Log in Start practising free
CISSP

Security Assessment, Testing & Operations

37 free practice questions with explanations

Practise all 37 questions free →

PassNova has 37 free CISSP practice questions on Security Assessment, Testing & Operations, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.

Sample questions

Security Assessment, Testing & Operations: example questions & answers

Here are 6 example questions from this topic. Practise the full set of 37 free in the browser.

  1. Which type of penetration test provides the tester with complete knowledge of the target environment, including source code, network diagrams, and architecture documentation?

    • A Gray-box testing
    • B White-box testing
    • C Blind testing
    • D Black-box testing

    Answer: White-box testing gives the tester full knowledge of the environment, including source code and architecture, to enable thorough analysis.

  2. During a security assessment, a tool examines an application's source code without executing it to identify vulnerabilities such as buffer overflows. Which testing technique is this?

    • A Fuzz testing
    • B Penetration testing
    • C Dynamic Application Security Testing (DAST)
    • D Static Application Security Testing (SAST)

    Answer: Static Application Security Testing (SAST) analyzes source code or binaries without executing the program to find coding flaws.

  3. Which phase of the incident response process focuses on limiting the scope and impact of an incident to prevent further damage before the threat is removed?

    • A Eradication
    • B Recovery
    • C Detection
    • D Containment

    Answer: Containment limits the spread and impact of an incident, isolating affected systems before eradication removes the root cause.

  4. In digital forensics, which principle requires documenting every person who handled evidence, along with the time and purpose, to ensure the evidence is admissible in court?

    • A Locard's exchange principle
    • B Chain of custody
    • C Order of volatility
    • D Due diligence

    Answer: Chain of custody documents the handling of evidence from collection to presentation, preserving its integrity and admissibility in court.

  5. When collecting digital evidence, the order of volatility dictates that an investigator should capture which data source FIRST?

    • A Contents of system RAM and CPU registers
    • B Data on optical media
    • C Data on a hard disk drive
    • D Archived backup tapes

    Answer: The order of volatility prioritizes the most ephemeral data first; CPU registers and RAM are lost on power-off, so they are collected before disk-based data.

  6. An organization implements RAID 1 for a critical database server. Which primary benefit does this configuration provide?

    • A Increased write performance through striping with parity
    • B Fault tolerance through complete disk mirroring
    • C Maximized usable storage capacity
    • D Data compression to reduce storage costs

    Answer: RAID 1 mirrors data across two disks, so if one fails the other retains a complete copy, providing fault tolerance and high availability.

Start practising Security Assessment, Testing & Operations →
More CISSP topics

Practise another topic

Asset Security & Security Architecture47 questions Security & Risk Management36 questions Communication & Network Security32 questions Identity & Access Management32 questions Software Development Security16 questions
← Back to CISSP