ISC2 Certified Information Systems Security Professional Exam

Certification Provider: ISC2

Exam Name: Certified Information Systems Security Professional

Duration: 360 Minutes

Number of questions in our database: 1487

Exam Version: Nov. 24, 2022

Exam Official Topics:

Topic 1: Security and Risk Management/ Asset Security
Topic 2: Security Architecture and / Security Operations
Topic 3: Communication and Network Security
Topic 4: Identity and Access Management (IAM)
Topic 5: Security Assessment and Testing
Topic 6: Software Development Security

Free ISC2 Certified Information Systems Security Professional Exam Actual Questions

The questions for Certified Information Systems Security Professional were last updated On Nov. 24, 2022

Question #1

What are the first two components of logical access control?

AConfidentiality and authentication

BAuthentication and identification

CIdentification and confidentiality

DAuthentication and availability

Reveal Solution

Correct Answer: B

Question #2

What is the MAIN purpose of a security assessment plan?

AProvide guidance on security requirements, to ensure the identified security risks are properly addressed based on the recommendation

BProvide the objectives for the security and privacy control assessments and a detailed roadmap of how to conduct such assessments.

CProvide technical information to executives to help them understand information security postures and secure funding.

DProvide education to employees on security and privacy, to ensure their awareness on policies and procedures

Reveal Solution

Correct Answer: B

Question #3

What is the MAIN purpose of conducting a business impact analysis (BIA)?

ATo determine the critical resources required to recover from an incident within a specified time period

BTo determine the effect of mission-critical information system failures on core business processes

CTo determine the cost for restoration of damaged information system

DTo determine the controls required to return to business critical operations

Reveal Solution

Correct Answer: B

Question #4

Which of the following is the FIRST requirement a data owner should consider before implementing a data retention policy?

ATraining

BLegal

CBusiness

DStorage

Reveal Solution

Correct Answer: B

Question #5

Information Security Continuous Monitoring (1SCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management

decisions. Which of the following is the FIRST step in developing an ISCM strategy and implementing an ISCM program?

ADefine a strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, and mission/business impacts.

BConduct a vulnerability assessment to discover current threats against the environment and incorporate them into the program.

CRespond to findings with technical management, and operational mitigating activities or acceptance, transference/sharing, or avoidance/rejection.

DAnalyze the data collected and report findings, determining the appropriate response. It may be necessary to collect additional information to clarify or supplement existing monitoring data.

Reveal Solution

Correct Answer: A

Unlock all Certified Information Systems Security Professional Exam Questions with Advanced Practice Test Features:

Select Question Types you want
Set your Desired Pass Percentage
Allocate Time (Hours : Minutes)
Create Multiple Practice tests with Limited Questions
Customer Support

Get Full Access Now

Disscuss ISC2 Certified Information Systems Security Professional Topics, Questions or Ask Anything Related

Submit Cancel