cissp practice questions Practice Exam: Test Your Knowledge 2025

A financial institution is developing a comprehensive security program and needs to establish the acceptable level of risk the organization is willing to accept. Which of the following BEST describes this concept?

During a security incident investigation, the security team needs to ensure evidence will be admissible in court. Which principle requires that evidence be collected and handled in a way that proves it has not been altered?

An organization has implemented multiple security controls including firewalls, intrusion detection systems, and antivirus software. After implementation, some risk still remains. What is this remaining risk called?

A healthcare organization must ensure that patient data is properly destroyed when storage media is decommissioned. The organization wants complete assurance that data cannot be recovered. Which method provides the HIGHEST level of assurance?

A company is implementing a data classification program. Which of the following should be primarily responsible for classifying data assets?

An organization is designing a secure network architecture and wants to implement defense in depth. A database server containing sensitive customer information needs multiple layers of protection. Which architecture BEST implements this principle?

A security architect is evaluating cryptographic solutions for protecting data in transit between a mobile application and backend servers. The solution must provide perfect forward secrecy. What does this property ensure?

An organization is implementing a secure boot process for its servers. Which security model component verifies that each component in the boot process is cryptographically signed before execution?

A company's network spans multiple countries and requires secure communications between sites. An attacker has intercepted encrypted traffic and is attempting to replay captured authentication packets to gain unauthorized access. Which security mechanism would BEST prevent this attack?

A security team is investigating unusual network traffic patterns. They observe that internal hosts are making DNS queries to domains that were recently registered and have very short time-to-live (TTL) values. What type of attack is MOST likely occurring?

An organization wants to segment its network to limit the blast radius of potential security breaches. Which approach provides the MOST granular control over traffic between segments?

A company implements multi-factor authentication requiring employees to use something they know and something they have. An employee uses a password and receives a one-time code via SMS. Later, the company experiences account compromises. What is the PRIMARY weakness of this implementation?

An organization implements role-based access control (RBAC) for its enterprise applications. Users are assigned roles based on job functions, and permissions are granted to roles rather than individuals. What is the PRIMARY advantage of this approach over discretionary access control (DAC)?

A cloud-based SaaS application needs to allow users from multiple organizations to authenticate using their existing corporate credentials. Which technology would BEST support this requirement while maintaining security boundaries between organizations?

During a security assessment, penetration testers are given full knowledge of the network architecture, credentials, and source code. What type of testing methodology is being performed?

A security team needs to validate that security controls are operating effectively across the enterprise. They want to use automated tools to continuously verify configurations against security baselines. Which approach BEST describes this activity?

A security operations center detects that a server is communicating with a known command-and-control server. The incident response team needs to contain the threat while preserving evidence. What should be the FIRST containment action?

An organization operates a 24/7 critical infrastructure facility and needs to ensure backup power systems are functional. Which type of testing involves actually switching to backup power to verify functionality?

A company's security operations team uses Security Information and Event Management (SIEM) for monitoring. They are experiencing alert fatigue due to high volumes of false positives. What is the BEST approach to address this issue?

A development team is implementing input validation for a web application. Which approach provides the MOST secure protection against injection attacks?