CISSP Exam Questions and Answers Free Demo

CCNA 200-301

CCNP Enterprise

CCNP Security

CCIE Enterprise Lab

CCIE Security Lab

CCNP Service Provider

CCNP Data Center

CCNP Collaboration

CCIE DC Lab

CISSP Exam Questions and Answers Free Demo

2019-11-08

According to a survey by PayScale.com in 2019，the CISSP-certified IT professionals ranked the third-highest global salary ($116,573) and the 10th highest in North America ($123,815). If you’re planning to be a CISSP certified, you should not miss the following exam questions to help you prepare your CISSP exam.

Question 1. In discretionary access environments, which of the following entities is authorized to grant information access to other people?

A. Manager

B. Group Leader

C. Security Manager

D. Data Owner

The correct answer is D.

The explanation is as follows:

In Discretionary Access Control (DAC) environments, the user creating a file is the owner of that file. He has total control over the file including the ability to set permissions for that file.

Question 2. Which access control model is best suited in an environment where a high-security level is required and where it is desired that only the administrator grants access control

A. DAC

B. MAC

C. Access control matrix

D. TACACS

Answer: The correct answer is B.

The explanation is as follows:

MAC provides high security by regulating access based on the clearance of individual users and sensitivity labels for each object. Clearance levels and sensitivity levels cannot be modified by individual users; for example, user Joe (SECRET clearance) cannot reclassify the "Presidential Doughnut Recipe" from "SECRET" to "CONFIDENTIAL" so that his friend Jane (CONFIDENTIAL clearance) can read it. The administrator is ultimately responsible for configuring this protection in accordance with security policy and directives from the Data Owner.

The other answers may seem relevant to some test takers and may confuse them. Below is the explanation for the incorrect answers:

a) DAC is incorrect because, in DAC, the data owner is responsible for controlling access to the object.

b) Access control matrix is incorrect because The access control matrix is a way of thinking about the access control needed by a population of subjects to a population of objects. This access control can be applied using rules, ACL's, capability tables, etc.

c) TACACS is incorrect because TACACS is a tool for performing user authentication.

Question 3. Which of the following is NOT a way to secure a wireless network?

A. Disable broadcast of SSID within AP`s configuration

B. Give AP's descriptive names

C. Put the access points (AP) in a location protected by a firewall

D. Change AP's default values

The correct answer is B.

The explanation is as follows:

The SSID of the AP has very little value when it comes to security. In fact, using descriptive names such as your company name would make you a more likely target in some cases.

The SSID is sent in clear text within the packets. It is not in any way, shape or forms a security mechanism.

Question 4. Which of the following is a drawback of fiber optic cables?

A. It is affected by electromagnetic interference (EMI).

B. It can easily be tapped.

C. The expertise needed to install it.

D. The limited distance at high speeds.

The correct answer is C.

The explanation is as follows:

Fiber optic is immune to the effects of electromagnetic interference. It is very hard to tap into and has a much longer effective usable length than any other cable type. The primary drawbacks of this cable type are its cost of installation and the high level of expertise needed to have it properly terminated.

Question 5. Which OSI/ISO layer defines how to address the physical devices on the network?

A. Data Link layer

B. Session layer

C. Application layer

D. Transport layer

The correct answer is A.

The explanation is as follows:

The data link layer (layer 2) is the second layer of the seven-layer OSI model of computer networking. It defines how to address the physical locations and/or devices, which are present on the network.

Questions like the ones above and many more will be there on a CISSP certification test for testing your knowledge. If you want to take more CISSP exam practice tests, you can try SPOTO ones. 100% real from the exam with full explanations.if you have any questions, and you can enquire directly.