ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 129

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1281

Report
Export
Collapse

Which of the following is an example of a vulnerability of full-disk encryption (FDE)?

A.
Data at rest has been compromised when the user has authenticated to the device.
A.
Data at rest has been compromised when the user has authenticated to the device.
Answers
B.
Data on the device cannot be restored from backup.
B.
Data on the device cannot be restored from backup.
Answers
C.
Data in transit has been compromised when the user has authenticated to the device.
C.
Data in transit has been compromised when the user has authenticated to the device.
Answers
D.
Data on the device cannot be backed up.
D.
Data on the device cannot be backed up.
Answers
Suggested answer: A

Question 1282

Report
Export
Collapse

What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?

A.
Make all stakeholders aware of the program's progress.
A.
Make all stakeholders aware of the program's progress.
Answers
B.
Measure the effect of the program on the organization's workforce.
B.
Measure the effect of the program on the organization's workforce.
Answers
C.
Facilitate supervision of periodic training events.
C.
Facilitate supervision of periodic training events.
Answers
D.
Comply with legal regulations and document due diligence in security practices.
D.
Comply with legal regulations and document due diligence in security practices.
Answers
Suggested answer: C

Question 1283

Report
Export
Collapse

Which one of the following BEST protects vendor accounts that are used for emergency maintenance?

A.
Encryption of routing tables
A.
Encryption of routing tables
Answers
B.
Vendor access should be disabled until needed
B.
Vendor access should be disabled until needed
Answers
C.
Role-based access control (RBAC)
C.
Role-based access control (RBAC)
Answers
D.
Frequent monitoring of vendor access
D.
Frequent monitoring of vendor access
Answers
Suggested answer: B

Question 1284

Report
Export
Collapse

Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?

A.
Trusted Computing Base (TCB)
A.
Trusted Computing Base (TCB)
Answers
B.
Time separation
B.
Time separation
Answers
C.
Security kernel
C.
Security kernel
Answers
D.
Reference monitor
D.
Reference monitor
Answers
Suggested answer: C

Question 1285

Report
Export
Collapse

The Industrial Control System (ICS) Computer Emergency Response Team (CERT) has released an alert regarding ICS-focused malware specifically propagating through Windows-based business networks. Technicians at a local water utility note that their dams, canals, and locks controlled by an internal Supervisory Control and Data Acquisition (SCADA) system have been malfunctioning. A digital forensics professional is consulted in the Incident Response (IR) and recovery. Which of the following is the MOST challenging aspect of this investigation?

A.
SCADA network latency
A.
SCADA network latency
Answers
B.
Group policy implementation
B.
Group policy implementation
Answers
C.
Volatility of data
C.
Volatility of data
Answers
D.
Physical access to the system
D.
Physical access to the system
Answers
Suggested answer: C

Question 1286

Report
Export
Collapse

To minimize the vulnerabilities of a web-based application, which of the following FIRST actions will lock down the system and minimize the risk of an attack?

A.
Install an antivirus on the server
A.
Install an antivirus on the server
Answers
B.
Run a vulnerability scanner
B.
Run a vulnerability scanner
Answers
C.
Review access controls
C.
Review access controls
Answers
D.
Apply the latest vendor patches and updates
D.
Apply the latest vendor patches and updates
Answers
Suggested answer: D

Question 1287

Report
Export
Collapse

A hospital has allowed virtual private networking (VPN) access to remote database developers. Upon auditing the internal firewall configuration, the network administrator discovered that split-tunneling was enabled. What is the concern with this configuration?

A.
Remote sessions will not require multi-layer authentication.
A.
Remote sessions will not require multi-layer authentication.
Answers
B.
Remote clients are permitted to exchange traffic with the public and private network.
B.
Remote clients are permitted to exchange traffic with the public and private network.
Answers
C.
Multiple Internet Protocol Security (IPSec) tunnels may be exploitable in specific circumstances.
C.
Multiple Internet Protocol Security (IPSec) tunnels may be exploitable in specific circumstances.
Answers
D.
The network intrusion detection system (NIDS) will fail to inspect Secure Sockets Layer (SSL) traffic.
D.
The network intrusion detection system (NIDS) will fail to inspect Secure Sockets Layer (SSL) traffic.
Answers
Suggested answer: C

Question 1288

Report
Export
Collapse

A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?

A.
SOC 1
A.
SOC 1
Answers
B.
SOC 2 Type I
B.
SOC 2 Type I
Answers
C.
SOC 2 Type II
C.
SOC 2 Type II
Answers
D.
SOC 3
D.
SOC 3
Answers
Suggested answer: D

Question 1289

Report
Export
Collapse

What action should be taken by a business line that is unwilling to accept the residual risk in a system after implementing compensating controls?

A.
Notify the audit committee of the situation.
A.
Notify the audit committee of the situation.
Answers
B.
Purchase insurance to cover the residual risk.
B.
Purchase insurance to cover the residual risk.
Answers
C.
Implement operational safeguards.
C.
Implement operational safeguards.
Answers
D.
Find another business line willing to accept the residual risk.
D.
Find another business line willing to accept the residual risk.
Answers
Suggested answer: B

Question 1290

Report
Export
Collapse

Which of the following BEST represents a defense in depth concept?

A.
Network-based data loss prevention (DLP), Network Access Control (NAC), network-based Intrusion prevention system (NIPS), Port security on core switches
A.
Network-based data loss prevention (DLP), Network Access Control (NAC), network-based Intrusion prevention system (NIPS), Port security on core switches
Answers
B.
Host-based data loss prevention (DLP), Endpoint anti-malware solution, Host-based integrity checker, Laptop locks, hard disk drive (HDD) encryption
B.
Host-based data loss prevention (DLP), Endpoint anti-malware solution, Host-based integrity checker, Laptop locks, hard disk drive (HDD) encryption
Answers
C.
Endpoint security management, network intrusion detection system (NIDS), Network Access Control (NAC), Privileged Access Management (PAM), security information and event management (SIEM)
C.
Endpoint security management, network intrusion detection system (NIDS), Network Access Control (NAC), Privileged Access Management (PAM), security information and event management (SIEM)
Answers
D.
Web application firewall (WAF), Gateway network device tuning, Database firewall, Next- Generation Firewall (NGFW), Tier-2 demilitarized zone (DMZ) tuning
D.
Web application firewall (WAF), Gateway network device tuning, Database firewall, Next- Generation Firewall (NGFW), Tier-2 demilitarized zone (DMZ) tuning
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms