5 questions would be shown from a total of 30 free practice questions to prepare you for CISSP exam. Enjoy!
1 / 5
1. A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized? Explanation/Reference:
Explanation: Mandatory Access Control (MAC) is system-enforced access control based on a subject’s clearance and an object’s labels. Subjects and Objects have clearances and labels, respectively, such as confidential, secret, and top secret. A subject may access an object only if the subject’s clearance is equal to or greater than the object’s label. Subjects cannot share objects with other subjects who lack the proper clearance, or “write down” objects to a lower classification level (such as from top secret to secret). MAC systems are usually focused on preserving the confidentiality of data.
Reference: https://www.sciencedirect.com/topics/computer-science/mandatory-access-control
2 / 5
2. Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider’s customers? Explanation/Reference:
Reference: https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/ downloadabledocuments/trust-services-criteria.pdf
3 / 5
3. A manufacturing organization wants to establish a Federated Identity Management (FIM) system with its 20 different supplier companies. Which of the following is the BEST solution for the manufacturing organization? Explanation/Reference:
Reference: https://www.netiq.com/documentation/access-manager-43/applications-configuration-guide/data/ b1ka6lkd.html
4 / 5
4. Which of the following techniques BEST prevents buffer overflows? Explanation/Reference:
Explanation: Some products installed on systems can also watch for input values that might result in buffer overflows, but the best countermeasure is proper programming. This means use bounds checking. If an input value is only sup-posed to be nine characters, then the application should only accept nine characters and no more. Some languages are more susceptible to buffer overflows than others, so programmers should understand these issues, use the right languages for the right purposes, and carry out code review to identify buffer overflow vulnerabilities.
5 / 5
5. Which of the following is the MOST important activity an organization performs to ensure that security is part of the overall organization culture? Explanation/Reference:
Reference: https://techbeacon.com/security/6-ways-develop-security-culture-top-bottom
Your score is
The average score is 54%
Practice Again
More IT practice tests CLICK HERE
More IT practice tests
CLICK HERE