Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CISSP

ISC2 CISSP Exam Questions
Certified Information Systems Security Professional (CISSP) (Page 11 )

Updated On: 19-Apr-2026
Page 11 of 98
PDF with 484 Questions

Which of the following BEST describes when an organization should conduct a black box security audit on a new software protect?

  1. When the organization wishes to check for non-functional compliance
  2. When the organization wants to enumerate known security vulnerabilities across their infrastructure
  3. When the organization is confident the final source code is complete
  4. When the organization has experienced a security incident

Answer(s): C



In software development, which of the following entities normally signs the code to protect the code integrity?

  1. The organization developing the code
  2. The quality control group
  3. The developer
  4. The data owner

Answer(s): A



Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?

  1. Field-level tokenization
  2. Web application vulnerability scanners
  3. Runtime application self-protection (RASP)
  4. Security Assertion Markup Language (SAML)

Answer(s): C



A security architect is developing an information system for a client. One of the requirements is to deliver a platform that mitigates against common vulnerabilities and attacks. What is the MOST efficient option used to prevent buffer overflow attacks?

  1. Access control mechanisms
  2. Process isolation
  3. Address Space Layout Randomization (ASLR)
  4. Processor states

Answer(s): C



In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?

  1. Implement bi-annual reviews.
  2. Create policies for system access.
  3. Implement and review risk-based alerts.
  4. Increase logging levels.

Answer(s): C



Viewing page 11 of 98
Viewing questions 51 - 55 out of 484 questions



Post your Comments and Discuss ISC2 CISSP exam dumps with other Community members:

CISSP Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!