Which of the following is a common measure within a Local Area Network (LAN) to provide en additional level of security through segmentation?

Building Virtual Local Area Networks (VLAN)

Building Demilitarized Zones (DMZ)

Implementing an Intrusion Detection System (IDS)

What Is the FIRST step for a digital investigator to perform when using best practices to collect digital evidence from a potential crime scene?

Confirm that the appropriate warrants were issued to the subject of the investigation to eliminate illegal search claims.

Consult the lead investigate to team the details of the case and required evidence.

Assure that grounding procedures have been followed to reduce the loss of digital data due to static electricity discharge.

Update the Basic Input Output System (BIOS) and Operating System (OS) of any tools used to assure evidence admissibility.

Confirm that the appropriate warrants were issued to the subject of the investigation to eliminate illegal search claims.

How can an attacker exploit overflow to execute arbitrary code?

Modify a function's return address.

Alter the address of the stack.

Substitute elements in the stack.

Which of the following is TRUE regarding equivalence class testing?

Test inputs are obtained from the derived boundaries of the given functional specifications.

It is characterized by the stateless behavior of a process implemented In a function.

An entire partition can be covered by considering only one representative value from that partition.

Test inputs are obtained from the derived boundaries of the given functional specifications.

It is useful for testing communications protocols and graphical user interfaces.

Which of the following is the BEST way to protect against structured Query language (SQL) injection?

Restrict use of SELECT command.

Restrict Hyper Text Markup Language (HTNL) source code access.

Which of the following BEST describes the responsibilities of data owner?

Determining the impact the information has on the mission of the organization

Ensuing Quality and validation trough periodic audits for ongoing data integrity

Determining the impact the information has on the mission of the organization

Maintaining fundamental data availability, including data storage and archiving

Ensuring accessibility to appropriate users, maintaining appropriate levels of data security

If virus infection is suspected, which of the following is the FIRST step for the user to take?

Report the incident to service desk.

Unplug the computer from the network.

Save the opened files and shutdown the computer.

Report the incident to service desk.

Update the antivirus to the latest version.

Which of the following MOST applies to session initiation protocal (SIP) security?

It reuses security mechanisms derived from existing protocols.

It leverages Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS).

It requires a Public Key Infrastructure (PKI).

It reuses security mechanisms derived from existing protocols.

It supports end-to-end security natively.

What is the document that describes the measures that have been implemented or planned to correct any deficiencies noted during the assessment of the security controls?

Plan of Action and Milestones {POA&M)

Security Assessment Report (SAR)

Plan of Action and Milestones {POA&M)

When dealing with shared, privilaged accounts, especially those for emergencies, what is the BEST way to assure non-repudiation of logs?

implement a password vaulting solution.

Regularity change the passwords,

implement a password vaulting solution.

Lock passwords in tamperproof envelopes in a safe.

Implement a strict access control policy.

Which of the following actions MUST be performed when using secure multipurpose internet mail Extension (S/MIME) before sending an encrypted message to a recipient?

Obtain the recipients private key.

Obtain the recipient's digital certificate.

What are the roles within a scrum methodoligy?

prduct owner, scrum master, and scrum team

System owner, scrum master, and development team

prduct owner, scrum master, and scrum team

Scrum master, requirements manager, and development team

Scrum master, quality assurance team, and scrum team

What is the FIRST step required in establishing a records retention program?

Draft a records retention policy.

Identify and inventory all records.

Identify and inventory all records storage locations

Classify records based on sensitivity.

Draft a records retention policy.

Which of the following was developed to support multiple protocols as well as provide as well as provide login, password, and error correction capabilities?

Challenge Handshake Authentication Protocol (CHAP)

Password Authentication Protocol (PAP)

An organization discovers that its secure file transfer protocol (SFTP) server has been accessed by an unauthorized person to download an unreleased game. A recent security audit found weaknesses in some of the organization's general information technology (IT) controls, specifically pertaining to software change control and security patch management, but not in other control areas.Which of the following is the MOST probable attack vector used in the security breach?

Weak password able to lack of complexity rules

Distributed Denial of Service (DDoS)

If a content management system (CMC) is implemented, which one of the following would occur?

The test and production systems would be running the same software

Developers would no longer have access to production systems

The applications placed into production would be secure

Patching the systems would be completed more quickly

The test and production systems would be running the same software

Which of the following is the BEST identity-as-a-service (IDaaS) solution for validating users?

Lightweight Directory Access Protocol (LDAP)

Security Assertion Markup Language (SAM.)

Why is lexical obfuscation in software development discouraged by many organizations?

Problems recovering systems after disaster

Problems maintaining data connections

What steps can be taken to prepare personally identifiable information (PII) for processing by a third party?

The personal information should be maintained separately connected with a one-way reference.

It is not necessary to protect PII as long as it is in the hands of the provider.

A security agreement with a Cloud Service Provider (CSP) was required so there is no concern.

The personal information should be maintained separately connected with a one-way reference.

The personal information can be hashed and then the data can be sent to an outside processor.

Why are mobile devices something difficult to investigate in a forensic examination?

They may have proprietary software installed to protect them.

There are no forensics tools available for examination.

They may have proprietary software installed to protect them.

They may contain cryptographic protection.

They have password-based security at logon.

Which of the following is a characteristic of a challenge/response authentication process?

Presenting distorted graphics of text for authentication

Transmitting a hash based on the user's password

Using a password history blacklist

Requiring the use of non-consecutive numeric characters

Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device Which has stolen?

Mobile Device Management (MDMJ with device wipe

Whole device encryption with key escrow

Mobile Device Management (MDMJ with device wipe

Mobile device tracking with geolocation

Virtual Private Network (VPN) with traffic encryption

Which of the following will help identify the source internet protocol (IP) address of malware being exected on a computer?

List of open network connections

Display Transmission Control Protocol/Internet Protocol (TCP/IP) network configuration information.

Display the Address Resolution Protocol (APP) table.

Which of the following findings would MOST likely indicate a high risk in a vulnerability assessment report?

Transmission control protocol (TCP) port 443 open

Non-standard system naming convention used

Digital certificates used transport Layer security (TLS) support which of the following?

Server identify and data confidentially

Multi-Factor Authentication (MFA)

Non-reputation controls and data encryption

Which would result in the GREATEST import following a breach to a cloud environment?

Insufficient network segregation

The hypervisor host Is poorly seared

The same Logical Unit Number (LLN) is used for ail VMs

Insufficient network segregation

Insufficient hardening of Virtual Machines (VM)

Which of the following in the BEST way to reduce the impact of an externally sourced flood attack?

Stock the source address at the firewall.

Have this service provide block the source address.

Block all inbound traffic until the flood ends.

Have the source service provider block the address

Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?

Lightweight Directory Access Protocol (LDAP)

A corporate security policy specifies that all devices on the network must have updated operating system patches and anti-malware software. Which technology should be used to enforce this policy?

Network Address Translation (NAT)

When designing on Occupent Emergency plan (OEP) for United states (US) Federal government facilities, what factor must be considered?

location of emergency exits in building

Average age of the agency employees

Geographical location and structural design of building

Federal agency for which plan is being drafted

Why should Open Web Application Security Project (OWASP) Application Security Verification standards (ASVS) Level 1 be considered a MINIMUM level of protection for any web application?

Opportunistic attackers will look for any easily exploitable vulnerable applications.

ASVS Level 1 ensures that applications are invulnerable to OWASP top 10 threats.

Opportunistic attackers will look for any easily exploitable vulnerable applications.

Most regulatory bodies consider ASVS Level 1 as a baseline set of controls for applications.

Securing applications at ASVS Level 1 provides adequate protection for sensitive data.

ISC CISSP Practice Test 18 - Free Online Exam Prep & Questions

A client has reviewed a vulnerability assessment report and has stated it is Inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating System (OS) was not properly detected.

Where in the vulnerability assessment process did the erra MOST likely occur?

Detection

Enumeration

Reporting

Discovery

Comment (0)

ISC CISSP Practice Test 18

Question

ISC CISSP Practice Tests

Practice Tests