ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 101

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1001

Report
Export
Collapse

Which of the following is the MOST comprehensive Business Continuity (BC) test?

A.
Full functional drill
A.
Full functional drill
Answers
B.
Full table top
B.
Full table top
Answers
C.
Full simulation
C.
Full simulation
Answers
D.
Full interruption
D.
Full interruption
Answers
Suggested answer: C

Question 1002

Report
Export
Collapse

The disaster recovery (DR) process should always include

A.
plan maintenance.
A.
plan maintenance.
Answers
B.
periodic vendor review.
B.
periodic vendor review.
Answers
C.
financial data analysis.
C.
financial data analysis.
Answers
D.
periodic inventory review.
D.
periodic inventory review.
Answers
Suggested answer: A

Question 1003

Report
Export
Collapse

Which of the following BEST describes the purpose of software forensics?

A.
To perform cyclic redundancy check (CRC) verification and detect changed applications
A.
To perform cyclic redundancy check (CRC) verification and detect changed applications
Answers
B.
To review program code to determine the existence of backdoors
B.
To review program code to determine the existence of backdoors
Answers
C.
To analyze possible malicious intent of malware
C.
To analyze possible malicious intent of malware
Answers
D.
To determine the author and behavior of the code
D.
To determine the author and behavior of the code
Answers
Suggested answer: D

Question 1004

Report
Export
Collapse

The security architect has been assigned the responsibility of ensuring integrity of the organization's electronic records. Which of the following methods provides the strongest level of integrity?

A.
Time stamping
A.
Time stamping
Answers
B.
Encryption
B.
Encryption
Answers
C.
Hashing
C.
Hashing
Answers
D.
Digital signature
D.
Digital signature
Answers
Suggested answer: D

Question 1005

Report
Export
Collapse

An application is used for funds transfer between an organization and a third-party. During a security audit, an issue with the business continuity/disaster recovery policy and procedures for this application. Which of the following reports should the audit file with the organization?

A.
Service Organization Control (SOC) 1
A.
Service Organization Control (SOC) 1
Answers
B.
Statement on Auditing Standards (SAS) 70
B.
Statement on Auditing Standards (SAS) 70
Answers
C.
Service Organization Control (SOC) 2
C.
Service Organization Control (SOC) 2
Answers
D.
Statement on Auditing Standards (SAS) 70-1
D.
Statement on Auditing Standards (SAS) 70-1
Answers
Suggested answer: C

Question 1006

Report
Export
Collapse

An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization's dedicated environment with a cloud service provider. What is the BEST way to prevent and correct the software's security weal

A.
Implement a dedicated COTS sandbox environment
A.
Implement a dedicated COTS sandbox environment
Answers
B.
Follow the software end-of-life schedule
B.
Follow the software end-of-life schedule
Answers
C.
Transfer the risk to the cloud service provider
C.
Transfer the risk to the cloud service provider
Answers
D.
Examine the software updating and patching process
D.
Examine the software updating and patching process
Answers
Suggested answer: A

Question 1007

Report
Export
Collapse

Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users internal control over financial reporting?

A.
Statement on Auditing Standards (SAS)70
A.
Statement on Auditing Standards (SAS)70
Answers
B.
Service Organization Control 1 (SOC1)
B.
Service Organization Control 1 (SOC1)
Answers
C.
Service Organization Control 2 (SOC2)
C.
Service Organization Control 2 (SOC2)
Answers
D.
Service Organization Control 3 (SOC3)
D.
Service Organization Control 3 (SOC3)
Answers
Suggested answer: B

Question 1008

Report
Export
Collapse

The Chief Information Security Officer (CISO) is concerned about business application availability. The organization was recently subject to a ransomware attack that resulted in the unavailability of applications and services for 10 working days that required paper-based running of all main business processes. There are now aggressive plans to enhance the Recovery Time Objective (RTO) and cater for more frequent data captures. Which of the following solutions should be implemented to fully comply to the new business requirements?

A.
Virtualization
A.
Virtualization
Answers
B.
Antivirus
B.
Antivirus
Answers
C.
Process isolation
C.
Process isolation
Answers
D.
Host-based intrusion prevention system (HIPS)
D.
Host-based intrusion prevention system (HIPS)
Answers
Suggested answer: A

Question 1009

Report
Export
Collapse

Which of the following is the GREATEST risk of relying only on Capability Maturity Models (CMM) for software to guide process improvement and assess capabilities of acquired software?

A.
Organizations can only reach a maturity level 3 when using CMMs
A.
Organizations can only reach a maturity level 3 when using CMMs
Answers
B.
CMMs do not explicitly address safety and security
B.
CMMs do not explicitly address safety and security
Answers
C.
CMMs can only be used for software developed in-house
C.
CMMs can only be used for software developed in-house
Answers
D.
CMMs are vendor specific and may be biased
D.
CMMs are vendor specific and may be biased
Answers
Suggested answer: B

Question 1010

Report
Export
Collapse

Which of the following should exist in order to perform a security audit?

A.
Industry framework to audit against
A.
Industry framework to audit against
Answers
B.
External (third-party) auditor
B.
External (third-party) auditor
Answers
C.
Internal certified auditor
C.
Internal certified auditor
Answers
D.
Neutrality of the auditor
D.
Neutrality of the auditor
Answers
Suggested answer: D
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms