Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CISSP

ISC2 CISSP Exam Questions
Certified Information Systems Security Professional (CISSP) (Page 6 )

Updated On: 5-Mar-2026
Page 6 of 98
PDF with 484 Questions

In the "Do" phase of the Plan-Do-Check-Act model, which of the following is performed?

  1. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review.
  2. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement.
  3. Ensure the business continuity policy, controls, processes, and procedures have been implemented.
  4. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established.

Answer(s): C



What industry-recognized document could be used as a baseline reference that is related to data security and business operations or conducting a security assessment?

  1. Service Organization Control (SOC) 1 Type 2
  2. Service Organization Control (SOC) 1 Type 1
  3. Service Organization Control (SOC) 2 Type 2
  4. Service Organization Control (SOC) 2 Type 1

Answer(s): D



A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?

  1. Organization loses control of their network devices.
  2. Network is flooded with communication traffic by the attacker.
  3. Network management communications is disrupted.
  4. Attacker accesses sensitive information regarding the network topology.

Answer(s): A



Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users' internal control over financial reporting?

  1. Statement on Auditing Standards (SAS) 70
  2. Service Organization Control 1 (SOC1)
  3. Service Organization Control 2 (SOC2)
  4. Service Organization Control 3 (SOC3)

Answer(s): B



Which of the following is the BEST method to validate secure coding techniques against injection and overflow attacks?

  1. Scheduled team review of coding style and techniques for vulnerability patterns
  2. The regular use of production code routines from similar applications already in use
  3. Using automated programs to test for the latest known vulnerability patterns
  4. Ensure code editing tools are updated against known vulnerability patterns

Answer(s): C



Viewing page 6 of 98
Viewing questions 26 - 30 out of 484 questions



Post your Comments and Discuss ISC2 CISSP exam dumps with other Community members:

CISSP Exam Discussions & Posts

AI Tutor