Free ISC2 CISSP Exam Questions

Become ISC2 Certified with updated CISSP exam questions and correct answers

Page: 1 / 301

Total 1502 Questions | Updated On: Feb 06, 2026

Add To Cart

Question 1

An organization recently upgraded to a Voice over Internet Protocol (VoIP) phone system. Management is concerned with unauthorized phone usage. security

consultant is responsible for putting together a plan to secure these phones. Administrators have assigned unique personal identification number codes for each

person in the organization. What is the BEST solution?

A : phone locking software to enforce usage and PIN policies.

B : form the user to change the PIN regularly. Implement call detail records (CDR) reports to track usage.

C : ve the administrator enforce a policy to change the PIN regularly. Implement call detail records (CDR) reports to track usage.

D : ve the administrator change the PIN regularly. Implement call detail records (CDR) reports to track usage.

Answer: C

Question 2

An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take?

A : voke access temporarily.

B : ock user access and delete user account after six months.

C : ock access to the offices immediately.

D : nitor account usage temporarily.

Answer: D

Question 3

A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share with other partners in the future. Which of the following options BEST serves their needs?

A : derated identity

B : oud Active Directory (AD)

C : curity Assertion Markup Language (SAML)

D : ngle sign-on (SSO)

Answer: A

Question 4

Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?

A : Software as a Service (SaaS)

B : itelist input validation

C : quire client certificates

D : lidate data output

Answer: B

Question 5

International bodies established a regulatory scheme that defines how weapons are exchanged between the signatories. It also addresses cyber weapons, including malicious software, Command and Control (C2) software, and internet surveillance software. This is a description of which of the following?

A : neral Data Protection Regulation (GDPR)

B : lermo convention

C : enaar arrangement

D : ternational Traffic in Arms Regulations (ITAR)

Answer: C

Page: 1 / 301

Total 1502 Questions | Updated On: Feb 06, 2026

Add To Cart