CISSP - EXAM PRACTICE/STUDY
QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS 100%
CORRECT RATED A+
Question 1: Which of the following strategies serves as the most effective defense
mechanism for preventing cross-site scripting (XSS) vulnerabilities within web
applications?
A. Restricting user account privileges
B. Enforcing strong user authentication
C. Implementing strict input validation and encoding
D. Applying robust data encryption
Answer: ✔✔ C. Implementing strict input validation and encoding
Explanation: Input validation protects applications against cross-site scripting
(XSS) by ensuring that user-supplied data conforms to a strict, predefined format.
This sanitization process effectively blocks malicious actors from injecting
executable scripts, such as the HTML <SCRIPT> tag, into input fields.
Question 2: Which distinct phase of the Electronic Discovery Reference Model
(EDRM) is responsible for converting collected digital evidence into a
standardized, usable format intended for external sharing or delivery to opposing
counsel?
A. Production
B. Processing
C. Review
D. Presentation
Answer: ✔✔ A. Production
,Explanation: The Production stage of the EDRM focuses specifically on preparing
and formatting the retained information so that it can be securely and legally shared
with other authorized parties involved in the legal matter.
Question 3: What specific tier of organizational security planning focuses on mid-
term horizons—typically around one year—and encompasses activities like
scheduling project milestones, assigning personnel duties, mapping out hiring
needs, and defining maintenance or acquisition schedules?
A. Strategic planning
B. Operational planning
C. Tactical planning
D. Administrative planning
Answer: ✔✔ C. Tactical planning
Explanation: Tactical planning bridges the gap between high-level strategy and
daily operations. It operates on a intermediate timeframe (roughly one year) to
outline the concrete tasks, resource allocations, budgeting, and milestones required
to achieve broader security goals.
Which is not a part of an electronic access control lock?
A. An electromagnet
B. A credential reader
C. A door sensor
D. A biometric scanner
d -An electronic access control (EAC) lock comprises three elements: an
electromagnet to keep the door closed, a credential reader to authenticate subjects
,and to disable the electromagnet, and a door-closed sensor to reenable the
electromagnet.
Which one of the following items is a characteristic of hot sites but not a
characteristic of warm sites?
a.Communications circuits
B. Workstations
C. Servers
D. Current data
d- current data
Which one of the following Data Encryption Standard (DES) operating modes can
be used for large messages with the assurance that an error early in the
encryption/decryption process won't spoil results throughout the communication?
A. Cipher Block Chaining (CBC)
B. Electronic Code Book (ECB)
C. Cipher Feedback (CFB)
D. Output feedback (OFB)
d -Output feedback (OFB) mode prevents early errors from interfering with future
encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will
carry errors throughout the entire encryption/decryption process. Electronic Code
Book (ECB) operation is not suitable for large amounts of data.
Which one of the following items is not a critical piece of information in the chain
of evidence?
, A. General description of the evidence
B. Name of the person collecting the evidence
C. Relationship of the evidence to the crime
D. Time and date the evidence was collected
c -The chain of evidence does not require that the evidence collector know or
document the relationship of the evidence to the crime.
Which firewall type looks exclusively at the message header to determine whether
to transmit or drop data?
A. Static packet filtering
B. Application-level gateway
C. Stateful inspection
D. Dynamic packet filtering
a -A static packet-filtering firewall filters traffic by examining data from a message
header.
What type of information is used to form the basis of an expert system's decision-
making process?
A. A series of weighted layered computations
B. Combined input from a number of human experts, weighted according to past
performance
C. A series of "if/then" rules codified in a knowledge base
D. A biological decision-making process that simulates the reasoning process used
by the human mind
c -Expert systems use a knowledge base consisting of a series of "if/then"
statements to form decisions based on the previous experience of human experts.
QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS 100%
CORRECT RATED A+
Question 1: Which of the following strategies serves as the most effective defense
mechanism for preventing cross-site scripting (XSS) vulnerabilities within web
applications?
A. Restricting user account privileges
B. Enforcing strong user authentication
C. Implementing strict input validation and encoding
D. Applying robust data encryption
Answer: ✔✔ C. Implementing strict input validation and encoding
Explanation: Input validation protects applications against cross-site scripting
(XSS) by ensuring that user-supplied data conforms to a strict, predefined format.
This sanitization process effectively blocks malicious actors from injecting
executable scripts, such as the HTML <SCRIPT> tag, into input fields.
Question 2: Which distinct phase of the Electronic Discovery Reference Model
(EDRM) is responsible for converting collected digital evidence into a
standardized, usable format intended for external sharing or delivery to opposing
counsel?
A. Production
B. Processing
C. Review
D. Presentation
Answer: ✔✔ A. Production
,Explanation: The Production stage of the EDRM focuses specifically on preparing
and formatting the retained information so that it can be securely and legally shared
with other authorized parties involved in the legal matter.
Question 3: What specific tier of organizational security planning focuses on mid-
term horizons—typically around one year—and encompasses activities like
scheduling project milestones, assigning personnel duties, mapping out hiring
needs, and defining maintenance or acquisition schedules?
A. Strategic planning
B. Operational planning
C. Tactical planning
D. Administrative planning
Answer: ✔✔ C. Tactical planning
Explanation: Tactical planning bridges the gap between high-level strategy and
daily operations. It operates on a intermediate timeframe (roughly one year) to
outline the concrete tasks, resource allocations, budgeting, and milestones required
to achieve broader security goals.
Which is not a part of an electronic access control lock?
A. An electromagnet
B. A credential reader
C. A door sensor
D. A biometric scanner
d -An electronic access control (EAC) lock comprises three elements: an
electromagnet to keep the door closed, a credential reader to authenticate subjects
,and to disable the electromagnet, and a door-closed sensor to reenable the
electromagnet.
Which one of the following items is a characteristic of hot sites but not a
characteristic of warm sites?
a.Communications circuits
B. Workstations
C. Servers
D. Current data
d- current data
Which one of the following Data Encryption Standard (DES) operating modes can
be used for large messages with the assurance that an error early in the
encryption/decryption process won't spoil results throughout the communication?
A. Cipher Block Chaining (CBC)
B. Electronic Code Book (ECB)
C. Cipher Feedback (CFB)
D. Output feedback (OFB)
d -Output feedback (OFB) mode prevents early errors from interfering with future
encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will
carry errors throughout the entire encryption/decryption process. Electronic Code
Book (ECB) operation is not suitable for large amounts of data.
Which one of the following items is not a critical piece of information in the chain
of evidence?
, A. General description of the evidence
B. Name of the person collecting the evidence
C. Relationship of the evidence to the crime
D. Time and date the evidence was collected
c -The chain of evidence does not require that the evidence collector know or
document the relationship of the evidence to the crime.
Which firewall type looks exclusively at the message header to determine whether
to transmit or drop data?
A. Static packet filtering
B. Application-level gateway
C. Stateful inspection
D. Dynamic packet filtering
a -A static packet-filtering firewall filters traffic by examining data from a message
header.
What type of information is used to form the basis of an expert system's decision-
making process?
A. A series of weighted layered computations
B. Combined input from a number of human experts, weighted according to past
performance
C. A series of "if/then" rules codified in a knowledge base
D. A biological decision-making process that simulates the reasoning process used
by the human mind
c -Expert systems use a knowledge base consisting of a series of "if/then"
statements to form decisions based on the previous experience of human experts.
