CISSP Free Practice Test

- (Exam Topic 11)
A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?

1. A. Assess vulnerability risk and program effectiveness.
2. B. Assess vulnerability risk and business impact.
3. C. Disconnect all systems with critical vulnerabilities.
4. D. Disconnect systems with the most number of vulnerabilities.

Correct Answer: B

- (Exam Topic 15)
Which of the following Disaster recovery (DR) testing processes is LEAST likely to disrupt normal business operations?

1. A. Parallel
2. B. Simulation
3. C. Table-top
4. D. Cut-over

Correct Answer: C

- (Exam Topic 15)
A customer continues to experience attacks on their email, web, and File Transfer Protocol (FTP) servers. These attacks are impacting their business operations. Which of the following is the BEST recommendation to make?

1. A. Configure an intrusion detection system (IDS).
2. B. Create a demilitarized zone (DMZ).
3. C. Deploy a bastion host.
4. D. Setup a network firewall.

Correct Answer: C

- (Exam Topic 15)
An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor documents a finding related to an Application Programming Interface (API) performing an action that is not aligned with the scope or objective of the system. Which trust service principle would be MOST applicable in this situation?

1. A. Processing Integrity
2. B. Availability
3. C. Confidentiality
4. D. Security

Correct Answer: B

- (Exam Topic 12)
During which of the following processes is least privilege implemented for a user account?

1. A. Provision
2. B. Approve
3. C. Request
4. D. Review

Correct Answer: A