CISSP 2024 Beginner Quiz - Free Practice Quiz

Question 1 of 60

In the CISSP 2024 Common Body of Knowledge, which of the following BEST describes the concept of 'due diligence'?

A Implementing security controls after an incident occurs B Investigating and understanding risks before making security decisions C Delegating all security responsibilities to a managed service provider D Purchasing cyber-insurance to transfer financial risk

1 / 60

Question 2 of 60

According to the CISSP 2024 CBK, which access control model enforces access based on sensitivity labels assigned to subjects and objects?

A Discretionary Access Control (DAC) B Mandatory Access Control (MAC) C Role-Based Access Control (RBAC) D Attribute-Based Access Control (ABAC)

2 / 60

Question 3 of 60

Which CISSP 2024 CBK domain addresses the processes used to protect the confidentiality, integrity, and availability of data throughout its entire lifecycle?

A Security and Risk Management B Asset Security C Security Architecture and Engineering D Identity and Access Management

3 / 60

Question 4 of 60

A security administrator wants to ensure that a terminated employee can no longer access any corporate systems. Which principle does immediately revoking all access rights BEST reflect?

A Separation of duties B Least privilege C Accountability D Need to know

4 / 60

Question 5 of 60

In the context of the CISSP 2024 CBK, which cryptographic goal is PRIMARILY addressed by a digital signature?

A Confidentiality B Non-repudiation C Availability D Key exchange

5 / 60

Question 6 of 60

Which of the following BEST describes a 'warm site' disaster recovery strategy as defined in the CISSP 2024 CBK?

A A fully operational duplicate facility with real-time data replication B A partially equipped facility that can be made operational within hours to days C An empty building with power and connectivity but no equipment D A cloud-based recovery environment with automated failover

6 / 60

Question 7 of 60

According to the CISSP 2024 CBK, which layer of the OSI model is responsible for end-to-end error detection and flow control?

A Network layer B Transport layer C Data Link layer D Session layer

7 / 60

Question 8 of 60

Which CISSP 2024 CBK concept states that no single individual should have sufficient access to commit fraud or make critical errors without detection?

A Least privilege B Separation of duties C Need to know D Job rotation

8 / 60

Question 9 of 60

A penetration tester receives the target's IP ranges and network diagrams before beginning testing. Which type of penetration test does this describe?

A Black-box testing B Gray-box testing C White-box testing D Red team exercise

9 / 60

Question 10 of 60

In CISSP 2024 CBK studies, which security model enforces integrity using the rules "no read down, no write up" â€” preventing a subject from reading objects at lower integrity levels or writing to objects at higher integrity levels?

A Clark-Wilson model B Biba integrity model C Bell-LaPadula confidentiality model D Brewer-Nash model

10 / 60

Question 11 of 60

In the CISSP 2024 CBK, which phase of the incident response process involves identifying the root cause and applying a permanent fix?

A Detection and Analysis B Eradication and Recovery C Containment D Post-Incident Activity

11 / 60

Question 12 of 60

Which type of malware is specifically designed to remain dormant until a predefined condition is met, then executes a harmful payload?

A Trojan horse B Logic bomb C Worm D Rootkit

12 / 60

Question 13 of 60

According to the CISSP 2024 CBK, which document formally authorizes a project or system and assigns the project manager authority over organizational resources?

A System Security Plan (SSP) B Project charter C Memorandum of Understanding (MOU) D Statement of Work (SOW)

13 / 60

Question 14 of 60

Which cryptographic algorithm is classified as a symmetric block cipher and was adopted as the U.S. federal standard in 2001?

A RSA B AES (Advanced Encryption Standard) C Diffie-Hellman D SHA-256

14 / 60

Question 15 of 60

In physical security, which control relies on building design features â€” such as parking lot placement and bollards â€” to deter or deflect attacks?

A Technical controls B Crime Prevention Through Environmental Design (CPTED) C Administrative controls D Compensating controls

15 / 60

Question 16 of 60

Which CISSP 2024 CBK domain specifically covers software development security, including secure coding practices and DevSecOps?

A Security Operations B Security Assessment and Testing C Software Development Security D Identity and Access Management

16 / 60

Question 17 of 60

A firewall rule permits all outbound traffic on port 443 but blocks inbound connections not part of an established session. Which firewall type BEST describes this behavior?

A Packet-filtering firewall B Application-layer firewall C Stateful inspection firewall D Next-generation firewall (NGFW)

17 / 60

Question 18 of 60

According to the CISSP 2024 CBK, which risk treatment option involves shifting the financial consequences of a risk to a third party?

A Risk avoidance B Risk reduction C Risk transfer D Risk acceptance

18 / 60

Question 19 of 60

Which standard provides a framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS)?

A PCI DSS B NIST SP 800-53 C ISO/IEC 27001 D COBIT 2019

19 / 60

Question 20 of 60

In the context of the CISSP 2024 CBK, which concept describes granting users ONLY the permissions required to perform their specific job functions?

