Home > CISSP > Quizzes > CISSP Practice Exam 2
CISSP Practice Exam 2
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 39% Most missed: “Carla, a security technician, has installed a fingerprint scanner to authenticat…”

Contains practice exam questions from all eight adomains and are weighted for the real Certified Information Systems Security Professional (CISSP) exam as follows:    
15% from Security and Risk Management    
10% from Asset Security    
13% from Security Architecture and Engineering    
13% from Communication and Network Security    
13% from Identity and Access Management (IAM)    
12% from Security Assessment and Testing    
13% from Security Operations    
11% from Software Development Security    

CISSP Practice Exam 2
Time left 00:00
25 Questions

1. Jerry is an ethical hacker attacking LUANG hospital as authorized by their chief information security officer (CISO). Federal investigators notice the attack and raid Jerry's office and arrest him. Why was he MOST LIKELY arrested?
2. Buffer overflow attacks occur because of poorly written applications. Attackers exploit the vulnerability and can potentially gain access to the entire computer. These attacks occur where?
3. Tanisia has discovered that her employer has been reading her emails. She approaches her boss, and her boss shows her that she signed the reasonable expectation of privacy (REP) agreement. Which steps can Tanisia take next?
4. A type of role-based access control (RBAC) that allows for defining a subset of roles based on a superset role is named which of the following?
5. Complete mediation can be BEST described by which of the following approaches to security?
6. A key difference between a penetration test and a vulnerability scan would be which of the following?
7. Which of the following describes an infrastructure of using asymmetric keys and certificates for mutual verification?
8. Which of the following backup types make for the fewest number of tapes to restore after making several years of backups?
9. Aliyah, a software developer, is creating a chess-playing game. To make her job easier, she acquires a library of chess pieces recommended to her by a newsgroup. A week later, an overseas hacker is detected on her computer. What MOST LIKELY happened?
10. Nadia is a systems administrator given privileges above standard users, such as the ability to add and remove networks and printers. Senior systems administrators can also add and remove hard drives, which Nadia is not allowed to do. Which model does this BEST represent?
11. Identity management systems maintain user authentication information and include which of the following?
12. Which of the following predicts how long an electromechanical system will run until it fails and can be repaired?
13. Robert, a software technician, develops an application in the C language allowing users to enter their home and business addresses. Which of the following is his primary concern?
14. Maria, a security technician, is testing methods to defeat the firewall. Which method does she find MOST effective?
15. Marcus has purchased laptops for his staff for US Dollars (USD) $4,000 each. Insurance will cover 50% if they are lost, stolen, or damaged. In an average year, five laptops are lost, stolen, or damaged. Calculate the annualized loss expectancy (ALE).
16. Karlton, a network technician, installs a firewall and opens ports 80 and 443. He can reach the website, but testing the Secure Shell (SSH) service from the Wide Area Network (WAN) results in access being denied. What MOST LIKELY caused this issue?
17. A digital signature must have which of the following attributes?
18. Nifta just completed a risk assessment with his team and they determined that the new planned office location was too dangerous, so they decided not to build there. Which risk response did they use?
19. From the following list, which is NOT a requirement of the PCI-DSS?
20. Compilation and derivation of data from databases is called?
21. Jaquan is a security manager creating a corporate security document that states laptops must maintain the latest patches, use ClamAV malware detection software, LibreOffice suite, and Thunderbird email client. This document BEST fits which category?
22. What is an organization's largest security risk in using open source applications?
23. Fake video cameras are a type of which security control?
24. Diskless computers with memory and fast central processing units (CPUs), networked to obtain their operating system and data from a centralized server, are called?
25. Kilroy has just learned about hacking and attempts to hack into his school website to change his grades. This puts him in which class of hackers?