Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection?

Temporal Key Integrity Protocol (TKIP)

A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance?

Enterprise asset management framework

Asset baseline using commercial off the shelf software

Asset ownership database using domain login records

A script to report active user logins on assets

As a best practice, the Security Assessment Report (SAR) should include which of the following sections?

Software and hardware inventory

The application of a security patch to a product previously validate at Common Criteria (CC) Evaluation Assurance Level (EAL) 4 would

require an update of the Protection Profile (PP).

Which of the following is a remote access protocol that uses a static authentication?

Password Authentication Protocol (PAP)

Point-to-Point Tunneling Protocol (PPTP)

Routing Information Protocol (RIP)

Password Authentication Protocol (PAP)

Challenge Handshake Authentication Protocol (CHAP)

Which of the following sets of controls should allow an investigation if an attack is not blocked by preventive controls or detected by monitoring?

Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system

Logging and audit trail controls to enable forensic analysis

Security incident response lessons learned procedures

Security event alert triage done by analysts using a Security Information and Event Management (SIEM) system

Transactional controls focused on fraud prevention

Determining outage costs caused by a disaster can BEST be measured by the

overall long-term impact of the outage.

cost of redundant systems and backups.

cost to recover from an outage.

overall long-term impact of the outage.

revenue lost during the outage.

Which of the following is considered a secure coding practice?

Use checksums to verify the integrity of libraries

Use concurrent access for shared variables and resources

Use checksums to verify the integrity of libraries

Use dynamic execution functions to pass user supplied data

As part of the security assessment plan, the security professional has been asked to use a negative testing strategy on a new website. Which of the following actions would be performed?

Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.

Use a web scanner to scan for vulnerabilities within the website.

Perform a code review to ensure that the database references are properly addressed.

Establish a secure connection to the web server to validate that only the approved ports are open.

Enter only numbers in the web form and verify that the website prompts the user to enter a valid input.

Who has the PRIMARY responsibility to ensure that security objectives are aligned with organization goals?

Information security department

Which of the following is the MOST effective practice in managing user accounts when an employee is terminated?

Delete employee network and system IDs upon termination.

Implement processes for automated removal of access for terminated employees.

Delete employee network and system IDs upon termination.

Manually remove terminated employee user-access to all systems and applications.

Disable terminated employee network ID to remove all access.

Which of the following is the MOST important part of an awareness and training plan to prepare employees for emergency situations?

Designing business continuity and disaster recovery training programs for different audiences

Having emergency contacts established for the general employee population to get information

Conducting business continuity and disaster recovery training for those who have a direct role in the recovery

Designing business continuity and disaster recovery training programs for different audiences

Publishing a corporate business continuity and disaster recovery plan on the corporate website

The security accreditation task of the System Development Life Cycle (SDLC) process is completed at the end of which phase?

System operations and maintenance

System acquisition and development

System operations and maintenance

Which of the following is the BEST reason for the use of security metrics?

They provide an appropriate framework for Information Technology (IT) governance.

They ensure that the organization meets its security objectives.

They provide an appropriate framework for Information Technology (IT) governance.

They speed up the process of quantitative risk assessment.

They quantify the effectiveness of security processes.

Which of the following is a benefit in implementing an enterprise Identity and Access Management (IAM) solution?

Password requirements are simplified.

Risk associated with orphan accounts is reduced.

Segregation of duties is automatically enforced.

Data confidentiality is increased.

A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?

Assign a compliancy officer to review the merger conditions

Define additional security controls directly after the merger

Include a procurement officer in the merger team

Verify all contracts before a merger occurs

Assign a compliancy officer to review the merger conditions

Which factors MUST be considered when classifying information and supporting assets for risk management, legal discovery, and compliance?

Data stewardship roles, data handling and storage standards, data lifecycle requirements

System owner roles and responsibilities, data handling standards, storage and secure development lifecycle requirements

Data stewardship roles, data handling and storage standards, data lifecycle requirements

Compliance office roles and responsibilities, classified material handling standards, storage system lifecycle requirements

System authorization roles and responsibilities, cloud computing standards, lifecycle requirements

When network management is outsourced to third parties, which of the following is the MOST effective method of protecting critical data assets?

Log all activities associated with sensitive systems

Provide links to security policies

Confirm that confidentially agreements are signed

An organization recently conducted a review of the security of its network applications. One of the vulnerabilities found was that the session key used in encrypting sensitive information to a third party server had been hard-coded in the client and server applications. Which of the following would be MOST effective in mitigating this vulnerability?

Rivest-Shamir-Adleman (RSA) algorithm

Elliptic Curve Cryptography (ECC) algorithm

Digital Signature algorithm (DSA)

Rivest-Shamir-Adleman (RSA) algorithm

Which of the following methods of suppressing a fire is environmentally friendly and the MOST appropriate for a data center?

Inert gas fire suppression system

Halon gas fire suppression system

Unused space in a disk cluster is important in media analysis because it may contain which of the following?

Residual data that has not been overwritten

Hidden viruses and Trojan horses

Information about the File Allocation table (FAT)

Information about patches and upgrades to the system

A company seizes a mobile device suspected of being used in committing fraud. What would be the BEST method used by a forensic examiner to isolate the powered-on device from the network and preserve the evidence?

Put the device in airplane mode

Suspend the account with the telecommunication provider

Which of the following is MOST appropriate for protecting confidentially of data stored on a hard drive?

Advanced Encryption Standard (AES)

Triple Data Encryption Standard (3DES)

Advanced Encryption Standard (AES)

Which of the following is the MOST effective method to mitigate Cross-Site Scripting (XSS) attacks?

Use Software as a Service (SaaS)

ISC CISSP Practice Test 13 - Free Online Exam Prep & Questions

Which of the following countermeasures is the MOST effective in defending against a social engineering attack?

Mandating security policy acceptance

Changing individual behavior

Evaluating security awareness training

Filtering malicious e-mail content

Comment (0)

ISC CISSP Practice Test 13

Question

ISC CISSP Practice Tests

Practice Tests