Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CISSP

ISC2 CISSP Exam Questions
Certified Information Systems Security Professional (CISSP) (Page 9 )

Updated On: 19-Apr-2026
Page 9 of 98
PDF with 484 Questions

What is the term used to define where data is geographically stored in the cloud?

  1. Data privacy rights
  2. Data sovereignty
  3. Data warehouse
  4. Data subject rights

Answer(s): B



Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?

  1. Proper security controls, security objectives, and security goals are properly initiated.
  2. Security objectives, security goals, and system test are properly conducted.
  3. Proper security controls, security goals, and fault mitigation are properly conducted.
  4. Security goals, proper security controls, and validation are properly initiated.

Answer(s): A



Which of the following is MOST important to follow when developing information security controls for an organization?

  1. Use industry standard best practices for security controls in the organization.
  2. Exercise due diligence with regard to all risk management information to tailor appropriate controls.
  3. Review all local and international standards and choose the most stringent based on location.
  4. Perform a risk assessment and choose a standard that addresses existing gaps.

Answer(s): B



When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?

  1. The RPO is the minimum amount of data that needs to be recovered.
  2. The RPO is the amount of time it takes to recover an acceptable percentage of data lost.
  3. The RPO is a goal to recover a targeted percentage of data lost.
  4. The RPO is the maximum amount of time for which loss of data is acceptable.

Answer(s): D



Which of the following attacks, if successful, could give an intruder complete control of a software-defined networking (SDN) architecture?

  1. A brute force password attack on the Secure Shell (SSH) port of the controller
  2. Sending control messages to open a flow that does not pass a firewall from a compromised host within the network
  3. Remote Authentication Dial-In User Service (RADIUS) token replay attack
  4. Sniffing the traffic of a compromised host inside the network

Answer(s): B



Viewing page 9 of 98
Viewing questions 41 - 45 out of 484 questions



Post your Comments and Discuss ISC2 CISSP exam dumps with other Community members:

CISSP Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!