CarlsCloud™ CISSP Exam Prep

CarlsCloud™ Study Guide Series: CISSP Mock Exam Deep Dive - Questions 11-15

This two-part blog series for questions 11-15 will present five CISSP mock exam questions, allowing you to assess your current understanding.

a day ago   •   2 min read

By Carl Ballenger, CISSP
Table of contents

Welcome back, future CISSPs!

In this installment of our CarlsCloud™ Study Guide Series, we're taking a closer look at some key concepts through the lens of mock exam questions.

This two-part blog series for questions 11-15 will present five CISSP mock exam questions followed by an answers and explanation follow-up post allowing you to assess your current understanding.

Question 11: Capability Maturity Model (CMM)

Carl is reviewing an organization's security program using the CMM. He finds that the program operates according to a formal, documented process, but does NOT use quantitative measures to understand that process.

What level of the CMM should he assess this organization at?

  • A. Defined
  • B. Repeatable
  • C. Managed
  • D. Optimizing

Question 12: Secure Storage of Encryption Keys

  • Which one of the following components is found in many modern end-user devices and allows the secure storage of encryption keys?
  • A. HSM
  • B. CPU
  • C. TPM
  • D. GPU

Question 13: Data Ownership Responsibilities

  • You have recently been assigned data ownership responsibility for a subset of your organization's information. Which one of the following responsibilities is LEAST likely to be associated with this role?
  • A. Decide who has access to the information
  • B. Configure security controls to protect the information
  • C. Establish rules for appropriate use of the information
  • D. Provide input into security requirements for the information

Question 14: Network Isolation and Remediation

  • A user connected a device to your network and, when they open their web browser, are redirected to a website advising them that they have been placed on an isolation network because their system does not meet the organization's security requirements. They are unable to access any network resources until they remediate their device to comply with the organization's security policy. What type of security solution is in use on this network?
  • A. Intrusion Prevention System (IPS)
  • B. Configuration Management (CM) platform
  • C. Network Access Control (NAC)
  • D. Endpoint Detection and Response (EDR) platform

Question 15: Digital Forensics and Evidence Handling

You have been asked to assist in the investigation of a security incident that took place in your organization. You are handed a laptop computer that is powered off and asked to analyze the data contained on its hard drive. What action should you take FIRST?

  • A. Remove the hard drive from the device
  • B. Power on the laptop
  • C. Connect to the hard drive with a forensic software package
  • D. Connect a write blocker to the device

In the next post we will dive into the answers and explanations for questions 11-15.

Stay tuned for 5 more additional CISSP mock exam like questions in the CarlsCloud™ Study Guide Series for questions 16-20!

Did you enjoy CarlsCloud™ today and did I help you at all?

If so, buy me a coffee or just shoot me a note via LinkedIn to say thanks it would mean a lot!

Spread the word

Keep reading