ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 106

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1051

Report
Export
Collapse

Where can the Open Web Application Security Project (OWASP) list of associated vulnerabilities be found?

A.
OWASP Top 10 Project
A.
OWASP Top 10 Project
Answers
B.
OWASP Software Assurance Maturity Model (SAMM) Project
B.
OWASP Software Assurance Maturity Model (SAMM) Project
Answers
C.
OWASP Guide Project
C.
OWASP Guide Project
Answers
D.
OWASP Mobile Project
D.
OWASP Mobile Project
Answers
Suggested answer: A

Question 1052

Report
Export
Collapse

What is the BEST approach to anonymizing personally identifiable information (PII) in a test environment?

A.
Randomizing data
A.
Randomizing data
Answers
B.
Swapping data
B.
Swapping data
Answers
C.
Encrypting data
C.
Encrypting data
Answers
D.
Encoding data
D.
Encoding data
Answers
Suggested answer: C

Question 1053

Report
Export
Collapse

A customer continues to experience attacks on their email, web, and File Transfer Protocol (FTP) servers. These attacks are impacting their business operations. Which of the following is the BEST recommendation to make?

A.
Configure an intrusion detection system (IDS).
A.
Configure an intrusion detection system (IDS).
Answers
B.
Create a demilitarized zone (DMZ).
B.
Create a demilitarized zone (DMZ).
Answers
C.
Deploy a bastion host.
C.
Deploy a bastion host.
Answers
D.
Setup a network firewall.
D.
Setup a network firewall.
Answers
Suggested answer: C

Question 1054

Report
Export
Collapse

Which security feature fully encrypts code and data as it passes to the servers and only decrypts below the hypervisor layer?

A.
File-system level encryption
A.
File-system level encryption
Answers
B.
Transport Layer Security (TLS)
B.
Transport Layer Security (TLS)
Answers
C.
Key management service
C.
Key management service
Answers
D.
Trusted execution environments
D.
Trusted execution environments
Answers
Suggested answer: D

Question 1055

Report
Export
Collapse

Which of the following techniques evaluates the secure Bet principles of network or software architectures?

A.
Threat modeling
A.
Threat modeling
Answers
B.
Risk modeling
B.
Risk modeling
Answers
C.
Waterfall method
C.
Waterfall method
Answers
D.
Fuzzing
D.
Fuzzing
Answers
Suggested answer: A

Question 1056

Report
Export
Collapse

Which of the following is security control volatility?

A.
A reference to the stability of the security control.
A.
A reference to the stability of the security control.
Answers
B.
A reference to how unpredictable the security control is.
B.
A reference to how unpredictable the security control is.
Answers
C.
A reference to the impact of the security control.
C.
A reference to the impact of the security control.
Answers
D.
A reference to the likelihood of change in the security control.
D.
A reference to the likelihood of change in the security control.
Answers
Suggested answer: D

Question 1057

Report
Export
Collapse

When performing an investigation with the potential for legal action, what should be the analyst's FIRST consideration?

A.
Chain-of-custody
A.
Chain-of-custody
Answers
B.
Authorization to collect
B.
Authorization to collect
Answers
C.
Court admissibility
C.
Court admissibility
Answers
D.
Data decryption
D.
Data decryption
Answers
Suggested answer: A

Question 1058

Report
Export
Collapse

Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?

A.
Proper security controls, security goals, and fault mitigation are properly conducted.
A.
Proper security controls, security goals, and fault mitigation are properly conducted.
Answers
B.
Proper security controls, security objectives, and security goals are properly initiated.
B.
Proper security controls, security objectives, and security goals are properly initiated.
Answers
C.
Security goals, proper security controls, and validation are properly initiated.
C.
Security goals, proper security controls, and validation are properly initiated.
Answers
D.
Security objectives, security goals, and system test are properly conducted.
D.
Security objectives, security goals, and system test are properly conducted.
Answers
Suggested answer: B

Question 1059

Report
Export
Collapse

An organization needs a general purpose document to prove that its internal controls properly address security, availability, processing integrity, confidentiality or privacy risks. Which of the following reports is required?

A.
A Service Organization Control (SOC) 3 report
A.
A Service Organization Control (SOC) 3 report
Answers
B.
The Statement on Standards for Attestation Engagements No. 18 (SSAE 18)
B.
The Statement on Standards for Attestation Engagements No. 18 (SSAE 18)
Answers
C.
A Service Organization Control (SOC) 2 report
C.
A Service Organization Control (SOC) 2 report
Answers
D.
The International Organization for Standardization (ISO) 27001
D.
The International Organization for Standardization (ISO) 27001
Answers
Suggested answer: C

Question 1060

Report
Export
Collapse

What is the BEST design for securing physical perimeter protection?

A.
Crime Prevention through Environmental Design (CPTED)
A.
Crime Prevention through Environmental Design (CPTED)
Answers
B.
Barriers, fences, gates, and walls
B.
Barriers, fences, gates, and walls
Answers
C.
Business continuity planning (BCP)
C.
Business continuity planning (BCP)
Answers
D.
Closed-circuit television (CCTV)
D.
Closed-circuit television (CCTV)
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms