This CISSP exam simulator free demo contains 15 sample CISSP exam questions from the Full CISSP Exam Simulator. You will find 1,050 real-like CISSP exam questions and seven CISSP exams in the CISSP Exam Simulator.

How to Use CISSP Exam Simulator Free Demo

1- Answer each CISSP question of the CISSP Exam Simulator Free Demo one by one until the end of the page. Once you completed the CISSP exam simulator free demo, click on the “Finish” button.

2- Page will scroll up to the top of the page and show your results. You will have two possible results.

– Scored Over 70% –> Congrats, you scored over our recommended score to sit for the CISSP exam confidently.
– Scored Below 70% –> Unfortunately, you scored below our recommended score to sit for the CISSP exam.

You should revisit CISSP training materials and improve your weak knowledge areas.

3- For your correct answers, CISSP Exam Simulator Free Demo will underline the correct answer option with a green stick.

4- For your wrong answers, you will see that the Free CISSP Exam Simulator Demo will highlight your wrong choice with a red stick. You will also see the correct answer rationale for the answer.

5- In the real CISSP exam, depending on your performance, you might see 100 to 150 questions. As long as your marks reveal a passing or failing grade, the system will finish your exam. In our simulation exams, there are 150 questions in each exam. There are 15 questions in this free demo. For 150 questions, the CISSP exam system grants three hours. This means ~1.2 minutes per question. CISSP Exam Simulator Free Demo will give you 18 minutes (1,080 seconds) for answering these 15 sample questions.

Now, let’s start with the Free CISSP Exam Simulator Demo!

QUIZ START

Results

Congrats! You have scored over 70%. You can confidently book your CISSP exam date and sit for the exam.

We strongly recommend you go over your mistakes and learn why you made mistakes. You can consider enrolling in our CISSP Training to double your chances to pass the CISSP exam in your first attempt.

Unfortunately, you scored below 70%. We recommend you review the CISSP Training content once again. Until you score over 70% from sample CISSP exams, we do not recommend booking your exam.

#1. DES-EDE2, DES-EEE3, DES-EEE2 and DES-EDE3, are 3DES modes. Which of the following choices are false about these modes?

In the DES-EDE2 mode, three DES operations take place in the sequence encrypt-decrypt-encrypt by using three different keys.

In the DES-EEE2 mode, two keys are used for the 3DES encryptions.

In the DES-EDE3 mode, three DES operations take place in the sequence encrypt-decrypt-encrypt by using three different keys.

In the DES-EEE3 mode, three different keys are used in the three stages of encryption.

Here are the modes of 3DES:

DES-EEE3: Three different keys are used in the three stages of encryption. 3DES uses a 168 bit key. The following function is used to represent this mode:

C = E K1 (E K2 (E K3 (P )))

DES-EDE3: Three DES operations take place in the sequence encrypt-decrypt-encrypt by using three different keys. 3DES uses a 168 bit key. The following function is used to represent this mode:

C = E K1 (D K2 (E K3 (P )))

DES-EEE2: Two keys are used for the 3DES encryptions. 3DES uses a 112 bit key. The following function is used to represent this mode:

C = E K1 (E K2 (E K1 (P )))

DES-EDE2: Three DES operations take place in the sequence encrypt-decrypt-encrypt by using two different keys. 3DES uses a 112 bit key. The following function is used to represent this mode:

C = E K1 (D K2 (E K1 (P )))

#2. Which of the following terms describes the act of deciphering plain text from ciphertext without using a cryptographic key?

Cryptanalysis

Hacking

Ciphertext

Algorithm

The term cryptanalysis refers to the act of obtaining plaintext from ciphertext without a cryptographic key. It is a method of obtaining the meaning of encrypted information without accessing the secret information or key, which is normally required for encryption purposes.

#3. Software Code signing is used as a method of verifying what security concept?

Integrity

Confidentiality

Availability

Access Control

Code signing is submitting code along with a hash of the code being submitted. The recipient regenerates the hash and if it is different from the submitted hash then the recipient knows that the code that he received is not identical to the original code. This control maintains the Code’s integrity.

#4. What Is the GREATEST challenge of an agent-based patch management solution?

Time to gather vulnerability information about the computers in the program

The significant amount of network bandwidth while scanning computers

The consistency of distributing patches to each participating computer

Requires that software be installed, running, and managed on all participating computers

Agent based solutions require a software agent to be actively running on the participating systems. Managing and updating these agents often becomes a time consuming task which is not scalable.

#5. Tom's system was infected with malicious code that modified the operating system and allowed the attacker to gain access to his files. What type of exploit did this attacker engage in?

Back door

Spoofing

Butter overflow

DoS

The attacker is engaged in a back door attack. Back doors are undocumented command sequences that allow individuals with knowledge of the back door to bypass normal access restrictions. They are often used during the development and debugging process to speed up the workflow and avoid forcing developers to continuously authenticate to the system.

