ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 109

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1081

Report
Export
Collapse

A large organization's human resources and security teams are planning on implementing technology to eliminate manual user access reviews and improve compliance. Which of the following options is MOST likely to resolve the issues associated with user access?

A.
Implement a role-based access control (RBAC) system.
A.
Implement a role-based access control (RBAC) system.
Answers
B.
Implement identity and access management (IAM) platform.
B.
Implement identity and access management (IAM) platform.
Answers
C.
Implement a Privileged Access Management (PAM) system.
C.
Implement a Privileged Access Management (PAM) system.
Answers
D.
Implement a single sign-on (SSO) platform.
D.
Implement a single sign-on (SSO) platform.
Answers
Suggested answer: B

Question 1082

Report
Export
Collapse

A healthcare insurance organization chose a vendor to develop a software application. Upon review of the draft contract, the information security professional notices that software security is not addressed. What is the BEST approach to address the issue?

A.
Update the service level agreement (SLA) to provide the organization the right to audit the vendor.
A.
Update the service level agreement (SLA) to provide the organization the right to audit the vendor.
Answers
B.
Update the service level agreement (SLA) to require the vendor to provide security capabilities.
B.
Update the service level agreement (SLA) to require the vendor to provide security capabilities.
Answers
C.
Update the contract so that the vendor is obligated to provide security capabilities.
C.
Update the contract so that the vendor is obligated to provide security capabilities.
Answers
D.
Update the contract to require the vendor to perform security code reviews.
D.
Update the contract to require the vendor to perform security code reviews.
Answers
Suggested answer: C

Question 1083

Report
Export
Collapse

Which of the following is MOST important to follow when developing information security controls for an organization?

A.
Exercise due diligence with regard to all risk management information to tailor appropriate controls.
A.
Exercise due diligence with regard to all risk management information to tailor appropriate controls.
Answers
B.
Perform a risk assessment and choose a standard that addresses existing gaps.
B.
Perform a risk assessment and choose a standard that addresses existing gaps.
Answers
C.
Use industry standard best practices for security controls in the organization.
C.
Use industry standard best practices for security controls in the organization.
Answers
D.
Review all local and international standards and choose the most stringent based on location.
D.
Review all local and international standards and choose the most stringent based on location.
Answers
Suggested answer: C

Question 1084

Report
Export
Collapse

Which of the following is the MAIN difference between a network-based firewall and a host-based firewall?

A.
A network-based firewall is stateful, while a host-based firewall is stateless.
A.
A network-based firewall is stateful, while a host-based firewall is stateless.
Answers
B.
A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device.
B.
A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device.
Answers
C.
A network-based firewall verifies network traffic, while a host-based firewall verifies processes and applications.
C.
A network-based firewall verifies network traffic, while a host-based firewall verifies processes and applications.
Answers
D.
A network-based firewall blocks network intrusions, while a host-based firewall blocks malware.
D.
A network-based firewall blocks network intrusions, while a host-based firewall blocks malware.
Answers
Suggested answer: B

Question 1085

Report
Export
Collapse

Which of the following system components enforces access controls on an object?

A.
Security perimeter
A.
Security perimeter
Answers
B.
Access control matrix
B.
Access control matrix
Answers
C.
Trusted domain
C.
Trusted domain
Answers
D.
Reference monitor
D.
Reference monitor
Answers
Suggested answer: B

Question 1086

Report
Export
Collapse

Building blocks for software-defined networks (SDN) require which of the following?

A.
The SDN is mostly composed of virtual machines (VM).
A.
The SDN is mostly composed of virtual machines (VM).
Answers
B.
The SDN is composed entirely of client-server pairs.
B.
The SDN is composed entirely of client-server pairs.
Answers
C.
Virtual memory is used in preference to random-access memory (RAM).
C.
Virtual memory is used in preference to random-access memory (RAM).
Answers
D.
Random-access memory (RAM) is used in preference to virtual memory.
D.
Random-access memory (RAM) is used in preference to virtual memory.
Answers
Suggested answer: C

Question 1087

Report
Export
Collapse

An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?

A.
Facility provides an acceptable level of risk
A.
Facility provides an acceptable level of risk
Answers
B.
Facility provides disaster recovery (DR) services
B.
Facility provides disaster recovery (DR) services
Answers
C.
Facility provides the most cost-effective solution
C.
Facility provides the most cost-effective solution
Answers
D.
Facility has physical access protection measures
D.
Facility has physical access protection measures
Answers
Suggested answer: C

Question 1088

Report
Export
Collapse

A company is planning to implement a private cloud infrastructure. Which of the following recommendations will support the move to a cloud infrastructure?

A.
Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN.
A.
Implement a virtual local area network (VLAN) for each department and create a separate subnet for each VLAN.
Answers
B.
Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes.
B.
Implement software-defined networking (SDN) to provide the ability for the network infrastructure to be integrated with the control and data planes.
Answers
C.
Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.
C.
Implement a virtual local area network (VLAN) to logically separate the local area network (LAN) from the physical switches.
Answers
D.
implement software-defined networking (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices and applications.
D.
implement software-defined networking (SDN) to provide the ability to apply high-level policies to shape and reorder network traffic based on users, devices and applications.
Answers
Suggested answer: D

Question 1089

Report
Export
Collapse

While performing a security review for a new product, an information security professional discovers that the organization's product development team is proposing to collect government-issued identification (ID) numbers from customers to use as unique customer identifiers. Which of the following recommendations should be made to the product development team?

A.
Customer identifiers should be a variant of the user's government-issued ID number.
A.
Customer identifiers should be a variant of the user's government-issued ID number.
Answers
B.
Customer identifiers that do not resemble the user's government-issued ID number should be used.
B.
Customer identifiers that do not resemble the user's government-issued ID number should be used.
Answers
C.
Customer identifiers should be a cryptographic hash of the user's government-issued ID number.
C.
Customer identifiers should be a cryptographic hash of the user's government-issued ID number.
Answers
D.
Customer identifiers should be a variant of the user's name, for example, "jdoe" or "john.doe."
D.
Customer identifiers should be a variant of the user's name, for example, "jdoe" or "john.doe."
Answers
Suggested answer: C

Question 1090

Report
Export
Collapse

Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?

A.
Employee evaluation of the training program
A.
Employee evaluation of the training program
Answers
B.
Internal assessment of the training program's effectiveness
B.
Internal assessment of the training program's effectiveness
Answers
C.
Multiple choice tests to participants
C.
Multiple choice tests to participants
Answers
D.
Management control of reviews
D.
Management control of reviews
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms