ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 123

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1221

Report
Export
Collapse

Which of the following security tools monitors devices and records the information in a central database for further analysis?

A.
Security orchestration automation and response
A.
Security orchestration automation and response
Answers
B.
Host-based intrusion detection system (HIDS)
B.
Host-based intrusion detection system (HIDS)
Answers
C.
Antivirus
C.
Antivirus
Answers
D.
Endpoint detection and response (EDR)
D.
Endpoint detection and response (EDR)
Answers
Suggested answer: A

Question 1222

Report
Export
Collapse

Secure coding can be developed by applying which one of the following?

A.
Applying the organization's acceptable use guidance
A.
Applying the organization's acceptable use guidance
Answers
B.
Applying the industry best practice coding guidelines
B.
Applying the industry best practice coding guidelines
Answers
C.
Applying rapid application development (RAD) coding
C.
Applying rapid application development (RAD) coding
Answers
D.
Applying the organization's web application firewall (WAF) policy
D.
Applying the organization's web application firewall (WAF) policy
Answers
Suggested answer: B

Question 1223

Report
Export
Collapse

A company is moving from the V model to Agile development. How can the information security department BEST ensure that secure design principles are implemented in the new methodology?

A.
All developers receive a mandatory targeted information security training.
A.
All developers receive a mandatory targeted information security training.
Answers
B.
The non-financial information security requirements remain mandatory for the new model.
B.
The non-financial information security requirements remain mandatory for the new model.
Answers
C.
The information security department performs an information security assessment after each sprint.
C.
The information security department performs an information security assessment after each sprint.
Answers
D.
Information security requirements are captured in mandatory user stories.
D.
Information security requirements are captured in mandatory user stories.
Answers
Suggested answer: D

Question 1224

Report
Export
Collapse

An organization wants to define its physical perimeter. What primary device should be used to accomplish this objective if the organization's perimeter MUST cost-efficiently deter casual trespassers?

A.
Fences eight or more feet high with three strands of barbed wire
A.
Fences eight or more feet high with three strands of barbed wire
Answers
B.
Fences three to four feet high with a turnstile
B.
Fences three to four feet high with a turnstile
Answers
C.
Fences accompanied by patrolling security guards
C.
Fences accompanied by patrolling security guards
Answers
D.
Fences six to seven feet high with a painted gate
D.
Fences six to seven feet high with a painted gate
Answers
Suggested answer: A

Question 1225

Report
Export
Collapse

The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?

A.
Data Quality Principle
A.
Data Quality Principle
Answers
B.
Openness Principle
B.
Openness Principle
Answers
C.
Purpose Specification Principle
C.
Purpose Specification Principle
Answers
D.
Collection Limitation Principle
D.
Collection Limitation Principle
Answers
Suggested answer: D

Question 1226

Report
Export
Collapse

What is the BEST control to be implemented at a login page in a web application to mitigate the ability to enumerate users?

A.
Implement a generic response for a failed login attempt.
A.
Implement a generic response for a failed login attempt.
Answers
B.
Implement a strong password during account registration.
B.
Implement a strong password during account registration.
Answers
C.
Implement numbers and special characters in the user name.
C.
Implement numbers and special characters in the user name.
Answers
D.
Implement two-factor authentication (2FA) to login process.
D.
Implement two-factor authentication (2FA) to login process.
Answers
Suggested answer: A

Question 1227

Report
Export
Collapse

If the wide area network (WAN) is supporting converged applications like Voice over Internet Protocol (VoIP), which of the following becomes even MORE essential to the assurance of network?

A.
Classless Inter-Domain Routing (CIDR)
A.
Classless Inter-Domain Routing (CIDR)
Answers
B.
Deterministic routing
B.
Deterministic routing
Answers
C.
Internet Protocol (IP) routing lookups
C.
Internet Protocol (IP) routing lookups
Answers
D.
Boundary routing
D.
Boundary routing
Answers
Suggested answer: C

Question 1228

Report
Export
Collapse

A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to on and security However, an attacker was able to spoof a registered account on the network and query the SAML provider.

What is the MOST common attack leverage against this flaw?

A.
Attacker forges requests to authenticate as a different user.
A.
Attacker forges requests to authenticate as a different user.
Answers
B.
Attacker leverages SAML assertion to register an account on the security domain.
B.
Attacker leverages SAML assertion to register an account on the security domain.
Answers
C.
Attacker conducts denial-of-service (DoS) against the security domain by authenticating as the same user repeatedly.
C.
Attacker conducts denial-of-service (DoS) against the security domain by authenticating as the same user repeatedly.
Answers
D.
Attacker exchanges authentication and authorization data between security domains.
D.
Attacker exchanges authentication and authorization data between security domains.
Answers
Suggested answer: A

Question 1229

Report
Export
Collapse

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS).

Which of the following factors leads the company to choose an IDaaS as their solution?

A.
In-house development provides more control.
A.
In-house development provides more control.
Answers
B.
In-house team lacks resources to support an on-premise solution.
B.
In-house team lacks resources to support an on-premise solution.
Answers
C.
Third-party solutions are inherently more secure.
C.
Third-party solutions are inherently more secure.
Answers
D.
Third-party solutions are known for transferring the risk to the vendor.
D.
Third-party solutions are known for transferring the risk to the vendor.
Answers
Suggested answer: B

Question 1230

Report
Export
Collapse

In which of the following system life cycle processes should security requirements be developed?

A.
Risk management
A.
Risk management
Answers
B.
Business analysis
B.
Business analysis
Answers
C.
Information management
C.
Information management
Answers
D.
System analysis
D.
System analysis
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms