Hard CISSP Practice Questions - Domain Wise (400 Questions)

4 Full Length CISSP Practice Tests with Explanations by CISSP certified PhDs and Industry Professionals

4.15 (88 reviews)
Udemy
platform
English
language
IT Certification
category
instructor
Hard CISSP Practice Questions - Domain Wise (400 Questions)
2,151
students
400 questions
content
Sep 2021
last update
$59.99
regular price

What you will learn

Familiarise yourself with the 8 domains covered in CISSP

Manage your expectations as our tough exams reflect the actual exam quite well

Practice hard, unseen and original questions prepared by CISSP qualified PhDs

Identify your weak areas so that you are in a good position to clear the actual exam

Description

Domain-wise 400 original and unseen practice exam questions that will help you clear the CISSP exam in the first attempt.


  • Designed by a team of CISSP certified PhDs and industry experts

  • Detailed Explanations

  • Distributed Domain Wise

Please note that our exams are designed to be difficult to crack, but that is because we try to match the difficulty and complexity of the actual CISSP exam which has an incredibly low pass rate (and hence the stellar reputation). Please attempt these only if you are ready to attack the actual exam. If you have doubts about the validity/correctness of any of our questions, just ping us and we will provide several references to support the accuracy of our exams.


Please take this course if you understand/appreciate the following sample questions which are a noteworthy indication of the quality of the rest of the course:


Sample Questions (Solution Below):

1. In an organization, the primary purpose of a security procedure is to __________.

a) Guide in decision making with regards to security

b) Train employees and ensure consistency in security related business processes

c) Indicate expected user behaviour

d) Provide recommendations on implementing security processes


2. Which of the following is a possible oversight which can happen with job rotation?

a) Privilege creep

b) Lack of separation of duties

c) Collusion

d) All of the above


3. Which of the following BEST describes exposure?

a) A flaw or weakness of an asset or a safeguard

b) Damage, loss or disclosure of an asset

c) An illegal act

d) A weakness or vulnerability that can cause a security breach


4. A notice placed on the common room wall about the usage conditions of Wi-Fi is a ______ access control?

a) Preventive

b) Corrective

c) Compensating

d) Driective


5. Which of the following is true about private key cryptography?

a) It is scalable

b) It is faster than public key cryptography

c) It offers nonrepudiation

d) Different keys are used for encryption and decryption


6. Which of the following models employs sensitivity labels such as top secret and secret?

a) RBAC

b) DAC

c) MAC

d) Rule Based Access Control


7. A digital certificate endorsed by a CA contains the issuer name, public key of david.cooper@itpro.com as well as the serial number, period of validity and the signature algorithm used. Which of the following is NOT true about this certificate?

a) It is only valid as long as the validity period mentioned

b) The subject’s public key can now be used by the general public to decrypt messages

c) It certifies that David Cooper is the subject

d) The signature algorithm mentioned must be used to decrypt the public key


8. Which of the following is a MORE serious concern for biometric authentication systems?

a) False positives

b) False negatives

c) True positive

d) True negative


9. An organization wants to test a software but does not have access to its source code. Which of the following is NOT a valid type of testing?

a) DAST

b) Blackbox

c) Fuzzing

d) SAST


10. Demonstrating to someone that you know the password to a lock without sharing it with that person is an example of?

a) Split-knowledge

b) Zero-knowledge proof

c) Work function

d) Secure proofing


Solution:

1. In an organization, the primary purpose of a security procedure is to __________.

a) Guide in decision making with regards to security

b) Train employees and ensure consistency in security related business processes

c) Indicate expected user behaviour

d) Provide recommendations on implementing security processes

Explanation: A security procedure trains employees and ensures consistency in security related business processes. It streamlines security related business processes to ensure minimal variations and also offers consistency in the implementation of security controls. Guidance in decision making is provided by policies, and standards are used to indicate expected user behaviour. Recommendations on implementing security processes is part of guidelines which are optional in nature.


2. Which of the following is a possible oversight which can happen with job rotation?

a) Privilege creep

b) Lack of separation of duties

c) Collusion

d) All of the above

Explanation: Privilege creep occurs when an employee accumulates access and privileges across job rotations because their privileges are not periodically reviewed and updated. They accumulate privileges which they don’t even need but still possess. Lack of separation of duties may compromise security but is not related to job rotation. Similarly, collusion can occur regardless of job rotation.


