Free ISC2 CISSP Exam Questions

Become ISC2 Certified with updated CISSP exam questions and correct answers

Page: 1 / 301

Total 1502 Questions | Updated On: Mar 26, 2026

Add To Cart

Question 1

What is the BEST approach for maintaining ethics when a security professional is

unfamiliar with the culture of a country and is asked to perform a questionable task?

A : ercise due diligence when deciding to circumvent host government requests.

B : come familiar with the means in which the code of ethics is applied and considered.

C : mplete the assignment based on the customer's wishes.

D : ecute according to the professional's comfort level with the code of ethics.

Answer: B

Question 2

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this TAM action?

A : Clothing retailer acts as identity provider (IdP), confirms identity of user using industry standards, then sends credentials to partner businesses that act as a ServiceProvider and allows access to services.

B : Clothing retailer acts as User Self Service, confirms identity of user using industry standards, then sends credentials to partner businesses that act as a ServiceProvider and allows access to services.

C : Clothing retailer acts as Service Provider, confirms identity of user using industry standards, then sends credentials to partner businesses that act as an identityprovider (IdP) and allows access to resources.

D : Clothing retailer acts as Access Control Provider, confirms access of user using industry standards, then sends credentials to partner businesses that act as a ServiceProvider and allows access to resources.

Answer: A

Question 3

What technique used for spoofing the origin of an email can successfully conceal the sender s Internet Protocol (IP) address?

A : ange In-Reply-To data

B : crawling

C : ion routing

D : rtual Private Network (VPN)

Answer: C

Question 4

While impersonating an Information Security Officer (ISO), an attacker obtains information from company employees about their User IDs and passwords. Which method of information gathering has the attacker used?

A : usted path

B : licious logic

C : cial engineering

D : ive misuse

Answer: C

Question 5

Which of the following is a reason to use manual patch installation instead of automated patch management?

A : likelihood of system or application incompatibilities will be decreased.

B : ability to cover large geographic areas is increased.

C : cost required to install patches will be reduced.

D : time during which systems will remain vulnerable to an exploit will be decreased.

Answer: A

Page: 1 / 301

Total 1502 Questions | Updated On: Mar 26, 2026

Add To Cart