CISSP Exam Details

  • Exam Code
    :CISSP
  • Exam Name
    :Certified Information Systems Security Professional (CISSP)
  • Certification
    :ISC Certifications
  • Vendor
    :ISC
  • Total Questions
    :1703 Q&As
  • Last Updated
    :Jul 08, 2026

ISC CISSP Online Questions & Answers

  • Question 21:

    What Is the FIRST step in establishing an information security program?

    A. Establish an information security policy.
    B. Identify factors affecting information security.
    C. Establish baseline security controls.
    D. Identify critical security infrastructure.

  • Question 22:

    Which of the following is the BEST way to protect against structured Query language (SQL) injection?

    A. Enforce boundary checking.
    B. Restrict use of SELECT command.
    C. Restrict Hyper Text Markup Language (HTNL) source code access.
    D. Use stored procedures.

  • Question 23:

    What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?

    A. Integrity
    B. Confidentiality
    C. Accountability
    D. Availability

  • Question 24:

    Which of the following would an internal technical security audit BEST validate?

    A. Whether managerial controls are in place
    B. Support for security programs by executive management
    C. Appropriate third-party system hardening
    D. Implementation of changes to a system

  • Question 25:

    A company is moving from the V model to Agile development. How can the information security department BEST ensure that secure design principles are implemented in the new methodology?

    A. All developers receive a mandatory targeted information security training.
    B. The non-financial information security requirements remain mandatory for the new model.
    C. The information security department performs an information security assessment after each sprint.
    D. Information security requirements are captured in mandatory user stories.

  • Question 26:

    What are the first two components of logical access control?

    A. Confidentiality and authentication
    B. Authentication and identification
    C. Identification and confidentiality
    D. Authentication and availability

  • Question 27:

    Which of the following is the PRIMARY issue when collecting detailed log information?

    A. Logs may be unavailable when required
    B. Timely review of the data is potentially difficult
    C. Most systems and applications do not support logging
    D. Logs do not provide sufficient details of system and individual activities

  • Question 28:

    Which item below is a federated identity standard?

    A. 802.11i
    B. Kerberos
    C. Lightweight Directory Access Protocol (LDAP)
    D. Security Assertion Markup Language (SAML)

  • Question 29:

    Which layer of the Open systems Interconnection (OSI) model is being targeted in the event of a Synchronization (SYN) flood attack?

    A. Session
    B. Transport
    C. Network
    D. Presentation

  • Question 30:

    Two remote offices need to be connected securely over an untrustworthy MAN. Each office needs to access network shares at the other site. Which of the following will BEST provide this functionality?

    A. Client-to-site VPN
    B. Third-party VPN service
    C. Site-to-site VPN
    D. Split-tunnel VPN

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only ISC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CISSP exam preparations and ISC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.