topic 15)
What action should be taken by a business line that is unwilling to accept the residual risk in a system after implementing compensating controls?

1. A. Notify the audit committee of the situation.
2. B. Purchase insurance to cover the residual risk.
3. C. Implement operational safeguards.
4. D. Find another business line willing to accept the residual risk.

Correct Answer: B

- (Exam Topic 15)
A large manufacturing organization arranges to buy an industrial machine system to produce a new line of products. The system includes software provided to the vendor by a thirdparty organization. The financial risk to the manufacturing organization starting production is high. What step should the manufacturing organization take to minimize its financial risk in the new venture prior to the purchase?

1. A. Hire a performance tester to execute offline tests on a system.
2. B. Calculate the possible loss in revenue to the organization due to software bugs and vulnerabilities, and compare that to the system's overall price.
3. C. Place the machine behind a Layer 3 firewall.
4. D. Require that the software be thoroughly tested by an accredited independent software testing company.

Correct Answer: B

- (Exam Topic 15)
What does the result of Cost-Benefit Analysis (C8A) on new security initiatives provide?

1. A. Quantifiable justification
2. B. Baseline improvement
3. C. Risk evaluation
4. D. Formalized acceptance

Correct Answer: A

- (Exam Topic 11)
Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?

1. A. Access based on rules
2. B. Access based on user's role
3. C. Access determined by the system
4. D. Access based on data sensitivity

Correct Answer: B

- (Exam Topic 15)
In a multi-tenant cloud environment, what approach will secure logical access to assets?

1. A. Hybrid cloud
2. B. Transparency/Auditability of administrative access
3. C. Controlled configuration management (CM)
4. D. Virtual private cloud (VPC)

Correct Answer: D