Free Practice Questions for ISC CISSP Exam

Security awareness training is the process of educating users on the potential threats and risks they may face online, and the best practices and behaviors they should adopt to protect themselves and the organization2. Security awareness training is the best mitigation from phishing attacks, as it can help users recognize and avoid malicious emails, links, or attachments that may compromise their credentials, data, or devices. Network activity monitoring, corporate policy and procedures, and strong file and directory permissions are also important security measures, but they are not as effective as security awareness training in preventing phishing attacks, as they rely on technical controls rather than human factors. References: 2: CISSP For Dummies, 7th Edition, Chapter 2, page 33.

The next step after completing the organization’s Business Impact Analysis (BIA) is to identify and select recovery strategies. A BIA is a process of analyzing the potential impact and consequences of a disruption or disaster on the organization’s critical business functions and processes. A BIA helps to identify the recovery objectives, priorities, and requirements for the organization. Based on the BIA results, the organization should identify and select the recovery strategies that are suitable and feasible for restoring the critical business functions and processes within the acceptable time frame and cost. The recovery strategies may include technical, operational, organizational, or contractual solutions, such as backup systems, alternate sites, mutual aid agreements, or insurance policies . References: : Business Impact Analysis | Ready.gov : Business Continuity Planning Process Diagram

 Internet Protocol (IP) source address spoofing is used to defeat address-based authentication, which is a method of verifying the identity of a user or a system based on their IP address. IP source address spoofing involves forging the IP header of a packet to make it appear as if it came from a trusted or authorized source, and bypassing the authentication check. IP source address spoofing can be used for various malicious purposes, such as denial-of-service attacks, man-in-the-middle attacks, or session hijacking34. References: 3: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 5, page 5274: CISSP For Dummies, 7th Edition, Chapter 5, page 153.

A SYN flood attack is a type of denial-of-service attack that exploits the TCP three-way handshake process. The attacker sends a large number of SYN packets to the target server, often with spoofed IP addresses, and does not complete the handshake by sending the final ACK packet. This causes the server to allocate resources for half-open connections, which eventually consume all the available ports and prevent legitimate traffic from reaching the server

The most relevant reading material for researching an organization’s legal obligations to protect privacy-related information is the privacy-related regulations enforced by governing bodies applicable to the organization. These regulations define the legal requirements, standards, and penalties for collecting, processing, storing, and disclosing personal or sensitive information of individuals or entities. The organization must comply with these regulations to avoid legal liabilities, fines, or sanctions. The other options are not as relevant as privacy-related regulations, as they either do not reflect the legal obligations of the organization (A and C), or do not apply to all types of privacy-related information (D). References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, page 22; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 1, page 31.

 Passive Infrared Sensors (PIR) are devices that detect motion by sensing the infrared radiation emitted by objects. In a non-climate controlled environment, the background temperature may vary due to weather, seasons, or other factors. This may affect the sensitivity and accuracy of the PIR sensors, as they may not be able to distinguish between the object and the background. Therefore, the PIR sensors should have a feature that automatically adjusts the threshold or baseline of the background temperature to avoid false alarms or missed detections.

A and B are incorrect because they are not feasible or desirable solutions. Reducing or increasing the detected object temperature in relation to the background temperature would require altering the physical properties of the object or the sensor, which may not be possible or practical. Moreover, this may also affect the performance or functionality of the object or the sensor.

D is incorrect because it is not realistic or reliable. Detecting objects of a specific temperature independent of the background temperature would require the PIR sensors to have a very high resolution and precision, which may not be available or affordable. Moreover, this may also limit the range and scope of the PIR sensors, as they may not be able to detect objects that have different temperatures or emit different amounts of infrared radiation.

 Communication is the strategy that involves the presentation of information about the disaster recovery plan to the stakeholders, such as management, employees, customers, vendors, and regulators. Communication ensures that everyone is aware of their roles and responsibilities in the event of a disaster, and that the plan is updated and tested regularly12. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 10, page 10192: CISSP For Dummies, 7th Edition, Chapter 10, page 343.

