CISSP Free Practice Test

- (Exam Topic 12)
During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory?

1. A. Calculate the value of assets being accredited.
2. B. Create a list to include in the Security Assessment and Authorization package.
3. C. Identify obsolete hardware and software.
4. D. Define the boundaries of the information system.

Correct Answer: A

- (Exam Topic 10)
What component of a web application that stores the session state in a cookie can be bypassed by an attacker?

1. A. An initialization check
2. B. An identification check
3. C. An authentication check
4. D. An authorization check

Correct Answer: C

- (Exam Topic 9)
Which of the following is a physical security control that protects Automated Teller Machines (ATM) from skimming?

1. A. Anti-tampering
2. B. Secure card reader
3. C. Radio Frequency (RF) scanner
4. D. Intrusion Prevention System (IPS)

Correct Answer: A

- (Exam Topic 13)
An organization has outsourced its financial transaction processing to a Cloud Service Provider (CSP) who will provide them with Software as a Service (SaaS). If there was a data breach who is responsible for monetary losses?

1. A. The Data Protection Authority (DPA)
2. B. The Cloud Service Provider (CSP)
3. C. The application developers
4. D. The data owner

Correct Answer: B

- (Exam Topic 9)
Which of the following actions should be performed when implementing a change to a database schema in a production system?

1. A. Test in development, determine dates, notify users, and implement in production
2. B. Apply change to production, run in parallel, finalize change in production, and develop a back-out strategy
3. C. Perform user acceptance testing in production, have users sign off, and finalize change
4. D. Change in development, perform user acceptance testing, develop a back-out strategy, and implement change

Correct Answer: D