LATEST CISSP (ADVANCED CYBERSECURITY) ACTUAL
EXAM QUESTIONS WITH 100% VERIFIED ANSWERS.
1. Which principle ensures that subjects are granted only the permissions necessary to
perform their tasks?
A. Separation of duties
B. Least privilege
C. Need to know
D. Defense in depth
Correct Answer: B
Rationale: Least privilege restricts access rights to the minimum required. Separation
of duties divides responsibilities, need to know limits information access, and defense
in depth layers security controls.
2. In a risk management process, what does ALE stand for?
A. Annual Loss Expectancy
B. Asset Loss Estimation
C. Annual Level Exposure
D. Asset Liability Evaluation
Correct Answer: A
Rationale: ALE quantifies expected annual loss. Other options are incorrect
expansions.
3. Which access control model uses labels and classifications to enforce security
policies?
A. DAC
B. RBAC
C. MAC
D. ABAC
Correct Answer: C
Rationale: Mandatory Access Control (MAC) enforces access based on classification
labels. DAC is owner-controlled, RBAC uses roles, and ABAC uses attributes.
4. What is the primary purpose of a salting mechanism in password hashing?
A. Increase hashing speed
B. Prevent rainbow table attacks
C. Encrypt passwords
D. Compress password data
Correct Answer: B
Rationale: Salting adds randomness to hashes, preventing precomputed attacks. It
does not encrypt or compress data.
,5. Which security model focuses on maintaining data integrity?
A. Bell-LaPadula
B. Biba
C. Clark-Wilson
D. Brewer-Nash
Correct Answer: B
Rationale: Biba enforces integrity policies. Bell-LaPadula focuses on confidentiality,
Clark-Wilson on integrity via transactions, Brewer-Nash on conflict of interest.
6. A SYN flood attack targets which layer of the OSI model?
A. Application
B. Transport
C. Network
D. Data Link
Correct Answer: B
Rationale: SYN flood exploits TCP handshake at the transport layer.
7. Which type of cryptography uses the same key for encryption and decryption?
A. Asymmetric
B. Symmetric
C. Hashing
D. Quantum
Correct Answer: B
Rationale: Symmetric cryptography uses a shared key. Asymmetric uses key pairs.
8. What is the primary goal of a Business Impact Analysis (BIA)?
A. Identify vulnerabilities
B. Assess financial risks
C. Determine critical business functions
D. Implement controls
Correct Answer: C
Rationale: BIA identifies critical processes and impact of disruptions.
9. Which protocol provides secure remote login capabilities?
A. Telnet
B. FTP
C. SSH
D. SNMP
Correct Answer: C
Rationale: SSH encrypts remote sessions; Telnet is insecure.
,10. What type of attack involves intercepting communication between two parties?
A. Phishing
B. Man-in-the-middle
C. DoS
D. Replay
Correct Answer: B
Rationale: MITM intercepts and possibly alters communications.
11. Which control type is designed to detect and alert on incidents?
A. Preventive
B. Detective
C. Corrective
D. Deterrent
Correct Answer: B
Rationale: Detective controls identify and alert on events.
12. What is the primary function of a firewall?
A. Encrypt data
B. Monitor employee activity
C. Control network traffic
D. Store logs
Correct Answer: C
Rationale: Firewalls filter traffic based on rules.
13. Which concept ensures that data is not altered improperly?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
Correct Answer: B
Rationale: Integrity ensures accuracy and consistency of data.
14. What does RBAC stand for?
A. Rule-Based Access Control
B. Role-Based Access Control
C. Risk-Based Access Control
D. Resource-Based Access Control
Correct Answer: B
Rationale: RBAC assigns permissions based on roles.
, 15. Which attack exploits human psychology rather than technical vulnerabilities?
A. SQL Injection
B. Social Engineering
C. Buffer Overflow
D. Cross-site scripting
Correct Answer: B
Rationale: Social engineering manipulates people into revealing information.
16. What is the purpose of a digital signature?
A. Encrypt data
B. Provide authentication and integrity
C. Compress files
D. Hide metadata
Correct Answer: B
Rationale: Digital signatures verify sender and ensure integrity.
17. Which type of malware replicates itself without user interaction?
A. Trojan
B. Worm
C. Virus
D. Spyware
Correct Answer: B
Rationale: Worms self-propagate across networks.
18. What is the key characteristic of a zero-day vulnerability?
A. Already patched
B. Publicly known
C. Unknown to vendor
D. Low risk
Correct Answer: C
Rationale: Zero-day vulnerabilities are unknown and unpatched.
19. Which concept limits access to only necessary information?
A. Least privilege
B. Need to know
C. Separation of duties
D. Defense in depth
Correct Answer: B
Rationale: Need to know restricts information visibility.
EXAM QUESTIONS WITH 100% VERIFIED ANSWERS.
1. Which principle ensures that subjects are granted only the permissions necessary to
perform their tasks?
A. Separation of duties
B. Least privilege
C. Need to know
D. Defense in depth
Correct Answer: B
Rationale: Least privilege restricts access rights to the minimum required. Separation
of duties divides responsibilities, need to know limits information access, and defense
in depth layers security controls.
2. In a risk management process, what does ALE stand for?
A. Annual Loss Expectancy
B. Asset Loss Estimation
C. Annual Level Exposure
D. Asset Liability Evaluation
Correct Answer: A
Rationale: ALE quantifies expected annual loss. Other options are incorrect
expansions.
3. Which access control model uses labels and classifications to enforce security
policies?
A. DAC
B. RBAC
C. MAC
D. ABAC
Correct Answer: C
Rationale: Mandatory Access Control (MAC) enforces access based on classification
labels. DAC is owner-controlled, RBAC uses roles, and ABAC uses attributes.
4. What is the primary purpose of a salting mechanism in password hashing?
A. Increase hashing speed
B. Prevent rainbow table attacks
C. Encrypt passwords
D. Compress password data
Correct Answer: B
Rationale: Salting adds randomness to hashes, preventing precomputed attacks. It
does not encrypt or compress data.
,5. Which security model focuses on maintaining data integrity?
A. Bell-LaPadula
B. Biba
C. Clark-Wilson
D. Brewer-Nash
Correct Answer: B
Rationale: Biba enforces integrity policies. Bell-LaPadula focuses on confidentiality,
Clark-Wilson on integrity via transactions, Brewer-Nash on conflict of interest.
6. A SYN flood attack targets which layer of the OSI model?
A. Application
B. Transport
C. Network
D. Data Link
Correct Answer: B
Rationale: SYN flood exploits TCP handshake at the transport layer.
7. Which type of cryptography uses the same key for encryption and decryption?
A. Asymmetric
B. Symmetric
C. Hashing
D. Quantum
Correct Answer: B
Rationale: Symmetric cryptography uses a shared key. Asymmetric uses key pairs.
8. What is the primary goal of a Business Impact Analysis (BIA)?
A. Identify vulnerabilities
B. Assess financial risks
C. Determine critical business functions
D. Implement controls
Correct Answer: C
Rationale: BIA identifies critical processes and impact of disruptions.
9. Which protocol provides secure remote login capabilities?
A. Telnet
B. FTP
C. SSH
D. SNMP
Correct Answer: C
Rationale: SSH encrypts remote sessions; Telnet is insecure.
,10. What type of attack involves intercepting communication between two parties?
A. Phishing
B. Man-in-the-middle
C. DoS
D. Replay
Correct Answer: B
Rationale: MITM intercepts and possibly alters communications.
11. Which control type is designed to detect and alert on incidents?
A. Preventive
B. Detective
C. Corrective
D. Deterrent
Correct Answer: B
Rationale: Detective controls identify and alert on events.
12. What is the primary function of a firewall?
A. Encrypt data
B. Monitor employee activity
C. Control network traffic
D. Store logs
Correct Answer: C
Rationale: Firewalls filter traffic based on rules.
13. Which concept ensures that data is not altered improperly?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
Correct Answer: B
Rationale: Integrity ensures accuracy and consistency of data.
14. What does RBAC stand for?
A. Rule-Based Access Control
B. Role-Based Access Control
C. Risk-Based Access Control
D. Resource-Based Access Control
Correct Answer: B
Rationale: RBAC assigns permissions based on roles.
, 15. Which attack exploits human psychology rather than technical vulnerabilities?
A. SQL Injection
B. Social Engineering
C. Buffer Overflow
D. Cross-site scripting
Correct Answer: B
Rationale: Social engineering manipulates people into revealing information.
16. What is the purpose of a digital signature?
A. Encrypt data
B. Provide authentication and integrity
C. Compress files
D. Hide metadata
Correct Answer: B
Rationale: Digital signatures verify sender and ensure integrity.
17. Which type of malware replicates itself without user interaction?
A. Trojan
B. Worm
C. Virus
D. Spyware
Correct Answer: B
Rationale: Worms self-propagate across networks.
18. What is the key characteristic of a zero-day vulnerability?
A. Already patched
B. Publicly known
C. Unknown to vendor
D. Low risk
Correct Answer: C
Rationale: Zero-day vulnerabilities are unknown and unpatched.
19. Which concept limits access to only necessary information?
A. Least privilege
B. Need to know
C. Separation of duties
D. Defense in depth
Correct Answer: B
Rationale: Need to know restricts information visibility.
