ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 131

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1301

Report
Export
Collapse

Which of the following regulations dictates how data breaches are handled?

A.
Sarbanes-Oxley (SOX)
A.
Sarbanes-Oxley (SOX)
Answers
B.
National Institute of Standards and Technology (NIST)
B.
National Institute of Standards and Technology (NIST)
Answers
C.
Payment Card Industry Data Security Standard (PCI-DSS)
C.
Payment Card Industry Data Security Standard (PCI-DSS)
Answers
D.
General Data Protection Regulation (GDPR)
D.
General Data Protection Regulation (GDPR)
Answers
Suggested answer: D

Question 1302

Report
Export
Collapse

Which of the following is fundamentally required to address potential security issues when initiating software development?

A.
Implement ongoing security audits in all environments.
A.
Implement ongoing security audits in all environments.
Answers
B.
Ensure isolation of development from production.
B.
Ensure isolation of development from production.
Answers
C.
Add information security objectives into development.
C.
Add information security objectives into development.
Answers
D.
Conduct independent source code review.
D.
Conduct independent source code review.
Answers
Suggested answer: C

Question 1303

Report
Export
Collapse

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-systems gracefully handle invalid input?

A.
Unit testing
A.
Unit testing
Answers
B.
Integration testing
B.
Integration testing
Answers
C.
Negative testing
C.
Negative testing
Answers
D.
Acceptance testing
D.
Acceptance testing
Answers
Suggested answer: B

Question 1304

Report
Export
Collapse

An information security administrator wishes to block peer-to-peer (P2P) traffic over Hypertext Transfer Protocol (HTTP) tunnels. Which of the following layers of the Open Systems Interconnection (OSI) model requires inspection?

A.
Presentation
A.
Presentation
Answers
B.
Transport
B.
Transport
Answers
C.
Session
C.
Session
Answers
D.
Application
D.
Application
Answers
Suggested answer: A

Question 1305

Report
Export
Collapse

An organization has requested storage area network (SAN) disks for a new project. What Redundant Array of Independent Disks (RAID) level provides the BEST redundancy and fault tolerance?

A.
RAID level 1
A.
RAID level 1
Answers
B.
RAID level 3
B.
RAID level 3
Answers
C.
RAID level 4
C.
RAID level 4
Answers
D.
RAID level 5
D.
RAID level 5
Answers
Suggested answer: D

Question 1306

Report
Export
Collapse

An organization has implemented a password complexity and an account lockout policy enforcing five incorrect logins tries within ten minutes. Network users have reported significantly increased account lockouts. Which of the following security principles is this company affecting?

A.
Availability
A.
Availability
Answers
B.
Integrity
B.
Integrity
Answers
C.
Confidentiality
C.
Confidentiality
Answers
D.
Authentication
D.
Authentication
Answers
Suggested answer: A

Question 1307

Report
Export
Collapse

In the last 15 years a company has experienced three electrical failures. The cost associated with each failure is listed below.

Which of the following would be a reasonable annual loss expectation?

A.
140,000
A.
140,000
Answers
B.
3,500
B.
3,500
Answers
C.
350,000
C.
350,000
Answers
D.
14,000
D.
14,000
Answers
Suggested answer: B

Question 1308

Report
Export
Collapse

Which of the following addresses requirements of security assessments during software acquisition?

A.
Software configuration management (SCM)
A.
Software configuration management (SCM)
Answers
B.
Data loss prevention (DLP) policy
B.
Data loss prevention (DLP) policy
Answers
C.
Continuous monitoring
C.
Continuous monitoring
Answers
D.
Software assurance policy
D.
Software assurance policy
Answers
Suggested answer: A

Question 1309

Report
Export
Collapse

Which of the following BEST obtains an objective audit of security controls?

A.
The security audit is measured against a known standard.
A.
The security audit is measured against a known standard.
Answers
B.
The security audit is performed by a certified internal auditor.
B.
The security audit is performed by a certified internal auditor.
Answers
C.
The security audit is performed by an independent third-party.
C.
The security audit is performed by an independent third-party.
Answers
D.
The security audit produces reporting metrics for senior leadership.
D.
The security audit produces reporting metrics for senior leadership.
Answers
Suggested answer: A

Question 1310

Report
Export
Collapse

Which of the following is established to collect information Se eee ee ee nation readily available in part through implemented security controls?

A.
Security Assessment Report (SAR)
A.
Security Assessment Report (SAR)
Answers
B.
Organizational risk tolerance
B.
Organizational risk tolerance
Answers
C.
Information Security Continuous Monitoring (ISCM)
C.
Information Security Continuous Monitoring (ISCM)
Answers
D.
Risk assessment report
D.
Risk assessment report
Answers
Suggested answer: D
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms