ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 120

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1191

Report
Export
Collapse

Which of the following roles is responsible for ensuring that important datasets are developed, maintained, and are accessible within their defined specifications?

A.
Data Reviewer
A.
Data Reviewer
Answers
B.
Data User
B.
Data User
Answers
C.
Data Custodian
C.
Data Custodian
Answers
D.
Data Owner
D.
Data Owner
Answers
Suggested answer: D

Question 1192

Report
Export
Collapse

What is the MOST important criterion that needs to be adhered to during the data collection process of an active investigation?

A.
Capturing an image of the system
A.
Capturing an image of the system
Answers
B.
Maintaining the chain of custody
B.
Maintaining the chain of custody
Answers
C.
Complying with the organization's security policy
C.
Complying with the organization's security policy
Answers
D.
Outlining all actions taken during the investigation
D.
Outlining all actions taken during the investigation
Answers
Suggested answer: A

Question 1193

Report
Export
Collapse

What is the PRIMARY benefit of relying on Security Content Automation Protocol (SCAP)?

A.
Save security costs for the organization.
A.
Save security costs for the organization.
Answers
B.
Improve vulnerability assessment capabilities.
B.
Improve vulnerability assessment capabilities.
Answers
C.
Standardize specifications between software security products.
C.
Standardize specifications between software security products.
Answers
D.
Achieve organizational compliance with international standards.
D.
Achieve organizational compliance with international standards.
Answers
Suggested answer: C

Question 1194

Report
Export
Collapse

A user's credential for an application is stored in a relational database. Which control protects the confidentiality of the credential while it is stored?

A.
Validate passwords using a stored procedure.
A.
Validate passwords using a stored procedure.
Answers
B.
Allow only the application to have access to the password field in order to verify user authentication.
B.
Allow only the application to have access to the password field in order to verify user authentication.
Answers
C.
Use a salted cryptographic hash of the password.
C.
Use a salted cryptographic hash of the password.
Answers
D.
Encrypt the entire database and embed an encryption key in the application.
D.
Encrypt the entire database and embed an encryption key in the application.
Answers
Suggested answer: C

Question 1195

Report
Export
Collapse

What is the PRIMARY consideration when testing industrial control systems (ICS) for security weaknesses?

A.
ICS often do not have availability requirements.
A.
ICS often do not have availability requirements.
Answers
B.
ICS are often isolated and difficult to access.
B.
ICS are often isolated and difficult to access.
Answers
C.
ICS often run on UNIX operating systems.
C.
ICS often run on UNIX operating systems.
Answers
D.
ICS are often sensitive to unexpected traffic.
D.
ICS are often sensitive to unexpected traffic.
Answers
Suggested answer: B

Question 1196

Report
Export
Collapse

An organization implements Network Access Control (NAC) ay Institute of Electrical and Electronics Engineers (IEEE) 802.1x and discovers the printers do not support the IEEE 802.1x standard. Which of the following is the BEST resolution?

A.
Implement port security on the switch ports for the printers.
A.
Implement port security on the switch ports for the printers.
Answers
B.
Implement a virtual local area network (VLAN) for the printers.
B.
Implement a virtual local area network (VLAN) for the printers.
Answers
C.
Do nothing; IEEE 802.1x is irrelevant to printers.
C.
Do nothing; IEEE 802.1x is irrelevant to printers.
Answers
D.
Install an IEEE 802. 1x bridge for the printers.
D.
Install an IEEE 802. 1x bridge for the printers.
Answers
Suggested answer: A

Question 1197

Report
Export
Collapse

What process facilitates the balance of operational and economic costs of protective measures with gains in mission capability?

A.
Risk assessment
A.
Risk assessment
Answers
B.
Performance testing
B.
Performance testing
Answers
C.
Security audit
C.
Security audit
Answers
D.
Risk management
D.
Risk management
Answers
Suggested answer: D

Question 1198

Report
Export
Collapse

Which of the following BEST describes why software assurance is critical in helping prevent an increase in business and mission risk for an organization?

A.
Software that does not perform as intended may be exploitable which makes it vulnerable to attack.
A.
Software that does not perform as intended may be exploitable which makes it vulnerable to attack.
Answers
B.
Request for proposals (RFP) avoid purchasing software that does not meet business needs.
B.
Request for proposals (RFP) avoid purchasing software that does not meet business needs.
Answers
C.
Contracting processes eliminate liability for security vulnerabilities for the purchaser.
C.
Contracting processes eliminate liability for security vulnerabilities for the purchaser.
Answers
D.
Decommissioning of old software reduces long-term costs related to technical debt.
D.
Decommissioning of old software reduces long-term costs related to technical debt.
Answers
Suggested answer: B

Question 1199

Report
Export
Collapse

In software development, which of the following entities normally signs the code to protect the code integrity?

A.
The organization developing the code
A.
The organization developing the code
Answers
B.
The quality control group
B.
The quality control group
Answers
C.
The data owner
C.
The data owner
Answers
D.
The developer
D.
The developer
Answers
Suggested answer: B

Question 1200

Report
Export
Collapse

Which security evaluation model assesses a product's Security Assurance Level (SAL) in comparison to similar solutions?

A.
Payment Card Industry Data Security Standard (PCI-DSS)
A.
Payment Card Industry Data Security Standard (PCI-DSS)
Answers
B.
International Organization for Standardization (ISO) 27001
B.
International Organization for Standardization (ISO) 27001
Answers
C.
Common criteria (CC)
C.
Common criteria (CC)
Answers
D.
Control Objectives for Information and Related Technology (COBIT)
D.
Control Objectives for Information and Related Technology (COBIT)
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms