ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 115

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1141

Report
Export
Collapse

An attacker has intruded into the source code management system and is able to download but not modify the code. Which of the following aspects of the code theft has the HIGHEST security impact?

A.
The attacker could publicly share confidential comments found in the stolen code.
A.
The attacker could publicly share confidential comments found in the stolen code.
Answers
B.
Competitors might be able to steal the organization's ideas by looking at the stolen code.
B.
Competitors might be able to steal the organization's ideas by looking at the stolen code.
Answers
C.
A competitor could run their own copy of the organization's website using the stolen code.
C.
A competitor could run their own copy of the organization's website using the stolen code.
Answers
D.
Administrative credentials or keys hard-coded within the stolen code could be used to access sensitive data.
D.
Administrative credentials or keys hard-coded within the stolen code could be used to access sensitive data.
Answers
Suggested answer: A

Question 1142

Report
Export
Collapse

Which of the following statements BEST describes least privilege principle in a cloud environment?

A.
Network segments remain private if unneeded to access the internet.
A.
Network segments remain private if unneeded to access the internet.
Answers
B.
Internet traffic is inspected for all incoming and outgoing packets.
B.
Internet traffic is inspected for all incoming and outgoing packets.
Answers
C.
A single cloud administrator is configured to access core functions.
C.
A single cloud administrator is configured to access core functions.
Answers
D.
Routing configurations are regularly updated with the latest routes.
D.
Routing configurations are regularly updated with the latest routes.
Answers
Suggested answer: B

Question 1143

Report
Export
Collapse

Which is the BEST control to meet the Statement on Standards for Attestation Engagements 18 (SSAE-18) confidentiality category?

A.
Data processing
A.
Data processing
Answers
B.
Storage encryption
B.
Storage encryption
Answers
C.
File hashing
C.
File hashing
Answers
D.
Data retention policy
D.
Data retention policy
Answers
Suggested answer: C

Question 1144

Report
Export
Collapse

The initial security categorization should be done early in the system life cycle and should be reviewed periodically. Why is it important for this to be done correctly?

A.
It determines the security requirements.
A.
It determines the security requirements.
Answers
B.
It affects other steps in the certification and accreditation process.
B.
It affects other steps in the certification and accreditation process.
Answers
C.
It determines the functional and operational requirements.
C.
It determines the functional and operational requirements.
Answers
D.
The system engineering process works with selected security controls.
D.
The system engineering process works with selected security controls.
Answers
Suggested answer: B

Question 1145

Report
Export
Collapse

Which of the following vulnerabilities can be BEST detected using automated analysis?

A.
Valid cross-site request forgery (CSRF) vulnerabilities
A.
Valid cross-site request forgery (CSRF) vulnerabilities
Answers
B.
Multi-step process attack vulnerabilities
B.
Multi-step process attack vulnerabilities
Answers
C.
Business logic flaw vulnerabilities
C.
Business logic flaw vulnerabilities
Answers
D.
Typical source code vulnerabilities
D.
Typical source code vulnerabilities
Answers
Suggested answer: D

Question 1146

Report
Export
Collapse

An organization wants to migrate to Session Initiation Protocol (SIP) to save on telephony expenses.

Which of the following security related statements should be considered in the decision-making process?

A.
Cloud telephony is less secure and more expensive than digital telephony services.
A.
Cloud telephony is less secure and more expensive than digital telephony services.
Answers
B.
SIP services are more secure when used with multi-layer security proxies.
B.
SIP services are more secure when used with multi-layer security proxies.
Answers
C.
H.323 media gateways must be used to ensure end-to-end security tunnels.
C.
H.323 media gateways must be used to ensure end-to-end security tunnels.
Answers
D.
Given the behavior of SIP traffic, additional security controls would be required.
D.
Given the behavior of SIP traffic, additional security controls would be required.
Answers
Suggested answer: C

Question 1147

Report
Export
Collapse

An organization's retail website provides its only source of revenue, so the disaster recovery plan (DRP) must document an estimated time for each step in the plan.

Which of the following steps in the DRP will list the GREATEST duration of time for the service to be fully operational?

A.
Update the Network Address Translation (NAT) table.
A.
Update the Network Address Translation (NAT) table.
Answers
B.
Update Domain Name System (DNS) server addresses with domain registrar.
B.
Update Domain Name System (DNS) server addresses with domain registrar.
Answers
C.
Update the Border Gateway Protocol (BGP) autonomous system number.
C.
Update the Border Gateway Protocol (BGP) autonomous system number.
Answers
D.
Update the web server network adapter configuration.
D.
Update the web server network adapter configuration.
Answers
Suggested answer: B

Question 1148

Report
Export
Collapse

Why is it important that senior management clearly communicates the formal Maximum Tolerable Downtime (MTD) decision?

A.
To provide each manager with precise direction on selecting an appropriate recovery alternative
A.
To provide each manager with precise direction on selecting an appropriate recovery alternative
Answers
B.
To demonstrate to the regulatory bodies that the company takes business continuity seriously
B.
To demonstrate to the regulatory bodies that the company takes business continuity seriously
Answers
C.
To demonstrate to the board of directors that senior management is committed to continuity recovery efforts
C.
To demonstrate to the board of directors that senior management is committed to continuity recovery efforts
Answers
D.
To provide a formal declaration from senior management as required by internal audit to demonstrate sound business practices
D.
To provide a formal declaration from senior management as required by internal audit to demonstrate sound business practices
Answers
Suggested answer: D

Question 1149

Report
Export
Collapse

Which of the following activities should a forensic examiner perform FIRST when determining the priority of digital evidence collection at a crime scene?

A.
Gather physical evidence,
A.
Gather physical evidence,
Answers
B.
Establish order of volatility.
B.
Establish order of volatility.
Answers
C.
Assign responsibilities to personnel on the scene.
C.
Assign responsibilities to personnel on the scene.
Answers
D.
Establish a list of files to examine.
D.
Establish a list of files to examine.
Answers
Suggested answer: C

Question 1150

Report
Export
Collapse

When assessing web vulnerabilities, how can navigating the dark web add value to a penetration test?

A.
The actual origin and tools used for the test can be hidden.
A.
The actual origin and tools used for the test can be hidden.
Answers
B.
Information may be found on related breaches and hacking.
B.
Information may be found on related breaches and hacking.
Answers
C.
Vulnerabilities can be tested without impact on the tested environment.
C.
Vulnerabilities can be tested without impact on the tested environment.
Answers
D.
Information may be found on hidden vendor patches.
D.
Information may be found on hidden vendor patches.
Answers
Suggested answer: D
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms