ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 111

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1101

Report
Export
Collapse

Which of the following is MOST appropriate to collect evidence of a zero-day attack?

A.
Firewall
A.
Firewall
Answers
B.
Honeypot
B.
Honeypot
Answers
C.
Antispam
C.
Antispam
Answers
D.
Antivirus
D.
Antivirus
Answers
Suggested answer: A

Question 1102

Report
Export
Collapse

Which of the following is required to verify the authenticity of a digitally signed document?

A.
Digital hash of the signed document
A.
Digital hash of the signed document
Answers
B.
Sender's private key
B.
Sender's private key
Answers
C.
Recipient's public key
C.
Recipient's public key
Answers
D.
Agreed upon shared secret
D.
Agreed upon shared secret
Answers
Suggested answer: A

Question 1103

Report
Export
Collapse

Which of the following is the BEST method to gather evidence from a computer's hard drive?

A.
Disk duplication
A.
Disk duplication
Answers
B.
Disk replacement
B.
Disk replacement
Answers
C.
Forensic signature
C.
Forensic signature
Answers
D.
Forensic imaging
D.
Forensic imaging
Answers
Suggested answer: D

Question 1104

Report
Export
Collapse

Who should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC)?

A.
The business owner
A.
The business owner
Answers
B.
security subject matter expert (SME)
B.
security subject matter expert (SME)
Answers
C.
The application owner
C.
The application owner
Answers
D.
A developer subject matter expert (SME)
D.
A developer subject matter expert (SME)
Answers
Suggested answer: B

Question 1105

Report
Export
Collapse

During a penetration test, what are the three PRIMARY objectives of the planning phase?

A.
Determine testing goals, identify rules of engagement, and conduct an initial discovery scan.
A.
Determine testing goals, identify rules of engagement, and conduct an initial discovery scan.
Answers
B.
Finalize management approval, determine testing goals, and gather port and service information.
B.
Finalize management approval, determine testing goals, and gather port and service information.
Answers
C.
Identify rules of engagement, finalize management approval, and determine testing goals.
C.
Identify rules of engagement, finalize management approval, and determine testing goals.
Answers
D.
Identify rules of engagement, document management approval, and collect system and application information.
D.
Identify rules of engagement, document management approval, and collect system and application information.
Answers
Suggested answer: D

Question 1106

Report
Export
Collapse

What term is commonly used to describe hardware and software assets that are stored in a configuration management database (CMDB)?

A.
Configuration element
A.
Configuration element
Answers
B.
Asset register
B.
Asset register
Answers
C.
Ledger item
C.
Ledger item
Answers
D.
Configuration item
D.
Configuration item
Answers
Suggested answer: D

Question 1107

Report
Export
Collapse

Which of the following Disaster recovery (DR) testing processes is LEAST likely to disrupt normal business operations?

A.
Parallel
A.
Parallel
Answers
B.
Simulation
B.
Simulation
Answers
C.
Table-top
C.
Table-top
Answers
D.
Cut-over
D.
Cut-over
Answers
Suggested answer: C

Question 1108

Report
Export
Collapse

The Open Web Application Security Project's (OWASP) Software Assurance Maturity Model (SAMM) allows organizations to implement a flexible software security strategy to measure organizational impact based on what risk management aspect?

A.
Risk tolerance
A.
Risk tolerance
Answers
B.
Risk exception
B.
Risk exception
Answers
C.
Risk treatment
C.
Risk treatment
Answers
D.
Risk response
D.
Risk response
Answers
Suggested answer: D

Question 1109

Report
Export
Collapse

The security architect is designing and implementing an internal certification authority to generate digital certificates for all employees. Which of the following is the BEST solution to securely store the private keys?

A.
Physically secured storage device
A.
Physically secured storage device
Answers
B.
Encrypted flash drive
B.
Encrypted flash drive
Answers
C.
Public key infrastructure (PKI)
C.
Public key infrastructure (PKI)
Answers
D.
Trusted Platform Module (TPM)
D.
Trusted Platform Module (TPM)
Answers
Suggested answer: C

Question 1110

Report
Export
Collapse

Which of the following is a common risk with fiber optical communications, and what is the associated mitigation measure?

A.
Data emanation, deploying Category (CAT) 6 and higher cable wherever feasible
A.
Data emanation, deploying Category (CAT) 6 and higher cable wherever feasible
Answers
B.
Light leakage, deploying shielded cable wherever feasible
B.
Light leakage, deploying shielded cable wherever feasible
Answers
C.
Cable damage, deploying ring architecture wherever feasible
C.
Cable damage, deploying ring architecture wherever feasible
Answers
D.
Electronic eavesdropping, deploying end-to-end encryption wherever feasible
D.
Electronic eavesdropping, deploying end-to-end encryption wherever feasible
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms