ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 114

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1131

Report
Export
Collapse

Which of the following security objectives for industrial control systems (ICS) can be adapted to securing any Internet of Things (IoT) system?

A.
Prevent unauthorized modification of data.
A.
Prevent unauthorized modification of data.
Answers
B.
Restore the system after an incident.
B.
Restore the system after an incident.
Answers
C.
Detect security events and incidents.
C.
Detect security events and incidents.
Answers
D.
Protect individual components from exploitation
D.
Protect individual components from exploitation
Answers
Suggested answer: D

Question 1132

Report
Export
Collapse

Wi-Fi Protected Access 2 (WPA2) provides users with a higher level of assurance that their data will remain protected by using which protocol?

A.
Secure Shell (SSH)
A.
Secure Shell (SSH)
Answers
B.
Internet Protocol Security (IPsec)
B.
Internet Protocol Security (IPsec)
Answers
C.
Secure Sockets Layer (SSL)
C.
Secure Sockets Layer (SSL)
Answers
D.
Extensible Authentication Protocol (EAP)
D.
Extensible Authentication Protocol (EAP)
Answers
Suggested answer: A

Question 1133

Report
Export
Collapse

A software development company has a short timeline in which to deliver a software product. The software development team decides to use open-source software libraries to reduce the development time. What concept should software developers consider when using open-source software libraries?

A.
Open source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild.
A.
Open source libraries contain known vulnerabilities, and adversaries regularly exploit those vulnerabilities in the wild.
Answers
B.
Open source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be exploited.
B.
Open source libraries can be used by everyone, and there is a common understanding that the vulnerabilities in these libraries will not be exploited.
Answers
C.
Open source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit.
C.
Open source libraries are constantly updated, making it unlikely that a vulnerability exists for an adversary to exploit.
Answers
D.
Open source libraries contain unknown vulnerabilities, so they should not be used.
D.
Open source libraries contain unknown vulnerabilities, so they should not be used.
Answers
Suggested answer: A

Question 1134

Report
Export
Collapse

According to the (ISC)? ethics canon "act honorably, honestly, justly, responsibly, and legally," which order should be used when resolving conflicts?

A.
Public safety and duties to principals, individuals, and the profession
A.
Public safety and duties to principals, individuals, and the profession
Answers
B.
Individuals, the profession, and public safety and duties to principals
B.
Individuals, the profession, and public safety and duties to principals
Answers
C.
Individuals, public safety and duties to principals, and the profession
C.
Individuals, public safety and duties to principals, and the profession
Answers
D.
The profession, public safety and duties to principals, and individuals
D.
The profession, public safety and duties to principals, and individuals
Answers
Suggested answer: A

Question 1135

Report
Export
Collapse

When conducting a remote access session using Internet Protocol Security (IPSec), which Open Systems Interconnection (OSI) model layer does this connection use?

A.
Transport
A.
Transport
Answers
B.
Network
B.
Network
Answers
C.
Data link
C.
Data link
Answers
D.
Presentation
D.
Presentation
Answers
Suggested answer: B

Question 1136

Report
Export
Collapse

Which of the following types of web-based attack is happening when an attacker is able to send a well-crafted, malicious request to an authenticated user without the user realizing it?

A.
ross-Site Scripting (XSS)
A.
ross-Site Scripting (XSS)
Answers
B.
Cross-Site request forgery (CSRF)
B.
Cross-Site request forgery (CSRF)
Answers
C.
Cross injection
C.
Cross injection
Answers
D.
Broken Authentication And Session Management
D.
Broken Authentication And Session Management
Answers
Suggested answer: B

Question 1137

Report
Export
Collapse

When reviewing the security logs, the password shown for an administrative login event was ' OR ' '1'='1' --. This is an example of which of the following kinds of attack?

A.
Brute Force Attack
A.
Brute Force Attack
Answers
B.
Structured Query Language (SQL) Injection
B.
Structured Query Language (SQL) Injection
Answers
C.
Cross-Site Scripting (XSS)
C.
Cross-Site Scripting (XSS)
Answers
D.
Rainbow Table Attack
D.
Rainbow Table Attack
Answers
Suggested answer: B

Question 1138

Report
Export
Collapse

An organization's internal audit team performed a security audit on the company's system and reported that the manufacturing application is rarely updated along with other issues categorized as minor. Six months later, an external audit team reviewed the same system with the same scope, but identified severe weaknesses in the manufacturing application's security controls. What is MOST likely to be the root cause of the internal audit team's failure in detecting these security issues?

A.
Inadequate test coverage analysis
A.
Inadequate test coverage analysis
Answers
B.
Inadequate security patch testing
B.
Inadequate security patch testing
Answers
C.
Inadequate log reviews
C.
Inadequate log reviews
Answers
D.
Inadequate change control procedures
D.
Inadequate change control procedures
Answers
Suggested answer: A

Question 1139

Report
Export
Collapse

Which audit type is MOST appropriate for evaluating the effectiveness of a security program?

A.
Threat
A.
Threat
Answers
B.
Assessment
B.
Assessment
Answers
C.
Analysis
C.
Analysis
Answers
D.
Validation
D.
Validation
Answers
Suggested answer: B

Question 1140

Report
Export
Collapse

The development team has been tasked with collecting data from biometric devices. The application will support a variety of collection data streams. During the testing phase, the team utilizes data from an old production database in a secure testing environment. What principle has the team taken into consideration?

A.
biometric data cannot be changed.
A.
biometric data cannot be changed.
Answers
B.
Separate biometric data streams require increased security.
B.
Separate biometric data streams require increased security.
Answers
C.
The biometric devices are unknown.
C.
The biometric devices are unknown.
Answers
D.
Biometric data must be protected from disclosure.
D.
Biometric data must be protected from disclosure.
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms