Which security architecture strategy could be applied to secure an operating system (OS) baseline for deployment within the corporate enterprise?

Principle of Separation of Duty

What does the term "100-year floodplain" mean to emergency preparedness officials?

The odds of a flood at this level are 1 in 100 in any given year.

The area is expected to be safe from flooding for at least 100 years.

The odds of a flood at this level are 1 in 100 in any given year.

The odds are that the next significant flood will hit within the next 100 years.

The last flood of any kind to hit the area was more than 100 years ago.

Which of the following is the PRIMARY consideration when determining the frequency an automated control should be assessed or monitored?

The level of automation of the control

The complexity of the automated control

The level of automation of the control

The range of values of the automated control

The volatility of the automated control

An organization that has achieved a Capability Maturity model Integration (CMMI) level of 4 has done which of the following?

Achieved optimized process performance

Addressed continuous innovative process improvement

Addressed the causes of common process variance

Achieved optimized process performance

Achieved predictable process performance

What is the MOST effective way to protect privacy?

Apply tokenization to all personal information records.

Eliminate or reduce collection of personal information.

Encrypt all collected personal information.

Classify all personal information at the highest information classification level.

Apply tokenization to all personal information records.

Which of the following job functions MUST be separated to maintain data and application integrity?

Systems development and systems maintenance

Applications development and systems analysis

Production control and data control functions

Scheduling and computer operations

Systems development and systems maintenance

Which of the following authorization standards is built to handle Application programming Interface (API) access for federated Identity management (FIM)?

Remote Authentication Dial-In User Service (RADIUS)

Terminal Access Controller Access Control System Plus (TACACS+)

Security Assertion Markup Language (SAML)

Information security metrics provide the GREATEST value tp management when based upon the security manager's knowledge of which of the following?

Likelihood of a security breach

Cost of implementing effective controls

Benefits related to quantitative analysts

Who determines the required level of independence for security control Assessors (SCA)?

Chief Information Security Officer (CISC)

What high Availability (HA) option of database allows multiple clients to access multiple database servers simultaneously?

Non-Structured Query Language (NoSQL) database

Verify the most recent firmware version is installed on the camera.

Verify the camera's log for recent logins outside of the Internet Technology (IT) department.

Verify the security and encryption protocol the camera uses.

Verify the security camera requires authentication to log into the management console.

Verify the most recent firmware version is installed on the camera.

Which of the following can be used to calculate the loss event probability?

Number of outcomes divided by total number of possible outcomes

Total number of possible outcomes divided by frequency of outcomes

Number of outcomes divided by total number of possible outcomes

Number of outcomes multiplied by total number of possible outcomes

Total number of possible outcomes multiplied by frequency of outcomes

Which of the following is applicable to a publicly held company concerned about information handling and storage requirement specific to the financial reporting?

Sarbanes-Oxley (SOX) Act of 2002

International Organization for Standardization (ISO) 27001

Which of the following media is LEAST problematic with data remanence?

Dynamic Random Access Memory (DRAM)

Electrically Erasable Programming Read-Only Memory (BPRCM)

Which open standard could l large corporation deploy for authorization services for single sign-on (SSO) use across multiple internal and external application?

Security Assertion Markup Language (SAML)

Terminal Access Controller Access Control System (TACACS)

Security Assertion Markup Language (SAML)

Lightweight Directory Access Protocol (LDAP)

Active Directory Federation Services (ADFS)

Which of the following statements is TRUE regarding equivalence class testing?

An entire partition can be covered by considering only one representative value from that partition.

Test inputs are obtained from the derived boundaries of the given functional specifications.

It is characterized by the stateless behavior of a process implemented in a function.

An entire partition can be covered by considering only one representative value from that partition.

It is useful for testing communications protocols and graphical user interfaces.

A large corporation is looking for a solution to automate access based on where the request is coming from, who the user is, what device they are connecting with, and what and time of day they are attempting this access. What type of solution would suit their needs?

Role Based Access Control (RBAC)

Discretionary Access Control (DAC)

Which of the following MUST an organization do to effectively communicate is security strategy to all affected parties?

Notify staff of changes to the strategy.

Involve representatives from each key organizational area.

Provide regular updates to the board of directors.

Notify staff of changes to the strategy.

Remove potential communication barriers.

When using Security Assertion markup language (SAML), it is assumed that the principal subject

enrolls with at least one identity provider.

accepts persistent cookies from the system.

allows Secure Sockets Layer (SSL) for data exchanges.

is on a system that supports remote authorization.

enrolls with at least one identity provider.

Which of the below strategies would MOST comprehensively address the risk of malicious insiders leaking sensitive information?

Least privilege access, Data Loss Protection (DLP), physical access controls

Data Loss Protection (DIP), firewalls, data classification

Least privilege access, Data Loss Protection (DLP), physical access controls

Staff vetting, least privilege access, Data Loss Protection (DLP)

Background checks, data encryption, web proxies

What is the FIRST step required in establishing a records retention program?

Draft a records retention policy.

Identify and inventory all records storage locations.

Classify records based on sensitivity.

Identify and inventory all records.

Draft a records retention policy.

What is the threat modeling order using process for Attack simu-lation and threat analysis (PASTA)?

Application decomposition, threat analysis, vulnerability detection, attack enumeration, risk/impact analysis

Threat analysis, vulnerability detection, application decomposition, attack enumeration, risk/Impact analysis

Risk/impact analysis, application decomposition, threat analysis, vulnerability detection, attack enumeration

Application decomposition, threat analysis, risk/impact analysis, vulnerability detection, attack enumeration

An organization implements a remote access server (RAS), Once users connect to the server, digital certificates are used to authenticate their identity. What type of extensible Authentication protocol (EAP) would the organization use during this authentication?

Subscriber Identity Module (SIM)

Lightweight Extensible Authentication Protocol (EAP)

As a security manger which of the following is the MOST effective practice for providing value to an organization?

Identify confidential information and protect it

Assess business risk and apply security resources accordingly

Coordinate security implementations with internal audit

Achieve compliance regardless of related technical issues

Identify confidential information and protect it

Which of the following BEST provides for non-repudiation od user account actions?

Centralized authentication system

Managed Intrusion Detection System (IDS)

What type of access control determines the authorization to resource based on pre-defined job titles within an organization?

Role-Based Access Control (RBAC)

Non-discretionary access control

Discretionary Access Control (DAC)

As users switch roles within an organization, their accounts are given additional permissions to perform the duties of their new position. After a recent audit, it was discovered that many of these accounts maintained their old permissions as well. The obsolete permissions identified by the audit have been remediated and accounts have only the appropriate permissions to complete their jobs.Which of the following is the BEST way to prevent access privilege creep?

Implementing Identity and Access Management (IAM) solution

Time-based review and certification

Trigger-based review and certification

Continuity of operations is BEST supported by which of the following?

Connectivity, reliability, and redundancy

Confidentiality, availability, and reliability

Connectivity, reliability, and redundancy

Connectivity, reliability, and recovery

Confidentiality, integrity, and availability

ISC CISSP Practice Test 20 - Free Online Exam Prep & Questions

The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a protected Health information (PHI) data leak?

Become a Premium Member for full access

Unlock Premium Member

ISC CISSP Practice Test 20

Question

ISC CISSP Practice Tests

Practice Tests