CISSP Free Practice Test

- (Exam Topic 13)
Which of the following mandates the amount and complexity of security controls applied to a security risk?

1. A. Security vulnerabilities
2. B. Risk tolerance
3. C. Risk mitigation
4. D. Security staff

Correct Answer: C

- (Exam Topic 12)
In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?

1. A. Reduced risk to internal systems.
2. B. Prepare the server for potential attacks.
3. C. Mitigate the risk associated with the exposed server.
4. D. Bypass the need for a firewall.

Correct Answer: A

- (Exam Topic 15)
Which of the following MUST the administrator of a security information and event management (SIEM) system ensure?

1. A. All sources are reporting in the exact same Extensible Markup Language (XML) format.
2. B. Data sources do not contain information infringing upon privacy regulations.
3. C. All sources are synchronized with a common time reference.
4. D. Each source uses the same Internet Protocol (IP) address for reporting.

Correct Answer: C

- (Exam Topic 12)
Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a

1. A. clear-text attack.
2. B. known cipher attack.
3. C. frequency analysis.
4. D. stochastic assessment.

Correct Answer: C

- (Exam Topic 10)
Which of the following is the BEST countermeasure to brute force login attacks?

1. A. Changing all canonical passwords
2. B. Decreasing the number of concurrent user sessions
3. C. Restricting initial password delivery only in person
4. D. Introducing a delay after failed system access attempts

Correct Answer: D