Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CISSP

ISC2 CISSP Exam
Certified Information Systems Security Professional (CISSP) (Page 7 )

Updated On: 12-Feb-2026
Page 7 of 98
PDF with 484 Questions

When resolving ethical conflicts, the information security professional MUST consider many factors. In what order should the considerations be prioritized?

  1. Public safety, duties to individuals, duties to the profession, and duties to principals
  2. Public safety, duties to principals, duties to the profession, and duties to individuals
  3. Public safety, duties to principals, duties to individuals, and duties to the profession
  4. Public safety, duties to the profession, duties to principals, and duties to individuals

Answer(s): C



Which service management process BEST helps information technology (IT) organizations with reducing cost, mitigating risk, and improving customer service?

  1. Kanban
  2. Lean Six Sigma
  3. Information Technology Service Management (ITSM)
  4. Information Technology Infrastructure Library (ITIL)

Answer(s): D



A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?

  1. In-house team lacks resources to support an on-premise solution.
  2. Third-party solutions are inherently more secure.
  3. Third-party solutions are known for transferring the risk to the vendor.
  4. In-house development provides more control.

Answer(s): A



An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to obtain the information when a user's browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred?

  1. SQL injection (SQLi)
  2. Extensible Markup Language (XML) external entities
  3. Cross-Site Scripting (XSS)
  4. Cross-Site Request Forgery (CSRF)

Answer(s): C



An attack utilizing social engineering and a malicious Uniform Resource Locator (URL) link to take advantage of a victim's existing browser session with a web application is an example of which of the following types of attack?

  1. Clickjacking
  2. Cross-site request forgery (CSRF)
  3. Cross-Site Scripting (XSS)
  4. Injection

Answer(s): B






Post your Comments and Discuss ISC2 CISSP exam prep with other Community members:

Join the CISSP Discussion