• Home
  • Articles
  • Pass CISSP Brain Dump Updated Certification Sample Questions [Q215-Q232]

Pass CISSP Brain Dump Updated Certification Sample Questions [Q215-Q232]

Share

Pass CISSP Brain Dump Updated Certification Sample Questions

Online CISSP Test Brain Dump Question and Test Engine

NEW QUESTION # 215
Which of the following types of business continuity tests includes assessment of resilience to internal and external risks without endangering live operations?

  • A. Walkthrough
  • B. Simulation
  • C. White box
  • D. Parallel

Answer: B

Explanation:
Explanation/Reference:
Reference: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/ file/61029/Chapter-6-Business-Continuity-Management_amends_04042012.pdf


NEW QUESTION # 216
The following compilation represents what facet of cryptanalysis? A 8.2 B 1.5 C 2.8 D 4.3 E 12.7 F 2.2 G 2.0 H 6.1
I 7.0 J 0.2 K 0.8 L 4.0 M 2.4 N 6.7 O 7.5 P 1.9 Q 0.1 R 6.0 S 6.3 T 9.1 U 2.8 V 1.0 W 2.4 X 0.2 Y 2.0 Z 0.1

  • A. Period analysis
  • B. Cartouche analysis
  • C. Cilly analysis
  • D. Frequency analysis

Answer: D

Explanation:
The compilation is from a study by h. Becker and f. Piper that was originally published in Cipher Systems: The Protection of Communication. The listing shows the relative frequency in percent of the appearance of the letters of the English alphabet in large numbers of passages taken from newspapers and novels. Thus, in a substitution cipher, an analysis of the frequency of appearance of certain letters may give clues to the actual letter before transformation. Note that the letters E, A, and T have relatively high percentages of appearance in English text. *Answer "Period analysis" refers to a cryptanalysis that is looking for sequences that repeat themselves and for the spacing between repetitions. This approach is used to break the Vigen?re cipher.
*Answer "Cilly analysis" is a reference to a cilly, which was a three-character message key used in the German Enigma machine.
*In answer "Cartouche analysis", a cartouche is a set of hieroglyphs surrounded by a loop. A cartouche referring to King Ptolemy was found on the Rosetta Stone.


NEW QUESTION # 217
What is the MOST common component of a vulnerability management framework?

  • A. Risk analysis
  • B. Patch management
  • C. Threat analysis
  • D. Backup management

Answer: B

Explanation:
https://www.helpnetsecurity.com/2016/10/11/effective-vulnerability-management-process/


NEW QUESTION # 218
Which of the following BEST avoids data remanence disclosure for cloud hosted resources?

  • A. Software based encryption with two factor authentication.
  • B. Hardware based encryption on dedicated physical servers.
  • C. Strong encryption and deletion of the keys after data is deleted.
  • D. Strong encryption and deletion of the virtual host after data is deleted.

Answer: C


NEW QUESTION # 219
Which of the following activities BEST identifies operational problems, security misconfigurations, and malicious attacks?

  • A. Authentication validation
  • B. Interface testing
  • C. Periodic log reviews
  • D. Policy documentation review

Answer: C


NEW QUESTION # 220
Which of the following statements BEST describes least privilege principle in a cloud environment?

  • A. Internet traffic is inspected for all incoming and outgoing packets.
  • B. Network segments remain private if unneeded to access the internet.
  • C. Routing configurations are regularly updated with the latest routes.
  • D. A single cloud administrator is configured to access core functions.

Answer: A


NEW QUESTION # 221
Which of the following is TRUE for an organization that is using a third-party federated identity service?

  • A. The organization enforces the rules to other organization's user provisioning
  • B. The organization defines internal standard for overall user identification
  • C. The organization specifies alone how to authenticate other organization's users
  • D. The organization establishes a trust relationship with the other organizations

Answer: B


NEW QUESTION # 222
An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?

  • A. Perform a compliance review
  • B. Perform a penetration test
  • C. Survey the technical staff
  • D. Train the technical staff

Answer: B


NEW QUESTION # 223
Covert channel analysis is required for

  • A. Systems that use exposed communication links.
  • B. Systems processing Top Secret or classified information.
  • C. A system that can be monitored in a supervisor state.
  • D. A Trusted Computer Base with a level of trust B2 or above.

Answer: D

Explanation:
Table 6.6 Standards Comparison B2 Structured Protection (covert channel, device labels, subject sensitivity labels, trusted path, trusted facility management, configuration management) F4+E4 EAL5 - Roberta Bragg CISSP Certification Training Guide (que) pg 370


NEW QUESTION # 224
Which of the following can be used as a covert channel?

  • A. Storage and timing.
  • B. Storage and classification.
  • C. Storage and permissions.
  • D. Storage and low bits.

Answer: A

Explanation:
The Orange book requires protection against two types of covert channels,
Timing and Storage.
The following answers are incorrect:
Storage and low bits. Is incorrect because, low bits would not be considered a covert channel.
Storage and permissions. Is incorrect because, permissions would not be considered a covert channel.
Storage and classification. Is incorrect because, classification would not be considered a covert channel.


NEW QUESTION # 225
Why would anomaly detection IDSs often generate a large number of false positives?

  • A. Because they are application-based are more subject to attacks.
  • B. Because normal patterns of user and system behavior can vary wildly.
  • C. Because they can only identify correctly attacks they already know about.
  • D. Because they can't identify abnormal behavior.

Answer: B

Explanation:
Unfortunately, anomaly detectors and the Intrusion Detection Systems (IDS) based on them often produce a large number of false alarms, as normal patterns of user and system behavior can vary wildly. Being only able to identify correctly attacks they already know about is a characteristic of misuse detection (signature-based) IDSs.
Application-based IDSs are a special subset of host-based IDSs that analyze the events transpiring within a software application. They are more vulnerable to attacks than host- based IDSs. Not being able to identify abnormal behavior would not cause false positives, since they are not identified.
Source: DUPUIS, Cl?ment, Access Control Systems and Methodology CISSP Open Study
Guide, version 10, march 2002 (page 92).


NEW QUESTION # 226
A user downloads a file from the Internet, then applies the Secure Hash Algorithm 3 (SHA-3) to it.
Which of the following is the MOST likely reason for doing so?

  • A. It verifies the integrity of the file.
  • B. It checks the file for malware.
  • C. It encrypts the entire file.
  • D. It ensures the entire file downloaded.

Answer: A

Explanation:
Reference: https://blog.logsign.com/how-to-check-the-integrity-of-a-file/


NEW QUESTION # 227
Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing?

  • A. Detective/Technical Pairing
  • B. Preventive/Physical Pairing
  • C. Preventive/Technical Pairing
  • D. Preventive/Administrative Pairing

Answer: C

Explanation:
Preventive/Technical controls are also known as logical controls and can be built into the operating system, be software applications, or can be supplemental hardware/software units.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the
Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 34


NEW QUESTION # 228
Which of the following is an example of discretionary access control?

  • A. Task-based access control
  • B. Identity-based access control
  • C. Role-based access control
  • D. Rule-based access control

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Identity-based access control is a type of DAC system that allows or prevents access based on the identity of the subject.
Incorrect Answers:
B: Task-based access control is a non-discretionary access control model, which is based on the tasks each subject must perform.
C: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned.
D: Rule-based access control makes use of explicit rules that specify what can and cannot happen between a subject and an object, not on their security labels.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228


NEW QUESTION # 229
Superscalar computer architecture is characterized by a:

  • A. Computer using instructions that perform many operations per instruction.
  • B. Processor that enables concurrent execution of multiple instructions in the same pipeline stage.
  • C. Processor that executes one instruction at a time.
  • D. Computer using instructions that are simpler and require less clock cycles to execute.

Answer: B

Explanation:
*Answer "Computer using instructions that perform many operations per instruction" is the definition of a complex instruction set computer.
*Answer "Computer using instructions that are simpler and require less clock cycles to execute" is the definition of a reduced instruction set computer.
*Answer "Processor that executes one instruction at a time" is the definition of a scalar processor.


NEW QUESTION # 230
What type of attacks occurs when a smartcard is operating under normal physical conditions, but sensitive information is gained by examining the bytes going to and from the smartcard?

  • A. Logical attacks.
  • B. Social Engineering attacks.
  • C. Trojan Horse attacks.
  • D. Physical attacks.

Answer: A

Explanation:
Logical attacks occur when a smartcard is operating under normal physical conditions, but sensitive information is gained by examining the bytes going to and from the smartcard. One example is the so-called "timing attack" described by Paul Kocher. In this attack, various byte patterns are sent to the card to be signed by the private key. Information such as the time required to perform the operation and the number of zeroes and ones in the input bytes are used to eventually obtain the private key. There are logical countermeasures to this attack but not all smartcard manufacturers have implemented them. This attack does require that the PIN to the card be known, so that many private key operations can be performed on chosen input bytes.


NEW QUESTION # 231
What is called a sequence of characters that is usually longer than the allotted number for a password?

  • A. passphrase
  • B. anticipated phrase
  • C. cognitive phrase
  • D. Real phrase

Answer: A

Explanation:
A passphrase is a sequence of characters that is usually longer than the allotted number for a password. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, page 37


NEW QUESTION # 232
......

Real ISC CISSP Exam Dumps with Correct 1481 Questions and Answers: https://examtests.passcollection.com/CISSP-valid-vce-dumps.html

Related Articles

more
ISC CISSP Certification Practice Exam

Our website will provide you with latest test questions and the most reliable pass guide to make sure you pass exam smoothly, you just need to remember the key knowledge of exam prep.

Latest Exam Tests

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 PassCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy