ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 130

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1291

Report
Export
Collapse

Which of the following statements BEST distinguishes a stateful packet inspection firewall from a stateless packet filter firewall?

A.
The SPI inspects the flags on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets.
A.
The SPI inspects the flags on Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets.
Answers
B.
The SPI inspects the traffic in the context of a session.
B.
The SPI inspects the traffic in the context of a session.
Answers
C.
The SPI is capable of dropping packets based on a pre-defined rule set.
C.
The SPI is capable of dropping packets based on a pre-defined rule set.
Answers
D.
The SPI inspects traffic on a packet-by-packet basis.
D.
The SPI inspects traffic on a packet-by-packet basis.
Answers
Suggested answer: B

Question 1292

Report
Export
Collapse

A client server infrastructure that provides user-to-server authentication describes which one of the following?

A.
Secure Sockets Layer (SSL)
A.
Secure Sockets Layer (SSL)
Answers
B.
Kerberos
B.
Kerberos
Answers
C.
509
C.
509
Answers
D.
User-based authorization
D.
User-based authorization
Answers
Suggested answer: B

Question 1293

Report
Export
Collapse

An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users were not informed as to what information collected would be shared. What technical controls should be put in place to remedy the privacy issue while still trying to accomplish the organization's business goals?

A.
Default the user to not share any information.
A.
Default the user to not share any information.
Answers
B.
Inform the user of the sharing feature changes after implemented.
B.
Inform the user of the sharing feature changes after implemented.
Answers
C.
Share only what the organization decides is best.
C.
Share only what the organization decides is best.
Answers
D.
Stop sharing data with the other users.
D.
Stop sharing data with the other users.
Answers
Suggested answer: D

Question 1294

Report
Export
Collapse

In which process MUST security be considered during the acquisition of new software?

A.
Contract negotiation
A.
Contract negotiation
Answers
B.
Request for proposal (RFP)
B.
Request for proposal (RFP)
Answers
C.
Implementation
C.
Implementation
Answers
D.
Vendor selection
D.
Vendor selection
Answers
Suggested answer: B

Question 1295

Report
Export
Collapse

An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor documents a finding related to an Application Programming Interface (API) performing an action that is not aligned with the scope or objective of the system. Which trust service principle would be MOST applicable in this situation?

A.
Processing Integrity
A.
Processing Integrity
Answers
B.
Availability
B.
Availability
Answers
C.
Confidentiality
C.
Confidentiality
Answers
D.
Security
D.
Security
Answers
Suggested answer: B

Question 1296

Report
Export
Collapse

A company needs to provide shared access of sensitive data on a cloud storage to external business partners. Which of the following identity models is the BEST to blind identity providers (IdP) and relying parties (RP) so that subscriber lists of other parties are not disclosed?

A.
Federation authorities
A.
Federation authorities
Answers
B.
Proxied federation
B.
Proxied federation
Answers
C.
Static registration
C.
Static registration
Answers
D.
Dynamic registration
D.
Dynamic registration
Answers
Suggested answer: D

Question 1297

Report
Export
Collapse

Which algorithm gets its security from the difficulty of calculating discrete logarithms in a finite field and is used to distribute keys, but cannot be used to encrypt or decrypt messages?

A.
Diffie-Hellman
A.
Diffie-Hellman
Answers
B.
Digital Signature Algorithm (DSA)
B.
Digital Signature Algorithm (DSA)
Answers
C.
Rivest-Shamir-Adleman (RSA)
C.
Rivest-Shamir-Adleman (RSA)
Answers
D.
Kerberos
D.
Kerberos
Answers
Suggested answer: C

Question 1298

Report
Export
Collapse

Which Wide Area Network (WAN) technology requires the first router in the path to determine the full path the packet will travel, removing the need for other routers in the path to make independent determinations?

A.
Multiprotocol Label Switching (MPLS)
A.
Multiprotocol Label Switching (MPLS)
Answers
B.
Synchronous Optical Networking (SONET)
B.
Synchronous Optical Networking (SONET)
Answers
C.
Session Initiation Protocol (SIP)
C.
Session Initiation Protocol (SIP)
Answers
D.
Fiber Channel Over Ethernet (FCoE)
D.
Fiber Channel Over Ethernet (FCoE)
Answers
Suggested answer: A

Question 1299

Report
Export
Collapse

An organization recently suffered from a web-application attack that resulted in stolen user session cookie information. The attacker was able to obtain the information when a user's browser executed a script upon visiting a compromised website. What type of attack MOST likely occurred?

A.
Cross-Site Scripting (XSS)
A.
Cross-Site Scripting (XSS)
Answers
B.
Extensible Markup Language (XML) external entities
B.
Extensible Markup Language (XML) external entities
Answers
C.
SQL injection (SQLI)
C.
SQL injection (SQLI)
Answers
D.
Cross-Site Request Forgery (CSRF)
D.
Cross-Site Request Forgery (CSRF)
Answers
Suggested answer: A

Question 1300

Report
Export
Collapse

An organization recently upgraded to a Voice over Internet Protocol (VoIP) phone system.

Management is concerned with unauthorized phone usage. security consultant is responsible for putting together a plan to secure these phones. Administrators have assigned unique personal identification number codes for each person in the organization. What is the BEST solution?

A.
Use phone locking software to enforce usage and PIN policies.
A.
Use phone locking software to enforce usage and PIN policies.
Answers
B.
Inform the user to change the PIN regularly. Implement call detail records (CDR) reports to track usage.
B.
Inform the user to change the PIN regularly. Implement call detail records (CDR) reports to track usage.
Answers
C.
Have the administrator enforce a policy to change the PIN regularly. Implement call detail records (CDR) reports to track usage.
C.
Have the administrator enforce a policy to change the PIN regularly. Implement call detail records (CDR) reports to track usage.
Answers
D.
Have the administrator change the PIN regularly. Implement call detail records (CDR) reports to track usage.
D.
Have the administrator change the PIN regularly. Implement call detail records (CDR) reports to track usage.
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms