ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 132

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1311

Report
Export
Collapse

In order to provide dual assurance in a digital signature system, the design MUST include which of the following?

A.
The public key must be unique for the signed document.
A.
The public key must be unique for the signed document.
Answers
B.
signature process must generate adequate authentication credentials.
B.
signature process must generate adequate authentication credentials.
Answers
C.
The hash of the signed document must be present.
C.
The hash of the signed document must be present.
Answers
D.
The encrypted private key must be provided in the signing certificate.
D.
The encrypted private key must be provided in the signing certificate.
Answers
Suggested answer: B

Question 1312

Report
Export
Collapse

Which of the following attacks, if successful, could give an intruder complete control of a softwaredefined networking (SDN) architecture?

A.
Sniffing the traffic of a compromised host inside the network
A.
Sniffing the traffic of a compromised host inside the network
Answers
B.
Sending control messages to open a flow that does not pass a firewall from a compromised host within the network
B.
Sending control messages to open a flow that does not pass a firewall from a compromised host within the network
Answers
C.
A brute force password attack on the Secure Shell (SSH) port of the controller
C.
A brute force password attack on the Secure Shell (SSH) port of the controller
Answers
D.
Remote Authentication Dial-In User Service (RADIUS) token replay attack
D.
Remote Authentication Dial-In User Service (RADIUS) token replay attack
Answers
Suggested answer: B

Question 1313

Report
Export
Collapse

What type of investigation applies when malicious behavior is suspected between two organizations?

A.
Regulatory
A.
Regulatory
Answers
B.
Criminal
B.
Criminal
Answers
C.
Civil
C.
Civil
Answers
D.
Operational
D.
Operational
Answers
Suggested answer: A

Question 1314

Report
Export
Collapse

The Chief Information Security Officer (CISO) of a small organization is making a case for building a security operations center (SOC). While debating between an in-house, fully outsourced, or a hybrid capability, which of the following would be the MAIN consideration, regardless of the model?

A.
Skill set and training
A.
Skill set and training
Answers
B.
Headcount and capacity
B.
Headcount and capacity
Answers
C.
Tools and technologies
C.
Tools and technologies
Answers
D.
Scope and service catalog
D.
Scope and service catalog
Answers
Suggested answer: C

Question 1315

Report
Export
Collapse

What are the three key benefits that application developers should derive from the northbound application programming interface (API) of software defined networking (SDN)?

A.
Familiar syntax, abstraction of network topology, and definition of network protocols
A.
Familiar syntax, abstraction of network topology, and definition of network protocols
Answers
B.
Network syntax, abstraction of network flow, and abstraction of network protocols
B.
Network syntax, abstraction of network flow, and abstraction of network protocols
Answers
C.
Network syntax, abstraction of network commands, and abstraction of network protocols
C.
Network syntax, abstraction of network commands, and abstraction of network protocols
Answers
D.
Familiar syntax, abstraction of network topology, and abstraction of network protocols
D.
Familiar syntax, abstraction of network topology, and abstraction of network protocols
Answers
Suggested answer: C

Question 1316

Report
Export
Collapse

What security principle addresses the issue of "Security by Obscurity"?

A.
Open design
A.
Open design
Answers
B.
Segregation of duties (SoD)
B.
Segregation of duties (SoD)
Answers
C.
Role Based Access Control (RBAC)
C.
Role Based Access Control (RBAC)
Answers
D.
Least privilege
D.
Least privilege
Answers
Suggested answer: D

Question 1317

Report
Export
Collapse

In Federated Identity Management (FIM), which of the following represents the concept of federation?

A.
Collection of information logically grouped into a single entity
A.
Collection of information logically grouped into a single entity
Answers
B.
Collection, maintenance, and deactivation of user objects and attributes in one or more systems, directories or applications
B.
Collection, maintenance, and deactivation of user objects and attributes in one or more systems, directories or applications
Answers
C.
Collection of information for common identities in a system
C.
Collection of information for common identities in a system
Answers
D.
Collection of domains that have established trust among themselves
D.
Collection of domains that have established trust among themselves
Answers
Suggested answer: D

Question 1318

Report
Export
Collapse

A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?

A.
Design
A.
Design
Answers
B.
Test
B.
Test
Answers
C.
Development
C.
Development
Answers
D.
Deployment
D.
Deployment
Answers
Suggested answer: C

Question 1319

Report
Export
Collapse

Which of the following vulnerability assessment activities BEST exemplifies the Examine method of assessment?

A.
Ensuring that system audit logs capture all relevant data fields required by the security controls baseline
A.
Ensuring that system audit logs capture all relevant data fields required by the security controls baseline
Answers
B.
Performing Port Scans of selected network hosts to enumerate active services
B.
Performing Port Scans of selected network hosts to enumerate active services
Answers
C.
Asking the Information System Security Officer (ISSO) to describe the organization's patch management processes
C.
Asking the Information System Security Officer (ISSO) to describe the organization's patch management processes
Answers
D.
Logging into a web server using the default administrator account and a default password
D.
Logging into a web server using the default administrator account and a default password
Answers
Suggested answer: D

Question 1320

Report
Export
Collapse

Which of the following is the MOST appropriate control for asset data labeling procedures?

A.
Logging data media to provide a physical inventory control
A.
Logging data media to provide a physical inventory control
Answers
B.
Reviewing audit trails of logging records
B.
Reviewing audit trails of logging records
Answers
C.
Categorizing the types of media being used
C.
Categorizing the types of media being used
Answers
D.
Reviewing off-site storage access controls
D.
Reviewing off-site storage access controls
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms