Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CISSP

ISC2 CISSP Exam
Certified Information Systems Security Professional (CISSP) (Page 15 )

Updated On: 15-Feb-2026
Page 15 of 98
PDF with 484 Questions

An organization has implemented a protection strategy to secure the network from unauthorized external access. The new Chief Information Security Officer
(CISO) wants to increase security by better protecting the network from unauthorized internal access. Which Network Access Control (NAC) capability BEST meets this objective?

  1. Port security
  2. Two-factor authentication (2FA)
  3. Strong passwords
  4. Application firewall

Answer(s): A



Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?

  1. Findings definition section
  2. Risk review section
  3. Executive summary with full details
  4. Key findings section

Answer(s): D



Why is data classification control important to an organization?

  1. To enable data discovery
  2. To ensure security controls align with organizational risk appetite
  3. To ensure its integrity, confidentiality and availability
  4. To control data retention in alignment with organizational policies and regulation

Answer(s): B



To monitor the security of buried data lines inside the perimeter of a facility, which of the following is the MOST effective control?

  1. Fencing around the facility with closed-circuit television (CCTV) cameras at all entry points
  2. Ground sensors installed and reporting to a security event management (SEM) system
  3. Regular sweeps of the perimeter, including manual inspection of the cable ingress points
  4. Steel casing around the facility ingress points

Answer(s): B



An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?

  1. It should be expressed as general requirements.
  2. It should be expressed as technical requirements.
  3. It should be expressed in business terminology.
  4. It should be expressed in legal terminology.

Answer(s): B






Post your Comments and Discuss ISC2 CISSP exam prep with other Community members:

Join the CISSP Discussion