#6. What is the common name for a phreaking tool that generates the 2600 Hz tones that phone trunk systems used to communicate?

A black box

A red box

A blue box

A white box

A blue box was used to generate the 2600 Hz tones that trunking systems required. White boxes included a dual-tone, multifrequency generator to control phone systems. Black boxes were designed to steal long-distance service by manipulating line voltages, and red boxes simulated the tones of coins being deposited into payphones.

#7. What business continuity related metric defines how long an enterprise can last without a service before causing itself irreparable harm?

MTD

ALE

RPO

RTO

The maximum tolerable downtime (MTD) is the amount of time that a business may be without a service before irreparable harm occurs. This measure is sometimes also called maximum tolerable outage (MTO).

#8. If a practitioner recently took the CISSP certification exam and then published many of the exam questions, Which part of the (ISC)2 code of ethics did the practitioner violate?

Advance and protect the profession.

Act honorably, honestly, justly, responsibly, and legally.

Protect society, the common good, necessary public trust and confidence, and the infrastructure.

Provide diligent and competent service to principals.

The practitioner’s actions harm the CISSP certification and information security community by undermining the integrity of the examination process. While the practitioner also is acting dishonestly, the harm to the profession is more of a direct violation of the code of ethics.

#9. If an enterprise wishes to assess IDS’s for a new dispatching center and is targeting conducting the most simplified and universal evaluation, which of the following choices should it use?

Red Book

Common Criteria

ITSEC

TCSEC

The enterprise should use Common Criteria to get the most simplified and universal evaluation. It was created to combine the strengths of both TCSEC and ITSEC while removing their weaknesses. This evaluation program is recognized globally and is considered more flexible than the TCSEC, and more straightforward than ITSEC.

#10. In 1918, Gilbert Vernam created a means of providing mathematically unbreakable encryption by using a one-time pad that served as a key. Which modern encryption technology is based on the ideas implemented in the Vernam Cipher?

Asymmetric Cryptography

Digital Signatures that are used to provide authenticity

The handshake process used by IPSec and numerous other frameworks

Session keys

Sessions keys are used for a single session and are then discarded, as is the one-time pad. Additionally, each session key must be statistically unpredictable and unrelated to the previous key, as the one-time pad requires, as well. Any technology that takes advantage of a short-term password or key can ultimately be traced back to the one-time pad. Asymmetric Cryptography is often used to provide secure session key exchange. Digital signatures are used to verify a message sender and content. IPSec handshaking is used to establish a secure channel.

#11. If two enterprise personnel switch roles for several weeks each year, which of the following practices are they utilizing?

Segregation of duties

Mandatory vacation

Incident response

Job rotation

Job rotation is implemented in this scenario. A job rotation policy defines intervals at which employees must rotate through positions. It helps to ensure that the company does not become too dependent on one person and it does afford the company with the opportunity to place another person in that same job. It provides an opportunity to see what the person is doing and potentially uncover any fraud.

#12. A stream cipher is a symmetric key cipher that operates on each character, or bit of a message. Which of the following are examples of stream ciphers? Each correct answer represents a complete solution. Choose all that apply.

Select all that apply:

Caesar cipher

One-time pad

Transposition cipher

Split cipher

A stream cipher is a symmetric key cipher that operates on each character, or bit of a message. It encrypts one character per bit at a time. Caesar cipher and one-time pad are the examples of a stream cipher. One-time pad is a stream cipher since it independently operates on each letter of the plaintext message. Significant computational resources are required by the stream ciphers.

#13. If a practitioner is implementing a new access control system and wishes to ensure that developers do not have the ability to move code from development systems to the production environment, which information security principle is being implemented?

Segregation of duties

Two-person control

Least privilege

Job rotation

While developers may feel like they have a business need to be able to move code into production, the principle of segregation of duties dictates that they should not have the ability to both write code and place it on a production server. The change management staff generally deploy code.

#14. If a web hosting provider reports uptime of 99.999 percent, which of the following criteria is it referring to?

Vulnerability

Availability

Usability

Confidentiality

Availability defines measures used to keep services and systems operational during an outage. In short, the goal is to provide all services to all users, where they need them and when they need them. With high availability, the goal is to have key services available 99.999 percent of the time. It refers to the functional state of a system and in the networking world is often simplified as uptime.

#15. A company was ranked high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following control categories does this company need to improve when analyzing its processes individually?

Asset Management, Business Environment, Governance and Risk Assessment

Access Control, Awareness and Training, Data Security and Maintenance

Anomalies and Events, Security Continuous Monitoring and Detection Processes

Recovery Planning, Improvements and Communications

The Identify Function assists in developing an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities. Understanding the business environment, the assets that support critical functions, and assessing the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.

Finish

Do not risk your CISSP Exam Success. Enroll in CISSP Exam Simulator and practice with 1,050 CISSP Practice Questions. 30 Day Refund Guaranteed (*)

*To have a full refund, you must not exceed 10% of the overall CISSP Exam Simulator progress.