ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 108

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1071

Report
Export
Collapse

Which of the following is a secure design principle for a new product?

A.
Build in appropriate levels of fault tolerance.
A.
Build in appropriate levels of fault tolerance.
Answers
B.
Utilize obfuscation whenever possible.
B.
Utilize obfuscation whenever possible.
Answers
C.
Do not rely on previously used code.
C.
Do not rely on previously used code.
Answers
D.
Restrict the use of modularization.
D.
Restrict the use of modularization.
Answers
Suggested answer: A

Question 1072

Report
Export
Collapse

An application developer receives a report back from the security team showing their automated tools were able to successfully enter unexpected data into the organization's customer service portal, causing the site to crash. This is an example of which type of testing?

A.
Non-functional
A.
Non-functional
Answers
B.
Positive
B.
Positive
Answers
C.
Performance
C.
Performance
Answers
D.
Negative
D.
Negative
Answers
Suggested answer: D

Question 1073

Report
Export
Collapse

An organization has determined that its previous waterfall approach to software development is not keeping pace with business demands. To adapt to the rapid changes required for product delivery, the organization has decided to move towards an Agile software development and release cycle. In order to ensure the success of the Agile methodology, who is MOST critical in creating acceptance tests or acceptance criteria for each release?

A.
Project managers
A.
Project managers
Answers
B.
Software developers
B.
Software developers
Answers
C.
Independent testers
C.
Independent testers
Answers
D.
Business customers
D.
Business customers
Answers
Suggested answer: D

Question 1074

Report
Export
Collapse

A hospital enforces the Code of Fair Information Practices. What practice applies to a patient requesting their medical records from a web portal?

A.
Use limitation
A.
Use limitation
Answers
B.
Individual participation
B.
Individual participation
Answers
C.
Purpose specification
C.
Purpose specification
Answers
D.
Collection limitation
D.
Collection limitation
Answers
Suggested answer: D

Question 1075

Report
Export
Collapse

When designing a new Voice over Internet Protocol (VoIP) network, an organization's top concern is preventing unauthorized users accessing the VoIP network. Which of the following will BEST help secure the VoIP network?

A.
Transport Layer Security (TLS)
A.
Transport Layer Security (TLS)
Answers
B.
802.1x
B.
802.1x
Answers
C.
802.119
C.
802.119
Answers
D.
Web application firewall (WAF)
D.
Web application firewall (WAF)
Answers
Suggested answer: A

Question 1076

Report
Export
Collapse

What is the PRIMARY objective of the post-incident phase of the incident response process in the security operations center (SOC)?

A.
improve the IR process.
A.
improve the IR process.
Answers
B.
Communicate the IR details to the stakeholders.
B.
Communicate the IR details to the stakeholders.
Answers
C.
Validate the integrity of the IR.
C.
Validate the integrity of the IR.
Answers
D.
Finalize the IR.
D.
Finalize the IR.
Answers
Suggested answer: A

Question 1077

Report
Export
Collapse

An international organization has decided to use a Software as a Service (SaaS) solution to support its business operations. Which of the following compliance standards should the organization use to assess the international code security and data privacy of the solution?

A.
Health Insurance Portability and Accountability Act (HIPAA)
A.
Health Insurance Portability and Accountability Act (HIPAA)
Answers
B.
Service Organization Control (SOC) 2
B.
Service Organization Control (SOC) 2
Answers
C.
Payment Card Industry (PCI)
C.
Payment Card Industry (PCI)
Answers
D.
Information Assurance Technical Framework (IATF)
D.
Information Assurance Technical Framework (IATF)
Answers
Suggested answer: B

Question 1078

Report
Export
Collapse

Which of the following actions should be undertaken prior to deciding on a physical baseline Protection Profile (PP)?

A.
Check the technical design.
A.
Check the technical design.
Answers
B.
Conduct a site survey.
B.
Conduct a site survey.
Answers
C.
Categorize assets.
C.
Categorize assets.
Answers
D.
Choose a suitable location.
D.
Choose a suitable location.
Answers
Suggested answer: A

Question 1079

Report
Export
Collapse

A criminal organization is planning an attack on a government network. Which of the following scenarios presents the HIGHEST risk to the organization?

A.
Network is flooded with communication traffic by the attacker.
A.
Network is flooded with communication traffic by the attacker.
Answers
B.
Organization loses control of their network devices.
B.
Organization loses control of their network devices.
Answers
C.
Network management communications is disrupted.
C.
Network management communications is disrupted.
Answers
D.
Attacker accesses sensitive information regarding the network topology.
D.
Attacker accesses sensitive information regarding the network topology.
Answers
Suggested answer: B

Question 1080

Report
Export
Collapse

A Certified Information Systems Security Professional (CISSP) with identity and access management (IAM) responsibilities is asked by the Chief Information Security Officer (CISO) to4 perform a vulnerability assessment on a web application to pass a Payment Card Industry (PCI) audit. The CISSP has never performed this before. According to the (ISC)? Code of Professional Ethics, which of the following should the CISSP do?

A.
Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete it
A.
Review the CISSP guidelines for performing a vulnerability assessment before proceeding to complete it
Answers
B.
Review the PCI requirements before performing the vulnerability assessment
B.
Review the PCI requirements before performing the vulnerability assessment
Answers
C.
Inform the CISO that they are unable to perform the task because they should render only those services for which they are fully competent and qualified
C.
Inform the CISO that they are unable to perform the task because they should render only those services for which they are fully competent and qualified
Answers
D.
Since they are CISSP certified, they have enough knowledge to assist with the request, but will need assistance in order to complete it in a timely manner
D.
Since they are CISSP certified, they have enough knowledge to assist with the request, but will need assistance in order to complete it in a timely manner
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms