• Home
  • Articles
  • [Q620-Q635] Updated May-2026 Test Engine to Practice Test for CISSP Exam Questions and Answers!

[Q620-Q635] Updated May-2026 Test Engine to Practice Test for CISSP Exam Questions and Answers!

Share

Updated May-2026 Test Engine to Practice Test for CISSP Exam Questions and Answers!

Certified Information Systems Security Professional (CISSP) Certification Sample Questions and Practice Exam


To be eligible to take the ISC CISSP Certification Exam, individuals must have a minimum of five years of experience in the field of information security. Certified Information Systems Security Professional (CISSP) certification exam consists of 250 multiple-choice questions that are designed to test an individual's knowledge and understanding of the eight domains of information security. These domains include security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security. Passing the ISC CISSP Certification Exam demonstrates an individual's expertise in information security and can open the door to a variety of career opportunities in the field.

 

NEW QUESTION # 620
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics?

  • A. Enables dissimilar networks to communicate
  • B. Standard model for network communications
  • C. Defines 7 protocol layers (a.k.a. protocol stack)
  • D. Used to gain information from network devices such as count of packets received and routing tables

Answer: D

Explanation:
Explanation/Reference:
Explanation:
The OSI/ISO Layers are not designed for monitoring network devices.
Incorrect Answers:
A: The OSI model is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to their underlying internal structure and technology.
C: The goal of the OSI model goal is the interoperability of diverse communication systems with standard protocols.
D: The original version of the OSI model defined seven protocol layers, defining a protocol stack.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 518


NEW QUESTION # 621
The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

  • A. require an update of the Protection Profile (PP).
  • B. reduce the product to EAL 3.
  • C. retain its current EAL rating.
  • D. require recertification.

Answer: D

Explanation:
Common Criteria (CC) is an international standard for evaluating the security of IT products and systems.
Evaluation Assurance Level (EAL) is a numerical grade that indicates the level of assurance and rigor of the evaluation process. EAL ranges from 1 (lowest) to 7 (highest). A product that has been validated at EAL 4 has been methodically designed, tested, and reviewed, and provides a moderate level of independently assured security. The application of a security patch to a product previously validated at EAL 4 would require recertification, as the patch may introduce new vulnerabilities or affect the security functionality of the product. The recertification process would ensure that the patched product still meets the EAL 4 requirements and does not compromise the security claims of the original evaluation. Updating the Protection Profile (PP), retaining the current EAL rating, or reducing the product to EAL 3 are not valid options, as they do not reflect the impact of the security patch on the product's security assurance.


NEW QUESTION # 622
Which of the following is NOT a component of IPSec?

  • A. Encapsulating Security Payload
  • B. Authentication Header
  • C. Internet Key Exchange
  • D. Key Distribution Center

Answer: D

Explanation:
AH, ESP and IKE are the three main components of IPSec. A KDC (Key Distribution
Center) is a component of Kerberos, not IPSec.
Source: Information Systems Audit and Control Association, Certified Information Systems
Auditor 2002 review manual, Chapter 4: Protection of Information Assets (page 217).


NEW QUESTION # 623
In a database management system (DBMS), what is the "cardinality?"

  • A. The number of rows in a relation.
  • B. The number of columns in a relation.
  • C. The set of allowable values that an attribute can take.
  • D. The number of relations in a database.

Answer: A

Explanation:
Cardinality is the "number" of rows in a relation. The rows of the table represent records or tuples.
Degree is the "number" of columns in a relation. The individual columns of the table represent the attributes.
A relation is the basis of a relational database and is represented by a two-dimensional table.
The domain of a relation is the set of allowable values that an attribute can take.
Sources:
WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#4 Applications & Systems
Development Security (page 1), /Documents/CISSP_Summary_2002/index.html.
KRUTZ, Ronald & VINES, Russel, The CISSP Prep Guide: Gold Edition, Wiley Publishing
Inc., 2003, Chapter 2: Relational Database Security (page 59).


NEW QUESTION # 624
Why would the security professional need to address the disaster recovery (DR) strategy of the organization?

  • A. Critical data could be destroyed by worms or viruses
  • B. Administrative privileges could be hijacked
  • C. It is difficult to quickly assess the depth of a security breach
  • D. A baseline is necessary to show executive management progress

Answer: D


NEW QUESTION # 625
What is the maximum key size for the RC5 algorithm?

  • A. 256 bits
  • B. 128 bits
  • C. 1024 bits
  • D. 2040 bits

Answer: D

Explanation:
Explanation/Reference:
Explanation:
RC5 is a block cipher that has a variety of parameters it can use for block size, key size, and the number of rounds used. It was created by Ron Rivest and analyzed by RSA Data Security, Inc. The block sizes used in this algorithm are 32, 64, or 128 bits, and the key size goes up to 2,048 bits. The number of rounds used for encryption and decryption is also variable. The number of rounds can go up to 255.
Incorrect Answers:
A: The maximum key size for the RC5 algorithm is 2048 bits, not 128 bits.
B: The maximum key size for the RC5 algorithm is 2048 bits, not 256 bits.
C: The maximum key size for the RC5 algorithm is 2048 bits, not 1024 bits.
References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 810


NEW QUESTION # 626
Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud based application?

  • A. Host-based intrusion prevention system (HIPS)
  • B. File integrity monitoring (FIM)
  • C. Data loss prevention (DLP)
  • D. Access control list (ACL)

Answer: D


NEW QUESTION # 627
According to Requirement 3 of the Payment Card Industry's Data Security Standard (PCI DSS) there is a requirement to "protect stored cardholder data." Which of the following items cannot be stored by the merchant?

  • A. Primary Account Number
  • B. Expiration Date
  • C. Cardholder Name
  • D. The Card Validation Code (CVV2)

Answer: D

Explanation:
Explanation/Reference:
Explanation:
Requirement 3 of the Payment Card Industry's Data Security Standard (PCI DSS) is to "protect stored cardholder data." The public assumes merchants and financial institutions will protect data on payment cards to thwart theft and prevent unauthorized use.
Requirement 3 applies only if cardholder data is stored. Merchants who do not store any cardholder data automatically provide stronger protection by having eliminated a key target for data thieves.
For merchants who have a legitimate business reason to store cardholder data, it is important to understand what data elements PCI DSS allows them to store and what measures they must take to protect those data. To prevent unauthorized storage, only council certified PIN entry devices and payment applications may be used.
PCI DSS compliance is enforced by the major payment card brands who established the PCI DSS and the PCI Security Standards Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
PCI DSS Requirement 3
It details technical guidelines for protecting stored cardholder data. Merchants should develop a data retention and storage policy that strictly limits storage amount and retention time to that which is required for business, legal, and/or regulatory purposes.
Sensitive authentication data must never be stored after authorization - even if this data is encrypted.
Never store full contents of any track from the card's magnetic stripe or chip (referred to as full track,

track, track 1, track 2, or magnetic stripe data). If required for business purposes, the cardholder's name, PAN, expiration date, and service code may be stored as long as they are protected in accordance with PCI DSS requirements.
Never store the card-validation code (CVV) or value (three- or four-digit number printed on the front or

back of a payment card used to validate card-not-present transactions).
Never store the personal identification number (PIN) or PIN Block. Be sure to mask PAN whenever it is

displayed. The first six and last four digits are the maximum number of digits that may be displayed.
This requirement does not apply to those authorized with a specific need to see the full PAN, nor does it supersede stricter requirements in place for displays of cardholder data such as in a point-of-sale receipt.
Incorrect Answers:
A: The Primary Account Number can be stored by the merchant according to the PCI Data Storage Guidelines.
B: The Cardholder Name can be stored by the merchant according to the PCI Data Storage Guidelines.
C: The Expiration Date can be stored by the merchant according to the PCI Data Storage Guidelines.
References:
https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf


NEW QUESTION # 628
Drag the following Security Engineering terms on the left to the BEST definition on the right.

Answer:

Explanation:


NEW QUESTION # 629
Which of the following is the PRIMARY concern when using an Internet browser to access a cloud-based service?

  • A. Misconfiguration of infrastructure allowing for unauthorized access
  • B. Insecure implementation of Application Programming Interfaces (API)
  • C. Improper use and storage of management keys
  • D. Vulnerabilities within protocols that can expose confidential data

Answer: D


NEW QUESTION # 630
When logging on to a workstation, the log-on process should:

  • A. Place no limits on the time allotted for log-on or on the number of
    unsuccessful log-on attempts.
  • B. Provide a Help mechanism that provides log-on assistance.
  • C. Not provide information on the previous successful log-on and on
    previous unsuccessful log-on attempts.
  • D. Validate the log-on only after all input data has been supplied.

Answer: D

Explanation:
This approach is necessary to ensure that all the information required
for a log-on has been submitted and to avoid providing information
that would aid a cracker in trying to gain unauthorized access to the
workstation or network. If a log-on attempt fails, information as to
which part of the requested log-on information was incorrect should
not be supplied to the user.
Answer "Provide a Help mechanism that provides log-on assistance" is incorrect since a
Help utility
would provide help to a cracker trying to gain unauthorized access to
the network.
For answer "Place no limits on the time allotted for log-on or on the number of unsuccessful log-on attempts", maximum and minimum time limits should be placed on the log-on process. Also, the log-on process should limit
the number of unsuccessful log-on attempts and temporarily suspend
the log-on capability if that number is exceeded. One approach is to
progressively increase the time interval allowed between unsuccessful
log-on attempts.
Answer "Not provide information on the previous successful log-on and on previous unsuccessful log-on attempts" is incorrect since providing such information will alert an authorized user if someone has been attempting to gain unauthorized access to the network from the user's workstation.


NEW QUESTION # 631
Which one of the following is not one of the outcomes of a vulnerability analysis?

  • A. Quantative loss assessment
  • B. Defining critical support areas
  • C. Qualitative loss assessment
  • D. Formal approval of BCP scope and initiation document

Answer: D


NEW QUESTION # 632
Which of the following is the BEST method to assess the effectiveness of an organization's vulnerability management program?

  • A. Automated vulnerability scanning
  • B. Perform vulnerability scan by security team
  • C. Review automated patch deployment reports
  • D. Periodic third party vulnerability assessment

Answer: D


NEW QUESTION # 633
Which media sanitization methods should be used for data with a high security categorization?

  • A. Destroy or delete
  • B. Clear or destroy
  • C. Clear or purge
  • D. Purge or destroy

Answer: D


NEW QUESTION # 634
A device that is used to monitor Internet Service Provider (ISP) data
traffic is called:

  • A. Echelon
  • B. Carnivore
  • C. Key manager
  • D. Escrowed encryption

Answer: B

Explanation:
Carnivore is a device used by the US FBI to monitor ISP traffiC. (S.P.
Smith, et. al., Independent Technical Review of the Carnivore System Draft report, US Department of Justice Contract # 00-C-328 IITRI, CR-022-
2 16, Nov 17, 2000). Answer b, Echelon, refers to a cooperative, worldwide signal intelligence system that is run by the NSA of the United
States, the Government Communications Head Quarters (GCHQ) of
England, the Communications Security Establishment (CSE) of
Canada, the Australian Defense Security Directorate (DSD), and the
General Communications Security Bureau (GCSB) of New Zealand.
These organizations are bound together under a secret 1948 agreement,
UKUSA, [European Parliament, Development of Surveillance Technology
and the Risk of Abuse of Economic Information, Luxembourg
(April 1999), PE 166.184/Part 3 /4]. Answer c is a distracter and is discussed in the questions and answers of Chapter 4, Cryptography.
Answer d is a distracter.


NEW QUESTION # 635
......


The CISSP certification is highly valued by employers and is often a requirement for many information security positions. Certified Information Systems Security Professional (CISSP) certification demonstrates that an individual has the knowledge and skills needed to design, implement, and manage effective security programs in their organization. Employers often prefer candidates who hold the CISSP certification as it indicates that they have a deep understanding of information security concepts and best practices.

 

Certification dumps ISC Certification CISSP guides - 100% valid: https://torrentpdf.practicedump.com/CISSP-exam-questions.html

Related Articles

more
ISC CISSP Certification Practice Exam

Copyright © 2026 PracticeDump NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy