Certified Information Systems Security Professional CISSP (CISSP) — Questions 526529

529 questions total · 8pages · All types, answers revealed

Page 7

Page 8 of 8

526
MCQhard

A DevSecOps team wants to integrate security into the CI/CD pipeline without slowing down development. Which approach best achieves this?

A.Perform comprehensive security tests only on major releases
B.Conduct a security review after each release and fix issues retrospectively
C.Require manual security sign-off before each production deployment
D.Implement automated security scanning with gating (pass/fail) in the pipeline
AnswerD

Automation provides fast, consistent security checks.

Why this answer

Option D is correct because automated security gates with pass/fail criteria provide fast feedback without manual delays. Option A is wrong because manual reviews are slow. Option B is wrong because skipping testing increases risk.

Option C is wrong because after-the-fact reviews do not prevent flawed releases.

527
Multi-Selectmedium

An organization is conducting a Business Impact Analysis (BIA) as part of its business continuity planning. Which THREE of the following are essential components of a BIA? (Choose three.)

Select 3 answers
A.Criticality prioritization
B.Recovery Time Objective (RTO)
C.Mean Time Between Failures (MTBF)
D.Single point of failure identification
E.Maximum Tolerable Downtime (MTD)
AnswersA, B, E

Ranking processes by criticality is fundamental to BIA to focus resources.

Why this answer

The correct options are A, B, and D. Recovery Time Objective (RTO) defines the target time to resume operations; Maximum Tolerable Downtime (MTD) defines the total allowable downtime; Criticality prioritization ranks processes by importance. Option C (Mean Time Between Failures) is a reliability metric not used in BIA.

Option E (Single point of failure identification) is part of vulnerability assessment, not a direct component of BIA.

528
Matchingmedium

Match each security assessment type to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Automated check for known vulnerabilities

Simulated attack to exploit vulnerabilities

Systematic evaluation of compliance with policies

Identification and analysis of risks

Why these pairings

Assessments help identify and mitigate security weaknesses.

529
MCQmedium

An organization's security policy requires that privileged accounts have their passwords changed every 30 days and be monitored. Which solution effectively manages these requirements?

A.Role-based access control
B.Enterprise password manager
C.Privileged Access Management (PAM) solution
D.Single sign-on for administrators
AnswerC

PAM provides password rotation, vaulting, session monitoring, and audit trails.

Why this answer

A Privileged Access Management (PAM) solution is specifically designed to manage privileged accounts, enforce password rotation policies (e.g., every 30 days), and provide detailed monitoring and auditing of privileged sessions. It automates password changes, vaults credentials, and logs all access, directly meeting the policy requirements for privileged accounts.

Exam trap

The trap here is that candidates confuse a general password manager (Option B) with a PAM solution, overlooking that PAM adds session monitoring, auditing, and just-in-time access for privileged accounts, which are critical for compliance.

How to eliminate wrong answers

Option A is wrong because Role-Based Access Control (RBAC) manages access rights based on roles, not password lifecycle or monitoring of privileged accounts. Option B is wrong because an enterprise password manager typically stores and rotates passwords for general users, but lacks the session monitoring, auditing, and just-in-time access controls required for privileged accounts. Option D is wrong because Single Sign-On (SSO) for administrators simplifies authentication but does not enforce password rotation or provide the granular monitoring and vaulting needed for privileged accounts.

Page 7

Page 8 of 8

All pages