Free Practice Questions for Certified Information Systems Security Professional (CISSP) (CISSP)

QUESTION 31

- (Exam Topic 9)
Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?

Correct Answer: D

QUESTION 32

- (Exam Topic 13)
What capability would typically be included in a commercially available software package designed for access control?

Correct Answer: A

QUESTION 33

- (Exam Topic 14)
Which inherent password weakness does a One Time Password (OTP) generator overcome?

Correct Answer: D

QUESTION 34

- (Exam Topic 14)
What is the threat modeling order using process for Attack simu-lation and threat analysis (PASTA)?

A. Application decomposition, threat analysis, vulnerability detection, attack enumeration, risk/impact analysis
B. Threat analysis, vulnerability detection, application decomposition, attack enumeration, risk/Impact analysis
C. Risk/impact analysis, application decomposition, threat analysis, vulnerability detection, attack enumeration
D. Application decomposition, threat analysis, risk/impact analysis, vulnerability detection, attack enumeration

Correct Answer: A

QUESTION 35

- (Exam Topic 8)
When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?

A. After the system preliminary design has been developed and the data security categorization has been performed
B. After the vulnerability analysis has been performed and before the system detailed design begins
C. After the system preliminary design has been developed and before the data security categorization begins
D. After the business functional analysis and the data security categorization have been performed

Correct Answer: D

CISSP Dumps