Decoy system designed to attract attackers

Fraudulent attempt to steal information

CISSP Certification MCQ Multiple Choice Questions - Page 2 for Practice

Q: 31. What is defense in depth?

Correct Answer is: Multiple layers of security controls

Q: 32. What is a compensating control?

Correct Answer is: Alternative control providing similar protection

Q: 35. What is the purpose of a Business Impact Analysis (BIA)?

Correct Answer is: Identify business disruption impacts

Q: 36. What does RTO stand for?

Correct Answer is: Recovery Time Objective

Q: 37. What does RPO stand for?

Correct Answer is: Recovery Point Objective

Q: 38. Which plan focuses on restoring IT systems after disruption?

Correct Answer is: Disaster Recovery Plan

Q: 39. What is the purpose of incident response?

Correct Answer is: Detect, respond to, and recover from incidents

Q: 40. Which incident response phase comes first?

Correct Answer is: Detection and Analysis

Q: 41. What is a honeypot?

Correct Answer is: Decoy system designed to attract attackers

Q: 42. What is a vulnerability assessment?

Correct Answer is: Identifying security weaknesses

CISSP Certification MCQ Questions for Practice

31. What is defense in depth?

Single security control
Multiple layers of security controls
No security controls
Outsourcing security

32. What is a compensating control?

Alternative control providing similar protection
Backup control
Corrective control
Administrative control

33. Which type of control detects incidents?

Preventive
Detective
Corrective
Directive

34. Which type of control restores systems after an incident?

Preventive
Directive
Corrective
Detective

35. What is the purpose of a Business Impact Analysis (BIA)?

Identify business disruption impacts
Encrypt data
Audit vendors
Configure firewalls

36. What does RTO stand for?

Recovery Time Objective
Recovery Transfer Objective
Response Time Objective
Resource Time Objective

37. What does RPO stand for?

Recovery Point Objective
Resource Planning Objective
Recovery Process Objective
Risk Point Objective

38. Which plan focuses on restoring IT systems after disruption?

Security Policy
Business Continuity Plan
Disaster Recovery Plan
Audit Plan

39. What is the purpose of incident response?

Prevent all incidents
Detect, respond to, and recover from incidents
Develop software
Conduct audits

40. Which incident response phase comes first?

Recovery
Containment
Detection and Analysis
Lessons Learned

41. What is a honeypot?

Backup server
Decoy system designed to attract attackers
Firewall
IDS sensor

42. What is a vulnerability assessment?

Exploiting systems
Identifying security weaknesses
Encrypting data
Monitoring users

43. What is penetration testing?

Authorized attack simulation
Malware deployment
Security training
Backup testing

44. Which protocol is commonly used for secure web communication?

HTTP
HTTPS
FTP
Telnet

45. What is a digital certificate used for?

Data compression
Identity verification and encryption support
Monitoring traffic
Network routing

46. What is the purpose of a Public Key Infrastructure (PKI)?

Manage digital certificates and keys
Store backups
Monitor networks
Analyze logs

47. Which attack attempts to overwhelm systems with traffic?

SQL Injection
Phishing
DDoS
XSS

48. What is phishing?

Network scanning
Fraudulent attempt to steal information
Encryption process
Backup procedure

49. What is social engineering?

Exploiting human behavior for unauthorized access
Firewall configuration
Data encryption
Network monitoring

50. What is the purpose of security awareness training?

Train users to recognize and respond to threats
Install software
Audit systems
Configure routers

51. Which CISSP domain covers identity and access management?

IAM
Security Assessment and Testing
Security Operations
Security Engineering

52. What is the primary goal of access control?

Provide unrestricted access
Ensure only authorized access
Improve bandwidth
Reduce storage

53. What is the purpose of logging and monitoring?

Increase storage
Provide accountability and detect incidents
Compress files
Improve performance

54. Which CISSP domain focuses on auditing and testing controls?

Security Assessment and Testing
Security Operations
Asset Security
Network Security

55. What is a security baseline?

Minimum level of security required
Backup schedule
Firewall log
Risk report

56. Which network device filters traffic based on rules?

Router
Firewall
Switch
Hub

57. What is the purpose of change management?

Control modifications to systems and processes
Increase staffing
Reduce audits
Improve marketing

58. Which CISSP domain covers secure software development practices?

Software Development Security
Security Operations
Asset Security
Governance

59. What is the ultimate goal of security governance?

Eliminate all risks
Align security with business objectives
Increase IT budgets
Reduce staffing

60. What is the primary role of a CISSP professional?

Manage only firewalls
Design, implement, and manage enterprise security programs
Develop mobile apps
Perform accounting audits