Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Software Development Tools No-Code Development
Business
Entrepreneurship Communication Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certifications Network & Security Hardware Operating Systems & Servers Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Paid Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement & Gardening Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition & Diet Yoga Mental Health Martial Arts & Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Learning Teacher Training Test Prep Other Teaching & Academics
Web Development JavaScript React Angular CSS Node.Js HTML5 PHP Vue JS
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Amazon AWS Cisco CCNA Microsoft AZ-900 AWS Certified Developer - Associate
Microsoft Power BI SQL Tableau Data Modeling Business Analysis Business Intelligence MySQL Qlik Sense Blockchain
Unity Unreal Engine Game Development Fundamentals C# 3D Game Development C++ Unreal Engine Blueprints 2D Game Development Virtual Reality
Google Flutter Android Development iOS Development React Native Swift Dart (programming language) Mobile App Development Kotlin SwiftUI
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting Canva InDesign Character Design Procreate Digital Illustration App
Life Coach Training Neuro-Linguistic Programming Personal Development Personal Transformation Life Purpose Mindfulness Meditation CBT Cognitive Behavioral Therapy Sound Therapy
Entrepreneurship Fundamentals Business Fundamentals Freelancing Business Strategy Startup Business Plan Online Business Blogging Home Business
Digital Marketing Social Media Marketing Marketing Strategy Internet Marketing Google Analytics Copywriting Email Marketing YouTube Marketing Podcasting
2022-05-09T13:59:41Z

IT & SoftwareIT CertificationsCISSP - Certified Information Systems Security Professional

Hard CISSP Practice Questions - Domain Wise (400 Questions)

4 Full Length CISSP Practice Tests with Explanations by CISSP certified PhDs and Industry Professionals
Rating: 4.4 out of 54.4 (84 ratings)
1,639 students
Created by Logix Academy
Last updated 9/2021
English

Description

Domain-wise 400 original and unseen practice exam questions that will help you clear the CISSP exam in the first attempt.


  • Designed by a team of CISSP certified PhDs and industry experts

  • Detailed Explanations

  • Distributed Domain Wise

Please note that our exams are designed to be difficult to crack, but that is because we try to match the difficulty and complexity of the actual CISSP exam which has an incredibly low pass rate (and hence the stellar reputation). Please attempt these only if you are ready to attack the actual exam. If you have doubts about the validity/correctness of any of our questions, just ping us and we will provide several references to support the accuracy of our exams.


Please take this course if you understand/appreciate the following sample questions which are a noteworthy indication of the quality of the rest of the course:


Sample Questions (Solution Below):

1. In an organization, the primary purpose of a security procedure is to __________.

a) Guide in decision making with regards to security

b) Train employees and ensure consistency in security related business processes

c) Indicate expected user behaviour

d) Provide recommendations on implementing security processes


2. Which of the following is a possible oversight which can happen with job rotation?

a) Privilege creep

b) Lack of separation of duties

c) Collusion

d) All of the above


3. Which of the following BEST describes exposure?

a) A flaw or weakness of an asset or a safeguard

b) Damage, loss or disclosure of an asset

c) An illegal act

d) A weakness or vulnerability that can cause a security breach


4. A notice placed on the common room wall about the usage conditions of Wi-Fi is a ______ access control?

a) Preventive

b) Corrective

c) Compensating

d) Driective


5. Which of the following is true about private key cryptography?

a) It is scalable

b) It is faster than public key cryptography

c) It offers nonrepudiation

d) Different keys are used for encryption and decryption


6. Which of the following models employs sensitivity labels such as top secret and secret?

a) RBAC

b) DAC

c) MAC

d) Rule Based Access Control


7. A digital certificate endorsed by a CA contains the issuer name, public key of david.cooper@itpro.com as well as the serial number, period of validity and the signature algorithm used. Which of the following is NOT true about this certificate?

a) It is only valid as long as the validity period mentioned

b) The subject’s public key can now be used by the general public to decrypt messages

c) It certifies that David Cooper is the subject

d) The signature algorithm mentioned must be used to decrypt the public key


8. Which of the following is a MORE serious concern for biometric authentication systems?

a) False positives

b) False negatives

c) True positive

d) True negative


9. An organization wants to test a software but does not have access to its source code. Which of the following is NOT a valid type of testing?

a) DAST

b) Blackbox

c) Fuzzing

d) SAST


10. Demonstrating to someone that you know the password to a lock without sharing it with that person is an example of?

a) Split-knowledge

b) Zero-knowledge proof

c) Work function

d) Secure proofing


Solution:

1. In an organization, the primary purpose of a security procedure is to __________.

a) Guide in decision making with regards to security

b) Train employees and ensure consistency in security related business processes

c) Indicate expected user behaviour

d) Provide recommendations on implementing security processes

Explanation: A security procedure trains employees and ensures consistency in security related business processes. It streamlines security related business processes to ensure minimal variations and also offers consistency in the implementation of security controls. Guidance in decision making is provided by policies, and standards are used to indicate expected user behaviour. Recommendations on implementing security processes is part of guidelines which are optional in nature.


2. Which of the following is a possible oversight which can happen with job rotation?

a) Privilege creep

b) Lack of separation of duties

c) Collusion

d) All of the above

Explanation: Privilege creep occurs when an employee accumulates access and privileges across job rotations because their privileges are not periodically reviewed and updated. They accumulate privileges which they don’t even need but still possess. Lack of separation of duties may compromise security but is not related to job rotation. Similarly, collusion can occur regardless of job rotation.


3. Which of the following BEST describes exposure?

a) A flaw or weakness of an asset or a safeguard

b) Damage, loss or disclosure of an asset

c) An illegal act

d) A weakness or vulnerability that can cause a security breach

Explanation: Exposure refers to a weakness or vulnerability that can cause a security breach i.e. the adverse event has not actually occurred, but it is an estimation of the adverse consequences of such an event. A flaw or weakness of the asset or the safeguard is called a vulnerability and if a threat has already been realized then it is called experienced exposure.


4. A notice placed on the common room wall about the usage conditions of Wi-Fi is a ______ access control?

a) Preventive

b) Corrective

c) Compensating

d) Driective

Explanation: This is an example of a directive access control. Directive access control mechanisms aim at directing subjects to a certain behaviour or to limit their actions. Preventive access control refers to prevent the unwanted activity from happening in the first place. Corrective access controls aim to return the system state to normalcy or correct a damaged system after an incident. Compensating access control provide additional security to address weakness in an existing security control.


5. Which of the following is true about private key cryptography?

a) It is scalable

b) It is faster than public key cryptography

c) It offers nonrepudiation

d) Different keys are used for encryption and decryption

Explanation: Private key (or symmetric key) cryptography is significantly fast compared to public key cryptography because of the nature of mathematics involved and because it uses the same algorithm for encryption and decryption. However, it is not scalable as different pairs of users need to generate keys for their communication, leading to a large number of keys. Moreover, it does not offer nonrepudiation since the same key is used by different users for encryption and decryption.


6. Which of the following models employs sensitivity labels such as top secret and secret?

a) RBAC

b) DAC

c) MAC

d) Rule Based Access Control

Explanation: MAC (Mandatory Access Control) implements access controls based on the clearances of subjects and the labels assigned to objects. RBAC (Role-based Access Control) assigns permissions to subjects based on the role that has been assigned to them in the organization. DAC (Discretionary Access Control) is a more flexible model which allows subjects which have ownership over objects to share them with other subjects. Rule based Access Control assigns permissions based on a pre-defined list of rules.


7. A digital certificate endorsed by a CA contains the issuer name, public key of david.cooper@itpro.com as well as the serial number, period of validity and the signature algorithm used. Which of the following is NOT true about this certificate?

a) It is only valid as long as the validity period mentioned

b) The subject’s public key can now be used by the general public to decrypt messages

c) It certifies that David Cooper is the subject

d) The signature algorithm mentioned must be used to decrypt the public key

Explanation: All of the above statements regarding this particular certificate are true except for the claim that it certifies the subject David Cooper. This is not true because the certificate just certifies the email address david.cooper@itpro.com and not the actual user David Cooper. Technically, this email could belong to John Doe since the certificate does not explicitly certify that fact.


8. Which of the following is a MORE serious concern for biometric authentication systems?

a) False positives

b) False negatives

c) True positive

d) True negative

Explanation: False positives in biometric authentication system are a far greater concern than the others. A false positive means that the system has (wrongly) authenticated an individual as being someone else and this can lead to a compromise of the security of the system. False negatives may cause some delay as an authentic individual is wrongly rejected by the system, but it is not as serious as a false positive. True positives and negatives are desired traits of a system.


9. An organization wants to test a software but does not have access to its source code. Which of the following is NOT a valid type of testing?

a) DAST

b) Blackbox

c) Fuzzing

d) SAST

Explanation: All of the above can be used since they do not require the source code, except for SAST. SAST (Static Application Security Testing) involves testing the application without running it, by performing a static analysis of the source code to identify vulnerabilities. DAST identifies vulnerableness in an application by executing it and providing malicious input. Fuzzing is a testing technique in which different variations of the input are tried to identify weaknesses.


10. Demonstrating to someone that you know the password to a lock without sharing it with that person is an example of?

a) Split-knowledge

b) Zero-knowledge proof

c) Work function

d) Secure proofing

Explanation: A Zero-knowledge proof involves proving to someone that you know a passcode without actually revealing it. Split knowledge is a concept in which a passcode is split among multiple people such that all of them need to work together to authenticate. Work function is a measure of the amount of work required to break a cipher. Secure proofing is not a valid concept.

Who this course is for:

  • Cyber Security Professionals

Instructor

Logix Academy
IT Training and Certifications
Logix Academy
  • 4.6 Instructor Rating
  • 1,279 Reviews
  • 23,913 Students
  • 2 Courses

We are an established IT Trainings and Certifications startup with a dedicated team of PhDs and industry experts. Our instructors have decades of experience working as leading industry experts in Cyber Security and all of them hold CISSP and AWS certifications. We have helped hundreds of students launch their careers successfully in Cybersecurity.

Top companies choose Udemy Business to build in-demand career skills.
NasdaqVolkswagenBoxNetAppEventbrite
  • Udemy Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Investors
  • Impressum Kontakt
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Accessibility statement
Udemy
© 2022 Udemy, Inc.