The MAIN use of Layer 2 Tunneling Protocol (L2TP) is to tunnel data

in the Point-to-Point Protocol (PPP)

through a firewall at the Session layer

through a firewall at the Transport layer

in the Point-to-Point Protocol (PPP)

in the Payload Compression Protocol (PCP)

What protocol is often used between gateway hosts on the Internet?

Exterior Gateway Protocol (EGP)

Open Shortest Path First (OSPF)

Internet Control Message Protocol (ICMP)

"Stateful" differs from "Static" packet filtering firewalls by being aware of which of the following?

Difference between a new and an established connection

Difference between a malicious and a benign packet payload

Originating application session

What can happen when an Intrusion Detection System (IDS) is installed inside a firewall-protected internal network?

The IDS can detect failed administrator logon attempts from servers.

The IDS can increase the number of packets to analyze.

The firewall can increase the number of packets to analyze.

The firewall can detect failed administrator login attempts from servers

A security practitioner is tasked with securing the organization's Wireless Access Points (WAP).Which of these is the MOST effective way of restricting this environment to authorized users?

Create Access Control Lists (ACL) based on Media Access Control (MAC) addresses

Enable Wi-Fi Protected Access 2 (WPA2) encryption on the wireless access point

Disable the broadcast of the Service Set Identifier (SSID) name

Change the name of the Service Set Identifier (SSID) to a random value not associated with the organization

Create Access Control Lists (ACL) based on Media Access Control (MAC) addresses

Which of the following would an attacker BEST be able to accomplish through the use of Remote Access Tools (RAT)?

Reduce the probability of identification

Detect further compromise of the target

Destabilize the operation of the host

Digital certificates used in Transport Layer Security (TLS) support which of the following?

Server identity and data confidentially

Non-repudiation controls and data encryption

Multi-Factor Authentication (MFA)

Server identity and data confidentially

During examination of Internet history records, the following string occurs within a Unique Resource Locator (URL): http://www.companysite.com/products/products.asp?productid=123 or 1=1 What type of attack does this indicate?

Structured Query Language (SQL) injection

The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.Which elements are required?

Users, roles, operations, and protected objects

Users, permissions, operations, and protected objects

Roles, accounts, permissions, and protected objects

Users, roles, operations, and protected objects

Roles, operations, accounts, and protected objects

Which of the following is the BEST metric to obtain when gaining support for an Identify and Access Management (IAM) solution?

Help desk costs required to support password reset requests

Application connection successes resulting in data leakage

Administrative costs for restoring systems after connection failure

Employee system timeouts from implementing wrong limits

Help desk costs required to support password reset requests

In an organization where Network Access Control (NAC) has been deployed, a device trying to connect to the network is being placed into an isolated domain. What could be done on this device in order to obtain proper connectivity?

Apply remediation's according to security requirements

Connect the device to another network jack

Apply remediation's according to security requirements

Apply Operating System (OS) patches

Change the Message Authentication Code (MAC) address of the network interface

Which of the following MUST be scalable to address security concerns raised by the integration of third-party identity services?

Mandatory Access Controls (MAC)

Enterprise security architecture

Role Based Access Controls (RBAC)

Which of the following is a common feature of an Identity as a Service (IDaaS) solution?

Single Sign-On (SSO) authentication support

Privileged user authentication support

Terminal Access Controller Access Control System (TACACS) authentication support

An organization's security policy delegates to the data owner the ability to assign which user roles have access to a particular resource. What type of authorization mechanism is being used?

Discretionary Access Control (DAC)

Role Based Access Control (RBAC)

What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?

To validate backup sites' effectiveness

To ensure Information Technology (IT) staff knows and performs roles assigned to each of them

To validate backup sites' effectiveness

To find out what does not work and fix it

To create a high level DRP awareness among Information Technology (IT) staff

Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?

Standardized configurations for devices

Standardized patch testing equipment

Management support for patching

An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?

Process it in the US, but store the information in France

Aggregate it into one database in the US

Process it in the US, but store the information in France

Anonymize it and process it in the US

As part of an application penetration testing process, session hijacking can BEST be achieved by which of the following?

Structured Query Language (SQL) injection

What are the steps of a risk assessment?

identification, analysis, evaluation

analysis, evaluation, mitigation

classification, identification, risk management

identification, evaluation, mitigation

After following the processes defined within the change management plan, a super user has upgraded a device within an Information system.What step would be taken to ensure that the upgrade did NOT affect the network security posture?

Conduct a security impact analysis

Conduct an Assessment and Authorization (A&A)

Conduct a security impact analysis

Review the results of the most recent vulnerability scan

Conduct a gap analysis with the baseline configuration

What MUST each information owner do when a system contains data from multiple information owners?

Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data

Provide input to the Information System (IS) owner regarding the security requirements of the data

Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate.

Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data

Move the data to an Information System (IS) that does not contain data owned by other information owners

Which of the following is a responsibility of the information owner?

Managing identification, implementation, and assessment of common security controls

Ensure that users and personnel complete the required security training to access the Information System (IS)

Defining proper access to the Information System (IS), including privileges or access rights

Managing identification, implementation, and assessment of common security controls

Ensuring the Information System (IS) is operated according to agreed upon security requirements

It is MOST important to perform which of the following to minimize potential impact when implementing a new vulnerability scanning tool in a production environment?

Enable scanning during off-peak hours

Negotiate schedule with the Information Technology (IT) operation's team

Log vulnerability summary reports to a secured server

Enable scanning during off-peak hours

Establish access for Information Technology (IT) management

A Security Operations Center (SOC) receives an incident response notification on a server with an active intruder who has planted a backdoor. Initial notifications are sent and communications are established.What MUST be considered or evaluated before performing the next step?

Copying the contents of the hard drive to another storage device may damage the evidence

Notifying law enforcement is crucial before hashing the contents of the server hard drive

Identifying who executed the incident is more important than how the incident happened

Removing the server from the network may prevent catching the intruder

Copying the contents of the hard drive to another storage device may damage the evidence

Due to system constraints, a group of system administrators must share a high-level access set of credentials.Which of the following would be MOST appropriate to implement?

A credential check-out process for a per-use basis

Increased console lockout times for failed logon attempts

A credential check-out process for a per-use basis

Full logging on affected systems

Which of the following is the MOST efficient mechanism to account for all staff during a speedy nonemergency evacuation from a large security facility?

Radio Frequency Identification (RFID) sensors worn by each employee scanned by sensors at each exitdoor

Large mantrap where groups of individuals leaving are identified using facial recognition technology

Radio Frequency Identification (RFID) sensors worn by each employee scanned by sensors at each exitdoor

Emergency exits with push bars with coordinates at each exit checking off the individual against a predefined list

Card-activated turnstile where individuals are validated upon exit

What does electronic vaulting accomplish?

It ensures the fault tolerance of Redundant Array of Independent Disks (RAID) systems

It stripes all database records

It automates the Disaster Recovery Process (DRP)

Who would be the BEST person to approve an organizations information security policy?

Chief Information Security Officer (CISO)

Chief Information Officer (CIO)

Chief Information Security Officer (CISO)

A security analyst for a large financial institution is reviewing network traffic related to an incident.The analyst determines the traffic is irrelevant to the investigation but in the process of the review, the analyst also finds that an applications data, which included full credit card cardholder data, is transferred in clear text between the server and user's desktop. The analyst knows this violates the Payment Card Industry Data Security Standard (PCI-DSS). Which of the following is the analyst's next step?

Follow organizational processes to alert the proper teams to address the issue.

Send the log file co-workers for peer review

Include the full network traffic logs in the incident report

Follow organizational processes to alert the proper teams to address the issue.

Ignore data as it is outside the scope of the investigation and the analyst's role.

An Information Technology (IT) professional attends a cybersecurity seminar on current incident response methodologies.What code of ethics canon is being observed?

Provide diligent and competent service to principals

Protect society, the commonwealth, and the infrastructure

Advance and protect the profession

Act honorable, honesty, justly, responsibly, and legally

ISC CISSP Practice Test 15 - Free Online Exam Prep & Questions

Question 1 / 40

A company receives an email threat informing of an Imminent Distributed Denial of Service (DDoS) attack targeting its web application, unless ransom is paid. Which of the following techniques BEST addresses that threat?

Deploying load balancers to distribute inbound traffic across multiple data centers

Set Up Web Application Firewalls (WAFs) to filter out malicious traffic

Implementing reverse web-proxies to validate each new inbound connection

Coordinate with and utilize capabilities within Internet Service Provider (ISP)

Comment (0)

ISC CISSP Practice Test 15

Question

ISC CISSP Practice Tests

Practice Tests