Welcome back, future CISSPs!
In this installment of our CarlsCloud™ Study Guide Series, we're taking a closer look at some key concepts through the lens of mock exam questions.
This two-part blog series will present five sample CISSP mock exam questions, allowing you to assess your current understanding. In this first part, we'll present the questions.
Let's tackle questions 6 through 10 and see how well you understand these important topics. Remember, the goal here isn't just to find the right answer, it's to understand why the answer is right.
Question 6
You recently performed a vulnerability assessment and found hundreds of vulnerabilities in your organization's infrastructure. It will take months to address all of these issues. What factors should you use to prioritize these vulnerabilities?
- A. Likelihood and probability
- B. Impact and exploitability
- C. Impact and CVSS score
- D. Likelihood and impact
Question 7
You recently completed a vulnerability assessment and identified a moderate level risk that will require a significant investment to remediate. You wish to take the cost of that remediation and compare it to a value from your business impact assessment (BIA) to determine if you should perform the remediation. Which value would provide the best comparison?
- A. ARO
- B. AV
- C. EF
- D. ALE
Question 8
Fred is helping his organization conduct a Business Impact Analysis (BIA). Which one of the following is typically NOT a goal of a BIA?
- A. To identify critical business processes
- B. To implement new security controls
- C. To identify threats to the organization's information assets
- D. To assess the likelihood and impact of risks
Question 9
You recently completed a risk assessment and determined that an unpatched vulnerability in a web server operated by your organization poses an unacceptable level of risk to your organization. You would like to mitigate this risk. Which one of the following would be the BEST example of a risk mitigation strategy?
- A. Shutting down the web server
- B. Patching the web server
- C. Purchasing cybersecurity insurance
- D. Continuing to operate the web server in an unpatched state
Question 10
You are attempting to secure a wired network belonging to your organization. You would like to deploy technology that limits network access to authorized users. Which one of the following technologies would best meet that need?
- A. WiFi Protected Access v2 (WPA2)
- B. WiFi Protected Access v3 (WPA3)
- C. IEEE 802.1x
- D. MAC filtering
Key Takeaways
- These questions focus on risk management, vulnerability assessments, and network security.
- Understanding the goals of a Business Impact Analysis (BIA) is crucial.
- Knowing the difference between risk mitigation strategies is essential.
- Being able to identify appropriate network security technologies is also important.
Study Tips
- Review the risk management lifecycle and associated terminology.
- Study common network security protocols and their applications.
- Focus on the practical application of concepts.
That's it for this installment. I encourage you to really dig into each question, understand the concepts, and challenge yourself.
In the next post we will dive into the answers and explanations for questions 6-10.
Stay tuned for 5 more additional CISSP mock exam like questions in the CarlsCloud™ Study Guide Series for questions 11-15!
Good luck and happy studying!
Did you enjoy CarlsCloud™ today? If so, buy me a coffee or just shoot me a note via LinkedIn to say thanks it would mean a lot!