Certified Information Systems Security Professional (CISSP) Quiz Questions and Answers

Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?

Answer :
  • Whitelist input validation

Which of the following is the MOST effective countermeasure against data remanence?

Answer :
  •  Destruction

How does an organization verify that an information system's current hardware and software match the standard system configuration?

Answer :
  • By comparing the actual configuration of the system against the baseline

When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?

Answer :
  • Requirements definition phase

Refer to the information below to answer the question. During the investigation of a security incident, it is determined that an unauthorized individual accessed a system which hosts a database containing financial information. If it is discovered that large quantities of information have been copied by the unauthorized individual, what attribute of the data has been compromised?

Answer :
  • Confidentiality

Which of the following actions should be performed when implementing a change to a database schema in a production system?

Answer :
  • Change in development, perform user acceptance testing, develop a back-out strategy, and implement change

A security manager has noticed an inconsistent application of server security controls resulting in vulnerabilities on critical systems. What is the MOST likely cause of this issue?

Answer :
  • A lack of baseline standards

Which of the following is the FIRST step of a penetration test plan?

Answer :
  • Obtaining the approval of the company's management

A network scan found 50% of the systems with one or more critical vulnerabilities. Which of the following represents the BEST action?

Answer :
  • Assess vulnerability risk and business impact.

Regarding asset security and appropriate retention, which of the following INITIAL top three areas are important to focus on?

Answer :
  • Security control baselines, access controls, employee awareness and training