A Separation of duties B Need to know C Least privilege D Defense in depth

20 / 60

Question 21 of 60

Which hashing algorithm produces a 256-bit output and is recommended by NIST for digital signatures and data integrity verification?

A MD5 B SHA-1 C SHA-256 D RIPEMD-128

21 / 60

Question 22 of 60

A company stores customer credit card data. Under PCI DSS, what is the MINIMUM encryption standard required for cardholder data stored at rest?

A DES with 56-bit keys B 3DES with 112-bit effective key length C AES-128 or stronger D RC4 with 128-bit keys

22 / 60

Question 23 of 60

Which physical access control mechanism uses two interlocking doors so that the first door must close before the second opens, preventing tailgating?

A Faraday cage B Turnstile C Mantrap (airlock) D Motion sensor

23 / 60

Question 24 of 60

According to the CISSP 2024 CBK, which type of business impact analysis (BIA) metric defines the maximum tolerable period of disruption before an organization suffers unacceptable consequences?

A Recovery Point Objective (RPO) B Mean Time to Repair (MTTR) C Maximum Tolerable Downtime (MTD) D Recovery Time Objective (RTO)

24 / 60

Question 25 of 60

Which network attack intercepts communication between two parties without their knowledge, allowing the attacker to read or alter the exchanged data?

A Replay attack B SQL injection C Man-in-the-middle (MitM) attack D Buffer overflow

25 / 60

Question 26 of 60

In software development, which practice involves continuously integrating code changes into a shared repository and running automated tests with each commit?

A Waterfall development B Agile sprint planning C Continuous Integration (CI) D Capability Maturity Model Integration (CMMI)

26 / 60

Question 27 of 60

Which security concept requires that audit logs record sufficient detail to reconstruct events and attribute actions to specific individuals?

A Availability B Confidentiality C Accountability D Integrity

27 / 60

Question 28 of 60

A security engineer reviews a certificate presented by a web server. Which field in the X.509 certificate identifies the entity that issued and signed the certificate?

A Subject B Serial Number C Issuer D Subject Alternative Name (SAN)

28 / 60

Question 29 of 60

Which type of vulnerability assessment technique executes code in a controlled environment to observe its behavior without accessing the source code?

A Static analysis B White-box testing C Dynamic analysis D Code review

29 / 60

Question 30 of 60

According to CISSP 2024 CBK Domain 1, which governance document defines the high-level security objectives and management's commitment to information security?

A Security procedure B Security standard C Security policy D Security guideline

30 / 60

Question 31 of 60

Which cloud deployment model provides cloud services exclusively to a single organization, either managed internally or by a third party?

A Private cloud B Public cloud C Community cloud D Hybrid cloud

31 / 60

Question 32 of 60

In the CISSP 2024 CBK, which security principle ensures that information is protected from unauthorized disclosure?

A Confidentiality B Availability C Accountability D Integrity

32 / 60

Question 33 of 60

Which type of attack attempts to overwhelm a target system with traffic from a single source, rendering it unavailable to legitimate users?

A Denial of Service (DoS) attack B Distributed Denial of Service (DDoS) attack C Smurf attack D Ping of Death

33 / 60

Question 34 of 60

In information security, which term describes the combination of the likelihood that a threat will exploit a specific vulnerability AND the magnitude of the resulting harm to the organization?

A Risk B Vulnerability C Threat D Impact

34 / 60

Question 35 of 60

Which security testing methodology involves examining source code or binaries without executing the program?

A Static application security testing (SAST) B Dynamic application security testing (DAST) C Penetration testing D Fuzzing

35 / 60

Question 36 of 60

A security team discovers that an attacker gained access using stolen credentials that were obtained from a phishing email. Which attack vector does this PRIMARILY represent?

A Social engineering B SQL injection C Zero-day exploit D Malware injection

36 / 60

Question 37 of 60

Which type of intrusion detection system (IDS) detects attacks by comparing activity against a database of known attack signatures?

A Signature-based IDS B Anomaly-based IDS C Heuristic IDS D Behavioral IDS

37 / 60

Question 38 of 60

According to the CISSP 2024 CBK, which key management concept refers to the secure storage of cryptographic key material by a trusted third party?

A Key escrow B Key derivation C Key wrapping D Key stretching

38 / 60

Question 39 of 60

Which network device operates at Layer 3 of the OSI model and makes forwarding decisions based on IP addresses?

A Router B Switch C Hub D Bridge

39 / 60

Question 40 of 60

Which privacy regulation enacted in the European Union requires explicit consent for processing personal data and grants individuals the 'right to be forgotten'?

A GDPR (General Data Protection Regulation) B PCI DSS C SOX (Sarbanes-Oxley Act) D HIPAA

40 / 60

Question 41 of 60

Which concept in the CISSP 2024 CBK describes the overall classification of information that a subject can access, determined by background investigation and formal approval?

