CISSP Free Practice Test

- (Exam Topic 14)
Which of the following is an accurate statement when an assessment results in the discovery of vulnerabilities in a critical network component?

1. A. The fact that every other host is sufficiently hardened does not change the fact frat the network is placed at risk of attack.
2. B. There is little likelihood that the entire network is being placed at a significant risk of attack.
3. C. A second assessment should immediately be performed after all vulnerabilities are corrected.
4. D. There is a low possibility that any adjacently connected components have been compromised by an attacker

Correct Answer: C

- (Exam Topic 10)
Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

1. A. Application monitoring procedures
2. B. Configuration control procedures
3. C. Security audit procedures
4. D. Software patching procedures

Correct Answer: B

- (Exam Topic 15)
What is the MAIN purpose of conducting a business impact analysis (BIA)?

1. A. To determine the critical resources required to recover from an incident within a specified time period
2. B. To determine the effect of mission-critical information system failures on core business processes
3. C. To determine the cost for restoration of damaged information system
4. D. To determine the controls required to return to business critical operations

Correct Answer: B

- (Exam Topic 15)
While performing a security review for a new product, an information security professional discovers that the organization's product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?

1. A. Customer identifiers should be a variant of the user’s government-issued ID number.
2. B. Customer identifiers that do not resemble the user’s government-issued ID number should be used.
3. C. Customer identifiers should be a cryptographic hash of the user's government-issued ID number.
4. D. Customer identifiers should be a variant of the user’s name, for example, “jdoe” or “john.doe.”

Correct Answer: C

- (Exam Topic 15)
Which element of software supply chain management has the GREATEST security risk to organizations?

1. A. New software development skills are hard to acquire.
2. B. Unsupported libraries are often used.
3. C. Applications with multiple contributors are difficult to evaluate.
4. D. Vulnerabilities are difficult to detect.

Correct Answer: B