CISSP Free Practice Test

- (Exam Topic 15)
Which of the following phases in the software acquisition process does developing evaluation criteria take place?

1. A. Follow-On
2. B. Planning
3. C. Contracting
4. D. Monitoring and Acceptance

Correct Answer: D

- (Exam Topic 12)
Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution?

1. A. Notification tool
2. B. Message queuing tool
3. C. Security token tool
4. D. Synchronization tool

Correct Answer: C

- (Exam Topic 14)
Which layer of the Open systems Interconnection (OSI) model is being targeted in the event of a Synchronization (SYN) flood attack?

1. A. Session
2. B. Transport
3. C. Network
4. D. Presentation

Correct Answer: B

- (Exam Topic 15)
A web-based application known to be susceptible to attacks is now under review by a senior developer. The organization would like to ensure this application Is less susceptible to injection attacks specifically,
What strategy will work BEST for the organization's situation?

1. A. Do not store sensitive unencrypted data on the back end.
2. B. Whitelist input and encode or escape output before it is processed for rendering.
3. C. Limit privileged access or hard-coding logon credentials,
4. D. Store sensitive data in a buffer that retains data in operating system (OS) cache or memory.

Correct Answer: B

- (Exam Topic 9)
Copyright provides protection for which of the following?

1. A. Ideas expressed in literary works
2. B. A particular expression of an idea
3. C. New and non-obvious inventions
4. D. Discoveries of natural phenomena

Correct Answer: B