The first step in building a firewall is to perform a risk analysis to identify the assets and resources that need to be protected, the threats and vulnerabilities that exist, and the potential impact of a security breach. Based on the risk analysis, the firewall design can be tailored to meet the specific security requirements and objectives of the organization

This is the principle of open design, which states that the security of a system or mechanism should rely on the strength of its key or algorithm, rather than on the obscurity of its design or implementation. This principle is based on the assumption that the adversary has full knowledge of the system or mechanism, and that the security should still hold even if that is the case. The other options are not consistent with the principle of open design, as they either imply that the security depends on hiding or protecting the design or implementation (A and B), or that the user’s knowledge or privileges affect the security ©. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 3, page 105; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 3, page 109.

 Hashing files during chain of custody handling ensures integrity, which means that the files have not been altered or tampered with during the collection, preservation, or analysis of digital evidence1. Hashing is a process of applying a mathematical function to a file to generate a unique value, called a hash or a digest, that represents the file’s content. By comparing the hash values of the original and the copied files, the integrity of the files can be verified. Availability, accountability, and non-repudiation are not ensured by hashing files during chain of custody handling, as they are related to different aspects of information security. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 10, page 633.

Separation of duties is a security management control that divides a critical or sensitive task into two or more parts, and assigns them to different individuals or groups. This reduces the risk of fraud, error, or abuse of authority, as no single person or group can perform the entire task without the cooperation or oversight of others. Separation of duties is most often broken by collusion, which is a secret or illegal agreement between two or more parties to bypass the control and achieve a common goal12. References: 1: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1, page 352: CISSP For Dummies, 7th Edition, Chapter 1, page 23.

The least effective process for eliminating data prior to the media being discarded is high-level formatting. High-level formatting is the process of preparing a storage device, such as a hard disk or a flash drive, for data storage by creating a file system and marking the bad sectors. However, high-level formatting does not erase the data that was previously stored on the device. The data can still be recovered using data recovery tools or forensic techniques. To prevent inadvertent disclosure of restricted information, more secure methods of data sanitization should be used, such as multiple-pass overwriting, degaussing, or physical destruction34. References: 3: Delete Sensitive Data before Discarding Your Media94: Best Practices for Media Destruction10

A signed and encrypted e-mail provides confidentiality by preventing unauthorized access to the message content, non-repudiation by verifying the identity and integrity of the sender, and authentication by ensuring that the message is from the claimed source. Authorization is not a benefit of a signed and encrypted e-mail, as it refers to the process of granting or denying access to resources based on predefined rules.

WebSockets is an HTML5 option that presents a security challenge for network data leakage prevention and/or monitoring, as it enables a bidirectional, full-duplex communication channel between a web browser and a server2. WebSockets can bypass the traditional HTTP request-response model and establish a persistent connection that can exchange data in real time. This can pose a risk of data leakage, as the data transmitted over WebSockets may not be inspected or filtered by the network security devices, such as firewalls, proxies, or data loss prevention systems3. Cross Origin Resource Sharing (CORS), Document Object Model (DOM) trees, and Web Interface Definition Language (IDL) are not HTML5 options that present a security challenge for network data leakage prevention and/or monitoring, as they are not related to the communication channel between the web browser and the server. References: 2: CISSP For Dummies, 7th Edition, Chapter 4, page 973: Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 4, page 211.

During an audit of system management, if auditors find that the system administrator has not been trained, the immediate action that needs to be taken to ensure the integrity of systems is a review of all systems by an experienced administrator. This is to verify that the systems are configured, maintained, and secured properly, and that there are no errors, vulnerabilities, or breaches that could compromise the system’s availability, confidentiality, or integrity. A review of hiring policies, departmental procedures, or training procedures are not urgent actions, as they are more related to the long-term improvement of the system management process, rather than the current state of the systems . References: : CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8, page 829. : CISSP For Dummies, 7th Edition, Chapter 8, page 267.