A Clearance B Sensitivity label C Data classification D Need to know

41 / 60

Question 42 of 60

A security architect recommends deploying multiple overlapping security controls so that the failure of one does not compromise overall security. Which principle does this represent?

A Defense in depth B Fail secure C Least privilege D Separation of duties

42 / 60

Question 43 of 60

Which cryptographic protocol provides secure communication over the internet by establishing an encrypted channel through a handshake process?

A TLS (Transport Layer Security) B IPsec C SSH D HTTPS

43 / 60

Question 44 of 60

According to the CISSP 2024 CBK, which type of software testing involves checking that a system meets its specified business requirements?

A Acceptance testing B Integration testing C Regression testing D Unit testing

44 / 60

Question 45 of 60

Which authentication factor category does a hardware token generating one-time passwords (OTPs) belong to?

A Something you have B Something you know C Something you are D Somewhere you are

45 / 60

Question 46 of 60

In the context of the CISSP 2024 CBK, which document establishes the rules of engagement, scope, and authorized activities for a security assessment?

A Non-Disclosure Agreement (NDA) B Service Level Agreement (SLA) C Business Associate Agreement (BAA) D Rules of Engagement (RoE) / Authorization to Test

46 / 60

Question 47 of 60

Which CISSP 2024 CBK domain focuses on the security considerations of network architecture, including protocols, components, and secure communication channels?

A Security Architecture and Engineering B Security and Risk Management C Asset Security D Communication and Network Security

47 / 60

Question 48 of 60

According to the CISSP 2024 CBK, which type of backup copies only the files that have changed since the LAST full or incremental backup?

A Full backup B Differential backup C Archive backup D Incremental backup

48 / 60

Question 49 of 60

Which federal law in the United States requires healthcare organizations to protect the privacy and security of individually identifiable health information?

A Gramm-Leach-Bliley Act (GLBA) B Children's Online Privacy Protection Act (COPPA) C Sarbanes-Oxley Act (SOX) D Health Insurance Portability and Accountability Act (HIPAA)

49 / 60

Question 50 of 60

Which security model enforces integrity by defining authorized transaction types between subjects and objects, ensuring that data is only modified through well-defined mechanisms?

A Biba model B Bell-LaPadula model C Brewer-Nash (Chinese Wall) model D Clark-Wilson model

50 / 60

Question 51 of 60

In a public key infrastructure (PKI), which component is responsible for verifying the identity of certificate applicants and approving or rejecting certificate requests?

A Online Certificate Status Protocol (OCSP) B Certificate Repository C Certificate Revocation List (CRL) D Registration Authority (RA)

51 / 60

Question 52 of 60

Which type of malware disguises itself as legitimate software but contains hidden malicious functionality that executes when the user runs the program?

A Worm B Ransomware C Spyware D Trojan horse

52 / 60

Question 53 of 60

A database administrator enables logging of all queries executed against a sensitive database. Which security control objective does this PRIMARILY fulfill?

A Deterrence B Recovery C Prevention D Detective

53 / 60

Question 54 of 60

According to the CISSP 2024 CBK, what is the PRIMARY purpose of a security awareness training program?

A To fulfill regulatory compliance requirements B To test employees with phishing simulations C To replace technical security controls D To reduce human risk by educating employees on security threats and behaviors

54 / 60

Question 55 of 60

Which VPN protocol operates at Layer 3 and is commonly used to secure site-to-site connections between corporate networks?

A PPTP B SSL/TLS VPN C L2TP D IPsec

55 / 60

Question 56 of 60

Which risk assessment approach uses numerical values to quantify asset value, threat probability, and exposure factor to calculate Annualized Loss Expectancy (ALE)?

A Qualitative risk assessment B Delphi method C Facilitated risk assessment D Quantitative risk assessment

56 / 60

Question 57 of 60

Which wireless security protocol replaced WPA2 in 2018 and introduced Simultaneous Authentication of Equals (SAE) to protect against offline dictionary attacks?

A WEP B WPA2-Enterprise C WPA D WPA3

57 / 60

Question 58 of 60

In the CISSP 2024 CBK, which term describes the practice of requiring a user to present two or more authentication factors from different categories?

A Single Sign-On (SSO) B Biometric authentication C Federated identity management D Multi-Factor Authentication (MFA)

58 / 60

Question 59 of 60

Which security operations process involves monitoring, analyzing, and responding to security events using a centralized platform that correlates log data from multiple sources?

A Security Orchestration, Automation and Response (SOAR) B Intrusion Prevention System (IPS) C Data Loss Prevention (DLP) D Security Information and Event Management (SIEM)

59 / 60

Question 60 of 60

Which concept in the CISSP 2024 CBK describes the documented chain of possession of evidence from collection through presentation in court?

A Evidence admissibility B Legal hold C Forensic imaging D Chain of custody

60 / 60