Which of the following is the GREATEST benefit of implementing a Role Based Access Control (RBAC) system?

A considerably simpler provisioning process

Integration using Lightweight Directory Access Protocol (LDAP)

Form-based user registration process

Integration with the organizations Human Resources (HR) system

A considerably simpler provisioning process

Which Identity and Access Management (IAM) process can be used to maintain the principle of least privilege?

multi-factor authentication (MFA)

What is the expected outcome of security awareness in support of a security awareness program?

Awareness is training. The purpose of awareness presentations is to broaden attention of security.

Awareness activities should be used to focus on security concerns and respond to those concerns accordingly

Awareness is not an activity or part of the training but rather a state of persistence to support the program

Awareness is training. The purpose of awareness presentations is to broaden attention of security.

Awareness is not training. The purpose of awareness presentation is simply to focus attention on security.

Why is planning in Disaster Recovery (DR) an interactive process?

It defines the objectives of the plan

It details off-site storage plans

It identifies omissions in the plan

It defines the objectives of the plan

It forms part of the awareness process

Mandatory Access Controls (MAC) are based on:

security classification and security clearance

data segmentation and data classification

data labels and user access permissions

The organization would like to deploy an authorization mechanism for an Information Technology (IT) infrastructure project with high employee turnover.Which access control mechanism would be preferred?

Role-Based Access Control (RBAC)

Attribute Based Access Control (ABAC)

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

Which security access policy contains fixed security attributes that are used by the system to determine a user's access to a file or object?

Discretionary Access Control (DAC)

Which of the following is a common characteristic of privacy?

Process for the subject to inspect and correct personal data on-site

Provision for maintaining an audit trail of access to the private data

Notice to the subject of the existence of a database containing relevant credit card data

Process for the subject to inspect and correct personal data on-site

Database requirements for integration of privacy data

At a MINIMUM, audits of permissions to individual or group accounts should be scheduled

to correspond with staff promotions

to correspond with terminations

Which of the following is part of a Trusted Platform Module (TPM)?

A non-volatile tamper-resistant storage for storing both data and signing keys in a secure fashion

A protected Pre-Basic Input/Output System (BIOS) which specifies a method or a metric for "measuring" the state of a computing platform

A secure processor targeted at managing digital keys and accelerating digital signing

A platform-independent software interface for accessing computer functions

In a change-controlled environment, which of the following is MOST likely to lead to unauthorized changes to production programs?

Modifying source code without approval

Promoting programs to production without approval

Developers checking out source code without approval

Developers using Rapid Application Development (RAD) methodologies without approval

Which of the following combinations would MOST negatively affect availability?

Denial of Service (DoS) attacks and outdated hardware

Unauthorized transactions and outdated hardware

Fire and accidental changes to data

Unauthorized transactions and denial of service attacks

Which of the following could be considered the MOST significant security challenge when adopting DevOps practices compared to a more traditional control framework?

Maintaining segregation of duties.

Achieving Service Level Agreements (SLA) on how quickly patches will be released when a security flaw is found.

Maintaining segregation of duties.

Standardized configurations for logging, alerting, and security metrics.

Availability of security teams at the end of design process to perform last-minute manual audits and reviews.

A security compliance manager of a large enterprise wants to reduce the time it takes to perform network, system, and application security compliance audits while increasing quality and effectiveness of the results.What should be implemented to BEST achieve the desired results?

Configuration Management Database (CMDB)

Configuration Management Plan (CMP)

System performance monitoring application

Which of the following is a characteristic of an internal audit?

Management is responsible for reading and acting upon the internal audit results

An internal audit is typically shorter in duration than an external audit.

The internal audit schedule is published to the organization well in advance.

The internal auditor reports to the Information Technology (IT) department

Management is responsible for reading and acting upon the internal audit results

Which of the following is a responsibility of a data steward?

Ensure alignment of the data governance effort to the organization.

Conduct data governance interviews with the organization.

Document data governance requirements.

Ensure that data decisions and impacts are communicated to the organization.

What is the MAIN goal of information security awareness and training?

To inform users of information assurance responsibilities

To inform users of the latest malware threats

To inform users of information assurance responsibilities

To comply with the organization information security policy

To prepare students for certification

Proven application security principles include which of the following?

Hardening the network perimeter

Accepting infrastructure security controls

When developing a business case for updating a security program, the security program owner MUST do which of the following?

Prepare performance test reports

Obtain resources for the security program

Which of the following is the BEST reason for writing an information security policy?

To support information security governance

To reduce the number of audit findings

To implement effective information security controls

What is the PRIMARY goal of fault tolerance?

Elimination of single point of failure

Containment to prevent propagation

Which of the BEST internationally recognized standard for evaluating security products and systems?

Payment Card Industry Data Security Standards (PCI-DSS)

Health Insurance Portability and Accountability Act (HIPAA)

Even though a particular digital watermark is difficult to detect, which of the following represents a way it might still be inadvertently removed?

Applying Access Control Lists (ACL) to the data

Appending non-watermarked data to watermarked data

Which of the following is BEST achieved through the use of eXtensible Access Markup Language (XACML)?

Minimize malicious attacks from third parties

Share digital identities in hybrid cloud

An organization has discovered that users are visiting unauthorized websites using anonymous proxies.Which of the following is the BEST way to prevent future occurrences?

Block the Internet Protocol (IP) address of known anonymous proxies

Remove the anonymity from the proxy

Analyze Internet Protocol (IP) traffic for proxy requests

Disable the proxy server on the firewall

Block the Internet Protocol (IP) address of known anonymous proxies

A post-implementation review has identified that the Voice Over Internet Protocol (VoIP) system was designed to have gratuitous Address Resolution Protocol (ARP) disabled.Why did the network architect likely design the VoIP system with gratuitous ARP disabled?

Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.

Gratuitous ARP requires the use of Virtual Local Area Network (VLAN) 1.

Gratuitous ARP requires the use of insecure layer 3 protocols.

Gratuitous ARP requires the likelihood of a successful brute-force attack on the phone.

Gratuitous ARP requires the risk of a Man-in-the-Middle (MITM) attack.

Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP).Which of the following represents a valid measure to help protect the network against unauthorized access?

Implement port based security through 802.1x

Implement DHCP to assign IP address to server systems

Transport Layer Security (TLS) provides which of the following capabilities for a remote access server?

Transport layer handshake compression

A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.Which of the following is the GREATEST impact on security for the network?

The ICS is now accessible from the office network

The network administrators have no knowledge of ICS

The ICS is now accessible from the office network

The ICS does not support the office password policy

RS422 is more reliable than Ethernet

What does a Synchronous (SYN) flood attack do?

Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections

Forces Transmission Control Protocol /Internet Protocol (TCP/IP) connections into a reset state

Establishes many new Transmission Control Protocol / Internet Protocol (TCP/IP) connections

Empties the queue of pending Transmission Control Protocol /Internet Protocol (TCP/IP) requests

Exceeds the limits for new Transmission Control Protocol /Internet Protocol (TCP/IP) connections

A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)

Point-to-Point Protocol (PPP) and Internet Control Message Protocol (ICMP)

Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)

Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP)

Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

In a High Availability (HA) environment, what is the PRIMARY goal of working with a virtual router address as the gateway to a network?

The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly.

The second of two routers can periodically check in to make sure that the first router is operational.

The second of two routers can better absorb a Denial of Service (DoS) attack knowing the first router is present.

The first of two routers fails and is reinstalled, while the second handles the traffic flawlessly.

The first of two routers can better handle specific traffic, while the second handles the rest of the traffic seamlessly.

ISC CISSP Practice Test 14 - Free Online Exam Prep & Questions

Question 1 / 40

A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device.

Which of the following is MOST effective to mitigate future infections?

Develop a written organizational policy prohibiting unauthorized USB devices

Train users on the dangers of transferring data in USB devices

Implement centralized technical control of USB port connections

Encrypt removable USB devices containing data at rest

Comment (0)

ISC CISSP Practice Test 14

Question

ISC CISSP Practice Tests

Practice Tests