Back to Certified Information Systems Security Professional CISSP

ISC2 exam questions

Certified Information Systems Security Professional CISSP practice test

Practise RAM questions covering identification, installation, speeds, dual-channel, and troubleshooting for the CISSP exam.

529
practice questions
8
topics covered
CISSP
exam code
ISC2
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 529 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 529 CISSP questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

8 pages · 75 questions per page · 529 total

Related practice questions

Study CISSP by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

Certified Information Systems Security Professional CISSP practice questions

Start practice test

A company recently suffered a data breach where an attacker was able to intercept network traffic and read sensitive data. Which network security control should be implemented to prevent this type of attack?

Which TWO options are valid methods for providing confidentiality in network communications? (Choose two.)

Question 3easymulti select
Open the full VLAN trunking answer →

A network administrator is configuring switches to prevent VLAN hopping attacks. Which TWO of the following measures should be implemented?

Which THREE of the following are common indicators of a privilege escalation attack? (Choose three.)

Question 5mediummultiple choice
Read the full Asset Security explanation →

A company uses a cloud storage service. Which asset security control is most important to prevent unauthorized access to data?

Question 6hardmultiple choice
Read the full NAT/PAT explanation →

A multinational corporation is designing a data retention schedule. Which factor is most critical when determining retention periods for personal data subject to the GDPR?

Question 7hardmultiple choice
Study the full ACL explanation →

Refer to the exhibit. An organization uses this ACL on the external interface of a border router to control access to internal services. A security analyst discovered that an attacker from the Internet was able to SSH into the internal server at 192.168.1.100. Which of the following is the MOST likely reason for this security gap?

Exhibit

Access control list (ACL) extract from a Cisco router:
!
access-list 100 permit tcp 10.0.0.0 0.255.255.255 any eq 443
access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 192.168.1.100 eq 22
access-list 100 deny tcp any host 10.0.0.1 eq 80
access-list 100 permit ip any any
!
interface GigabitEthernet0/0
 ip access-group 100 in
!

Refer to the exhibit. An IAM policy is attached to a user. What is the effective permission when the user attempts to read the object 'confidential/report.pdf'?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::examplebucket/*"
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::examplebucket/confidential/*"
    }
  ]
}

Which TWO of the following are considered the primary access control models in the context of the CISSP? (Select two.)

A security analyst is reviewing an organization's password policy. Which THREE of the following are considered best practices for password security according to current NIST guidelines? (Select three.)

A network engineer is configuring 802.1X authentication for wired network access. The authentication server supports EAP-TLS. What must be deployed to clients to support this authentication method?

Which TWO of the following are common causes of network performance degradation that can be detected by network monitoring tools?

Question 13mediummulti select
Open the full VLAN trunking answer →

Which TWO are common techniques to defend against VLAN hopping attacks? (Choose two.)

Question 14mediummultiple choice
Read the full VPN explanation →

An organization is implementing IPsec VPN tunnels between multiple branch offices and the main office. The security team notices that the VPN tunnels are established successfully but no traffic passes through. Which of the following is the most likely cause?

Question 15easymultiple choice
Open the full VLAN trunking answer →

Refer to the exhibit. A security team is reviewing switch configurations and notices that the native VLAN is set to VLAN 10. An attacker on an access port in VLAN 10 sends a frame with a VLAN tag of VLAN 20 inside another frame. Which type of attack does this configuration make possible?

Exhibit

interface GigabitEthernet0/1
 switchport mode trunk
 switchport trunk native vlan 10
 switchport trunk allowed vlan 1-100,110-200
Question 16hardmultiple choice
Read the full VPN explanation →

A security engineer is troubleshooting a site-to-site IPsec VPN between two firewalls. The tunnel status shows Phase 1 is up but Phase 2 is not. Which of the following is the most likely cause?

A switch port is configured with port security that allows only one MAC address. The help desk reports that a user's device cannot connect after a laptop is replaced. What should the network administrator do to resolve the issue?

A company has multiple offices connected via a WAN. They want to ensure that all traffic between offices is encrypted and authenticated. Which technology is most appropriate?

In a software-defined network (SDN) architecture, the control plane is separated from the data plane. A network administrator is troubleshooting packet forwarding delays. Which plane is directly responsible for forwarding packets?

A security engineer notices that the IKE phase 1 lifetime is set to 3600 seconds. What is a potential security implication?

Exhibit

Refer to the exhibit. The following output is from a Cisco router:

crypto isakmp policy 10
 hash sha256
 authentication pre-share
 group 14
 lifetime 3600
Question 21hardmultiple choice
Open the full VLAN trunking answer →

A network administrator has configured private VLANs on a switch. The host in this port is part of PVLAN 100, and its associated secondary PVLAN is 200. What is the expected behavior for traffic from this host to other hosts in the same primary VLAN 100?

Exhibit

Refer to the exhibit. The following is a configuration snippet from a network device:

interface GigabitEthernet0/1
 switchport mode private-vlan host
 switchport private-vlan host-association 100 200
Question 22hardmulti select
Open the full BGP breakdown →

Which three BGP security mechanisms help protect against route hijacking? (Choose THREE.)

Refer to the exhibit. Which security model does this policy enforce?

Exhibit

The TSF shall enforce the Access Control SFP on all subjects and objects covered by the following rules:
(a) Subjects with a security level less than the object's security level are denied read access.
(b) Subjects with a security level greater than the object's security level are denied write access.

Refer to the exhibit. A security analyst finds these logs on a Linux server. What is the most likely cause of these events?

Exhibit

Feb 10 10:23:45 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Feb 10 10:23:48 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2
Feb 10 10:23:50 server sshd[1234]: Failed password for root from 192.168.1.100 port 22 ssh2

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these CISSP questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

RAM tests your ability to identify, install, and troubleshoot memory types, speeds, and configurations for PCs.

Identifying DDR3 vs DDR4 vs DDR5 physical and electrical differences

Matching RAM speed (MHz) to motherboard and CPU support

Calculating total memory capacity from module size and slots

Troubleshooting common RAM errors like beep codes and blue screens

These CISSP practice questions are part of Courseiva's free ISC2 certification practice question bank. Courseiva provides original exam-style CISSP questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.