cissp practice questions Intermediate Practice Exam: Medium Difficulty 2025

A multinational organization is considering outsourcing its Security Operations Center (SOC) to a managed security service provider (MSSP). The CISO wants to reduce operational costs while ensuring that risk remains within the organization’s tolerance. What should be done FIRST to make a risk-informed decision?

A healthcare provider is moving a database containing regulated personal data to a cloud platform. The security architect must ensure that data remains protected even if cloud administrators gain access to storage systems. Which approach BEST addresses this requirement while supporting normal application access?

A company is classifying its data and defining handling requirements. The business wants to prevent accidental email exfiltration of sensitive customer information while enabling employees to collaborate. Which control set BEST supports this objective?

A manufacturing firm is deploying a new internal web application. Management requires strong protection against stolen passwords and phishing. The solution should integrate with single sign-on (SSO) and minimize changes to the application. Which is the BEST approach?

A global enterprise is designing network segmentation to reduce lateral movement after a workstation compromise. The environment includes user VLANs, a server farm, and a set of critical databases. Which design BEST aligns with a defense-in-depth strategy?

An organization is migrating to a cloud service and wants to ensure that only authorized services can communicate with a sensitive API. The team wants strong authentication between services and protection against man-in-the-middle attacks. What is the BEST solution?

During a security review, an auditor notes that the organization frequently grants emergency administrator access to fix production incidents, but tracking is inconsistent. Which approach BEST balances rapid response needs with accountability?

A security team wants to validate that a new firewall rule set does not introduce unauthorized access paths between internal zones. The team needs repeatable evidence for audit purposes. What is the MOST appropriate approach?

An incident responder suspects data exfiltration from a critical server. The server must remain online to support operations, but the team needs forensically useful evidence and must avoid contaminating it. What is the BEST next step?

A development team is building a web application that includes a feature to export reports. A security review finds the export endpoint constructs file paths using user input. Which control is MOST effective at preventing related vulnerabilities while fitting into the software development lifecycle?