Study guide · CISSP

CISSP Study Guide

Study for the CISSP with exam topics, practice questions, a free PDF, video walkthrough and timed mock exam links.

Free sample · CISSPQ1
Which of the following access control models requires security clearance for subjects?
Correct — D. Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object.
↑ Tap an answer to check it
Study plan

How to study for CISSP

  1. Read the topic list so you know what the exam is likely to cover.
  2. Answer the free practice questions and read every explanation.
  3. Download the PDF for offline review.
  4. Use timed mock exams when your untimed practice feels comfortable.

Topics to review

  • The core topics and terminology you'll be tested on
  • Rules, standards and best-practice procedures
  • Real-world scenarios and how to respond
  • Common mistakes and how to avoid them
Sample questions

Try CISSP questions now

  1. Q1Which of the following access control models requires security clearance for subjects?

    Show answer

    ✓ Correct answer: Mandatory access control

    Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object.

    Open the full explanation page →

  2. Q2In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because:

    Show answer

    ✓ Correct answer: the access controls are based on the individual's role or title within the organization.

    With Non-Discretionary Access Control, a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individual’s role in the organization (role-based access control) or the subject’s responsibilities and duties (taskbased access control). In an organization where there are frequent personnel changes, non-discretionary access control is useful because the access controls are based on the individual’s role or title within the organization. These access controls do not need to be changed whenever a new person takes over that role.

    Open the full explanation page →

  3. Q3Which item is not part of a Kerberos authentication implementation?

    Show answer

    ✓ Correct answer: Message authentication code

    Message authentication code (MAC) is a cryptographic function and is not a key component of Kerberos. Kerberos is made up of a KDC, a realm of principals (users, services, applications, and devices), an authentication service, tickets, and a ticket granting service.

    Open the full explanation page →

  4. Q4A central authority determines which files a user can access. <br/><br/>Which of the following best describes this?

    Show answer

    ✓ Correct answer: Nondiscretionary access control model

    A nondiscretionary access control model uses a central authority to determine which objects (such as files) that users (and other subjects) can access. In contrast, a discretionary access control model allows users to grant or reject access to any objects they own. An ACL is an example or rule‐based access control model. An access control matrix includes multiple objects, and it lists the subject’s access to each of the objects.

    Open the full explanation page →

  5. Q5The major disadvantage of many Single Sign-On (SSO) implementations is described in which of the following?

    Show answer

    ✓ Correct answer: Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to.

    Single Sign-On is a distributed Access Control methodology in which a user only has to authenticate once to have access to all major and secondary network domains. <br/><br/>When the individual needs extra resources, they would not be asked to re-authenticate. The security concern this raises is that if a fraudster is able to compromise those credentials, they will also have access to all the resources that the account has access to. Because they are distractors, all of the other responses are wrong.

    Open the full explanation page →

  6. Q6To computer security software, the three traditional methods of authenticating yourself are something you know, something you have, and something:

    Show answer

    ✓ Correct answer: you are.

    Three common factors that can be used for authentication:<br/><br/>- Something a person knows.<br/><br/>- Something a person has.<br/><br/>- Something a person is.

    Open the full explanation page →

Unlock everything

Full CISSP bank + unlimited mocks

Try 30 questions free. Unlock the complete CISSP question bank, every explanation, and unlimited timed mock exams. Practice on any device.

Unlock CISSP →
Cramming?
$2.99
/ week · per exam
Best value
$6.99
/ month · per exam