2018 CISSP Exam 2021 CISSP Exam
1. Security and Risk Management 15% 1. Security and Risk Management 15%
2. Asset Security 10% 2. Asset Security 10%
3. Security Architecture and Engineering 13% 3. Security Architecture and Engineering 13%
4. Communication and Network Security 14% 4. Communication and Network Security 13%
5. Identity and Access Management (IAM) 13% 5. Identity and Access Management (IAM) 13%
6. Security Assessment and Testing 12% 6. Security Assessment and Testing 12%
7. Security Operations 13% 7.Security Operations 13%
8. Software Development Security 10% 8.Software Development Security 11%\
FEATURES & BENEFITS :
4 full length practice tests, 400 total questions with explanation.
– Practice like the real CISSP exam
Pause or stop the exam whenever you like
– Practice on your own time, at your own pace
Detailed explanation of answer
– Better understanding of the content, also understand why the wrong answers are incorrect
Lifetime access
– Udemy’s courses all have lifetime access, so use this practice test to brush up on your CISSP skills whenever you like
Sample Practice Test with Explanation.
1) The BEST method to mitigate the risk of a dictionary attack on a system is to
A. use a hardware token.
B. use complex passphrases.
C. implement password history.
D. encrypt the access control list (ACL).
Answer: A
Explanation:
a dictionary attack is a form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying thousands or millions of likely possibilities, such as words in a dictionary.
Prevention :
Set up multi-factor authentication where possible.
Use biometrics in lieu of passwords.
Limit the number of attempts allowed within a given period of time.
Force account resets after a certain number of failed attempts.
2) An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?
A. Add a new rule to the application layer firewall
B. Block access to the service
C. Install an Intrusion Detection System (IDS)
D. Patch the application source code
Answer: A
Explanation:
An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from.
A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service.
Exception handling” is the key. Exception: Deliver all the inputs to the webserver to a different URL/email and add a new rule in the application Firewall to block all the traffic to the to url/email configured in the Exception.
3) Organization need to ensure they are compliant with all the laws and regulations of all the states, territories, and countries they operate in. How are the security breach notification laws in the US handled?
A. Federal.
B. Mandatory for states to have.
C. Handled by the individual states.
D. Handled by the individual organization.
Answer. C
Explanation:
Security breach notification laws or data breach notification laws are laws that require individuals or entities affected by a data breach, unauthorized access to data, to notify their customers and other parties about the breach, as well as take specific steps to remedy the situation based on state legislature. Data breach notification laws have two main goals. The first goal is to allow individuals a chance to mitigate risks against data breaches. The second goal is to promote company incentive to strengthen data security. Together, these goals work to minimize consumer harm from data breaches, including impersonation, fraud, and identity theft.
Such laws have been irregularly enacted in all 50 U.S. states since 2002. Currently, all 50 states have enacted forms of data breach notification laws. It should be noted though, that there is
How to Enroll CISSP Certification Practice Exams 2021 with Explanation course?
How many members can access this course with a coupon?
CISSP Certification Practice Exams 2021 with Explanation Course coupon is limited to the first 1,000 enrollments. Click 'Enroll Now' to secure your spot and dive into this course on Udemy before it reaches its enrollment limits!