ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 112

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1111

Report
Export
Collapse

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?

A.
Planning
A.
Planning
Answers
B.
Operation
B.
Operation
Answers
C.
Assessment
C.
Assessment
Answers
D.
Improvement
D.
Improvement
Answers
Suggested answer: B

Question 1112

Report
Export
Collapse

What is the BEST reason to include supply chain risks in a corporate risk register?

A.
Risk registers help fund corporate supply chain risk management (SCRM) systems.
A.
Risk registers help fund corporate supply chain risk management (SCRM) systems.
Answers
B.
Risk registers classify and categorize risk and allow risks to be compared to corporate risk appetite.
B.
Risk registers classify and categorize risk and allow risks to be compared to corporate risk appetite.
Answers
C.
Risk registers can be used to illustrate residual risk across the company.
C.
Risk registers can be used to illustrate residual risk across the company.
Answers
D.
Risk registers allow for the transfer of risk to third parties.
D.
Risk registers allow for the transfer of risk to third parties.
Answers
Suggested answer: B

Question 1113

Report
Export
Collapse

An employee's home address should be categorized according to which of the following references?

A.
The consent form terms and conditions signed by employees
A.
The consent form terms and conditions signed by employees
Answers
B.
The organization's data classification model
B.
The organization's data classification model
Answers
C.
Existing employee data classifications
C.
Existing employee data classifications
Answers
D.
An organization security plan for human resources
D.
An organization security plan for human resources
Answers
Suggested answer: B

Question 1114

Report
Export
Collapse

Why is authentication by ownership stronger than authentication by knowledge?

A.
It is easier to change.
A.
It is easier to change.
Answers
B.
It can be kept on the user's person.
B.
It can be kept on the user's person.
Answers
C.
It is more difficult to duplicate.
C.
It is more difficult to duplicate.
Answers
D.
It is simpler to control.
D.
It is simpler to control.
Answers
Suggested answer: B

Question 1115

Report
Export
Collapse

A network security engineer needs to ensure that a security solution analyzes traffic for protocol manipulation and various sorts of common attacks. In addition, all Uniform Resource Locator (URL) traffic must be inspected and users prevented from browsing inappropriate websites. Which of the following solutions should be implemented to enable administrators the capability to analyze traffic, blacklist external sites, and log user traffic for later analysis?

A.
Intrusion detection system (IDS)
A.
Intrusion detection system (IDS)
Answers
B.
Circuit-Level Proxy
B.
Circuit-Level Proxy
Answers
C.
Application-Level Proxy
C.
Application-Level Proxy
Answers
D.
Host-based Firewall
D.
Host-based Firewall
Answers
Suggested answer: B

Question 1116

Report
Export
Collapse

Which of the following is the BEST way to protect an organization's data assets?

A.
Monitor and enforce adherence to security policies.
A.
Monitor and enforce adherence to security policies.
Answers
B.
Encrypt data in transit and at rest using up-to-date cryptographic algorithms.
B.
Encrypt data in transit and at rest using up-to-date cryptographic algorithms.
Answers
C.
Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.
C.
Create the Demilitarized Zone (DMZ) with proxies, firewalls and hardened bastion hosts.
Answers
D.
Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).
D.
Require Multi-Factor Authentication (MFA) and Separation of Duties (SoD).
Answers
Suggested answer: B

Question 1117

Report
Export
Collapse

Which of the following would qualify as an exception to the "right to be forgotten" of the General Data Protection Regulation's (GDPR)?

A.
For the establishment, exercise, or defense of legal claims
A.
For the establishment, exercise, or defense of legal claims
Answers
B.
The personal data has been lawfully processed and collected
B.
The personal data has been lawfully processed and collected
Answers
C.
The personal data remains necessary to the purpose for which it was collected
C.
The personal data remains necessary to the purpose for which it was collected
Answers
D.
For the reasons of private interest
D.
For the reasons of private interest
Answers
Suggested answer: C

Question 1118

Report
Export
Collapse

Which of the following is the name of an individual or group that is impacted by a change?

A.
Change agent
A.
Change agent
Answers
B.
Stakeholder
B.
Stakeholder
Answers
C.
Sponsor
C.
Sponsor
Answers
D.
End User
D.
End User
Answers
Suggested answer: B

Question 1119

Report
Export
Collapse

What is the MINIMUM standard for testing a disaster recovery plan (DRP)?

A.
Semi-annually and in alignment with a fiscal half-year business cycle
A.
Semi-annually and in alignment with a fiscal half-year business cycle
Answers
B.
Annually or less frequently depending upon audit department requirements
B.
Annually or less frequently depending upon audit department requirements
Answers
C.
Quarterly or more frequently depending upon the advice of the information security manager
C.
Quarterly or more frequently depending upon the advice of the information security manager
Answers
D.
As often as necessary depending upon the stability of the environment and business requirements
D.
As often as necessary depending upon the stability of the environment and business requirements
Answers
Suggested answer: D

Question 1120

Report
Export
Collapse

What is the MOST significant benefit of role-based access control (RBAC)?

A.
Reduction in authorization administration overhead
A.
Reduction in authorization administration overhead
Answers
B.
Reduces inappropriate access
B.
Reduces inappropriate access
Answers
C.
Management of least privilege
C.
Management of least privilege
Answers
D.
Most granular form of access control
D.
Most granular form of access control
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms