This practice exam is designed to help you prepare for the CISSP exam.
This CISSP Practice Test is the most effective and beneficial for you to pass the exam on the first go. In fact, you will not only pass your exam but also get a profound understanding of the respective subjects.
The 2021 update to the CISSP exam introduces many new topics and revisions of topics present on the previous version of the exam.
Exam Details : In the CISSP-CAT format, the student will view a minimum of 100 questions and a maximum of 150 with a three-hour time limit.
CISSP exam tips
Don’t skip questions : You get one chance to view a question and provide an answer. You cannot revisit previous questions. Although it is not stated, a skipped question is likely marked as incorrect. Therefore, guessing is still a better strategy than skipping. You should always attempt to eliminate question options from consideration, then select your answer from the remaining options.
The 2021 CISSP exam questions seem to have the same level of depth and complexity as previous versions, with only a handful of new topics.
2018 CISSP Exam 2021 CISSP Exam
1. Security and Risk Management 15% 1. Security and Risk Management 15%
2. Asset Security 10% 2. Asset Security 10%
3. Security Architecture and Engineering 13% 3. Security Architecture and Engineering 13%
4. Communication and Network Security 14% 4. Communication and Network Security 13%
5. Identity and Access Management (IAM) 13% 5. Identity and Access Management (IAM) 13%
6. Security Assessment and Testing 12% 6. Security Assessment and Testing 12%
7. Security Operations 13% 7.Security Operations 13%
8. Software Development Security 10% 8.Software Development Security 11%\
FEATURES & BENEFITS :
4 practice tests, questions with explanation.
- Practice like the real CISSP exam
Pause or stop the exam whenever you like
- Practice on your own time, at your own pace
Detailed explanation of answer
- Better understanding of the content, also understand why the wrong answers are incorrect
- Udemy's courses all have lifetime access, so use this practice test to brush up on your CISSP skills whenever you like
Sample Practice Test with Explanation.
1) The BEST method to mitigate the risk of a dictionary attack on a system is to
A. use a hardware token.
B. use complex passphrases.
C. implement password history.
D. encrypt the access control list (ACL).
a dictionary attack is a form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying thousands or millions of likely possibilities, such as words in a dictionary.
Set up multi-factor authentication where possible.
Use biometrics in lieu of passwords.
Limit the number of attempts allowed within a given period of time.
Force account resets after a certain number of failed attempts.
2) An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?
A. Add a new rule to the application layer firewall
B. Block access to the service
C. Install an Intrusion Detection System (IDS)
D. Patch the application source code
An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from.
A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service.
Exception handling" is the key. Exception: Deliver all the inputs to the webserver to a different URL/email and add a new rule in the application Firewall to block all the traffic to the to url/email configured in the Exception.
3) Organization need to ensure they are compliant with all the laws and regulations of all the states, territories, and countries they operate in. How are the security breach notification laws in the US handled?
B. Mandatory for states to have.
C. Handled by the individual states.
D. Handled by the individual organization.
Security breach notification laws or data breach notification laws are laws that require individuals or entities affected by a data breach, unauthorized access to data, to notify their customers and other parties about the breach, as well as take specific steps to remedy the situation based on state legislature. Data breach notification laws have two main goals. The first goal is to allow individuals a chance to mitigate risks against data breaches. The second goal is to promote company incentive to strengthen data security. Together, these goals work to minimize consumer harm from data breaches, including impersonation, fraud, and identity theft.
Such laws have been irregularly enacted in all 50 U.S. states since 2002. Currently, all 50 states have enacted forms of data breach notification laws. It should be noted though, that there is no federal data breach notification law, despite previous legislative attempts.