3. Which of the following BEST describes exposure?

a) A flaw or weakness of an asset or a safeguard

b) Damage, loss or disclosure of an asset

c) An illegal act

d) A weakness or vulnerability that can cause a security breach

Explanation: Exposure refers to a weakness or vulnerability that can cause a security breach i.e. the adverse event has not actually occurred, but it is an estimation of the adverse consequences of such an event. A flaw or weakness of the asset or the safeguard is called a vulnerability and if a threat has already been realized then it is called experienced exposure.


4. A notice placed on the common room wall about the usage conditions of Wi-Fi is a ______ access control?

a) Preventive

b) Corrective

c) Compensating

d) Driective

Explanation: This is an example of a directive access control. Directive access control mechanisms aim at directing subjects to a certain behaviour or to limit their actions. Preventive access control refers to prevent the unwanted activity from happening in the first place. Corrective access controls aim to return the system state to normalcy or correct a damaged system after an incident. Compensating access control provide additional security to address weakness in an existing security control.


5. Which of the following is true about private key cryptography?

a) It is scalable

b) It is faster than public key cryptography

c) It offers nonrepudiation

d) Different keys are used for encryption and decryption

Explanation: Private key (or symmetric key) cryptography is significantly fast compared to public key cryptography because of the nature of mathematics involved and because it uses the same algorithm for encryption and decryption. However, it is not scalable as different pairs of users need to generate keys for their communication, leading to a large number of keys. Moreover, it does not offer nonrepudiation since the same key is used by different users for encryption and decryption.


6. Which of the following models employs sensitivity labels such as top secret and secret?

a) RBAC

b) DAC

c) MAC

d) Rule Based Access Control

Explanation: MAC (Mandatory Access Control) implements access controls based on the clearances of subjects and the labels assigned to objects. RBAC (Role-based Access Control) assigns permissions to subjects based on the role that has been assigned to them in the organization. DAC (Discretionary Access Control) is a more flexible model which allows subjects which have ownership over objects to share them with other subjects. Rule based Access Control assigns permissions based on a pre-defined list of rules.


7. A digital certificate endorsed by a CA contains the issuer name, public key of david.cooper@itpro.com as well as the serial number, period of validity and the signature algorithm used. Which of the following is NOT true about this certificate?

a) It is only valid as long as the validity period mentioned

b) The subject’s public key can now be used by the general public to decrypt messages

c) It certifies that David Cooper is the subject

d) The signature algorithm mentioned must be used to decrypt the public key

Explanation: All of the above statements regarding this particular certificate are true except for the claim that it certifies the subject David Cooper. This is not true because the certificate just certifies the email address david.cooper@itpro.com and not the actual user David Cooper. Technically, this email could belong to John Doe since the certificate does not explicitly certify that fact.


8. Which of the following is a MORE serious concern for biometric authentication systems?

a) False positives

b) False negatives

c) True positive

d) True negative

Explanation: False positives in biometric authentication system are a far greater concern than the others. A false positive means that the system has (wrongly) authenticated an individual as being someone else and this can lead to a compromise of the security of the system. False negatives may cause some delay as an authentic individual is wrongly rejected by the system, but it is not as serious as a false positive. True positives and negatives are desired traits of a system.


9. An organization wants to test a software but does not have access to its source code. Which of the following is NOT a valid type of testing?

a) DAST

b) Blackbox

c) Fuzzing

d) SAST

Explanation: All of the above can be used since they do not require the source code, except for SAST. SAST (Static Application Security Testing) involves testing the application without running it, by performing a static analysis of the source code to identify vulnerabilities. DAST identifies vulnerableness in an application by executing it and providing malicious input. Fuzzing is a testing technique in which different variations of the input are tried to identify weaknesses.


10. Demonstrating to someone that you know the password to a lock without sharing it with that person is an example of?

a) Split-knowledge

b) Zero-knowledge proof

c) Work function

d) Secure proofing

Explanation: A Zero-knowledge proof involves proving to someone that you know a passcode without actually revealing it. Split knowledge is a concept in which a passcode is split among multiple people such that all of them need to work together to authenticate. Work function is a measure of the amount of work required to break a cipher. Secure proofing is not a valid concept.

Reviews

Victor
September 30, 2021
I found some questions to be lacking enough context to be able to make a decision. In some cases, questions are contain topics that don't exist in the ISC2 study guide or CBK (2021 versions). There were a few questions that I felt didn't have accurate answers or explanations, but sometimes it has to do with the perspective taken in reading the question. I did find that I occasionally answer questions with flipped logic accidentally on "NOT" questions due to distractions in my home.
Ashok
July 2, 2021
Well. This is a clean and useful course. The practice tests helped much in passing the exam. I cleared the test yesterday. Thank you.
Benjamin
April 27, 2021
The type of question style is good. However it has a failing that the test doesn't in that there is no Acnonym link. There are a few questions I would have gotten right but being able to hover the acronym to jog my memory since on the test you do not need that. I've taken the test once before but did not pass. 100% acronym memorization would be impossible.
Blokey
April 12, 2021
Some good questions but there are some wrong answers here. E.g "SSAE (Standards for Attestation Engagements) SOC1 type II report attests the controls at an organization over a period of time as opposed to SOC1 type I report, which attests these controls for the organization at a given point in time." This should be SOC2 Type II. SOC1 i believe is for financial reporting not security controls.
Dan
March 23, 2021
Couple typos in the questions, take a look at the DLP question. Also, the explanations could be better.
Brent
March 23, 2021
OK on content, some questions poorly written. Read explanation if marked incorrect as you have been correct
Zaid
January 19, 2021
Well, I failed one of the practice exams, but to be honest I found the question bank to be quite well researched. It covered every nook and corner and then some. I will work on my weak domains and probably retake the failed exam. Overall, very pleased to see quality exam questions. Keep up the good work !
Abdul
January 13, 2021
Generally, it is difficult to judge the quality of CISSP practice exams. After completing these exams, I can safely say that I am quite happy with the quality offered. I particularly like the fact that explanations not only illustrate the correct choice,but also briefly discuss the incorrect ones, offering a sort of revision of those concepts.
David
January 11, 2021
I thought I was ready to take the CISSP exam but after taking this course I know I need more practice. Kudos to the creators of this course for creating these tough tests; most free one's available online were too easy and provided me with false sense of comfort.
Imran
January 9, 2021
Fantastic! questions are hard, but clear, concise and perfectly accurate. Questions are tough but offer a great way to prepare for the CISSP exam. I could pinpoint areas where I need improvement. Great job !!
Dean
October 1, 2020
This is, at best, a poor preparation for the CISSP exam. While some of the questions are solid and representative of the actual exam, there are far too many that are not. Some answers are just flat wrong, some are borderline correct but not at all the principle that ISC2 is testing on and a few just make no sense at all. For example, there is a question that asks for a ranking of the attributes in the ISC2 code of ethics - an answer inferred by the test authors that does not prepare anyone for the CISSP exam. I'll be asking Udemy for my money back on this one. It's cheap but it still isn't worth the money, imo.
Matt
September 14, 2020
Definitely Hard Questions..... tests on the nitty gritty but it good as I learned a lot. Some very tricky questions too
Muhammad
June 21, 2020
A good exam to test your deep knowledge of the subject. I like the approach to test concepts and terms. Definitely helpful to test yourself before taking actual exam.
Sajjad
June 13, 2020
I am glad that I took this course before attempting the actual exam. It was an eye opener for me to see how little I was prepared for the actual exam by taking the practice tests in this course. It has helped me identify my weak areas that I need to work on. Thanks a lot!!

Charts

Price

Hard CISSP Practice Questions - Domain Wise (400 Questions) - Price chart

Rating

Hard CISSP Practice Questions - Domain Wise (400 Questions) - Ratings chart

Enrollment distribution

Hard CISSP Practice Questions - Domain Wise (400 Questions) - Distribution chart

Coupons

DateDiscountStatus
6/27/2021100% OFF
expired
7/18/2022100% OFF
expired
8/5/2022100% OFF
working
3221861
udemy ID
6/10/2020
course created date
7/8/2020
course indexed date
Bot
course submited by