ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 133

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1321

Report
Export
Collapse

What BEST describes the confidentiality, integrity, availability triad?

A.
A tool used to assist in understanding how to protect the organization's data
A.
A tool used to assist in understanding how to protect the organization's data
Answers
B.
The three-step approach to determine the risk level of an organization
B.
The three-step approach to determine the risk level of an organization
Answers
C.
The implementation of security systems to protect the organization's data
C.
The implementation of security systems to protect the organization's data
Answers
D.
A vulnerability assessment to see how well the organization's data is protected
D.
A vulnerability assessment to see how well the organization's data is protected
Answers
Suggested answer: C

Question 1322

Report
Export
Collapse

When developing an external facing web-based system, which of the following would be the MAIN focus of the security assessment prior to implementation and production?

A.
Assessing the Uniform Resource Locator (URL)
A.
Assessing the Uniform Resource Locator (URL)
Answers
B.
Ensuring Secure Sockets Layer (SSL) certificates are signed by a certificate authority
B.
Ensuring Secure Sockets Layer (SSL) certificates are signed by a certificate authority
Answers
C.
Ensuring that input validation is enforced
C.
Ensuring that input validation is enforced
Answers
D.
Ensuring Secure Sockets Layer (SSL) certificates are internally signed
D.
Ensuring Secure Sockets Layer (SSL) certificates are internally signed
Answers
Suggested answer: B

Question 1323

Report
Export
Collapse

What type of risk is related to the sequences of value-adding and managerial activities undertaken in an organization?

A.
Demand risk
A.
Demand risk
Answers
B.
Process risk
B.
Process risk
Answers
C.
Control risk
C.
Control risk
Answers
D.
Supply risk
D.
Supply risk
Answers
Suggested answer: B

Question 1324

Report
Export
Collapse

In an environment where there is not full administrative control over all network connected endpoints, such as a university where non-corporate devices are used, what is the BEST way to restrict access to the network?

A.
Use switch port security to limit devices connected to a particular switch port.
A.
Use switch port security to limit devices connected to a particular switch port.
Answers
B.
Use of virtual local area networks (VLAN) to segregate users.
B.
Use of virtual local area networks (VLAN) to segregate users.
Answers
C.
Use a client-based Network Access Control (NAC) solution.
C.
Use a client-based Network Access Control (NAC) solution.
Answers
D.
Use a clientless Network Access Control (NAC) solution
D.
Use a clientless Network Access Control (NAC) solution
Answers
Suggested answer: A

Question 1325

Report
Export
Collapse

Which of the following threats would be MOST likely mitigated by monitoring assets containing open source libraries for vulnerabilities?

A.
Distributed denial-of-service (DDoS) attack
A.
Distributed denial-of-service (DDoS) attack
Answers
B.
Zero-day attack
B.
Zero-day attack
Answers
C.
Phishing attempt
C.
Phishing attempt
Answers
D.
Advanced persistent threat (APT) attempt
D.
Advanced persistent threat (APT) attempt
Answers
Suggested answer: A

Question 1326

Report
Export
Collapse

Which of the following is the BEST way to determine the success of a patch management process?

A.
Analysis and impact assessment
A.
Analysis and impact assessment
Answers
B.
Auditing and assessment
B.
Auditing and assessment
Answers
C.
Configuration management (CM)
C.
Configuration management (CM)
Answers
D.
Change management
D.
Change management
Answers
Suggested answer: A

Question 1327

Report
Export
Collapse

A company needs to provide employee access to travel services, which are hosted by a third-party service provider, Employee experience is important, and when users are already authenticated, access to the travel portal is seamless.

Which of the following methods is used to share information and grant user access to the travel portal?

A.
Security Assertion Markup Language (SAML) access
A.
Security Assertion Markup Language (SAML) access
Answers
B.
Single sign-on (SSO) access
B.
Single sign-on (SSO) access
Answers
C.
Open Authorization (OAuth) access
C.
Open Authorization (OAuth) access
Answers
D.
Federated access
D.
Federated access
Answers
Suggested answer: D

Question 1328

Report
Export
Collapse

Why is data classification control important to an organization?

A.
To ensure its integrity, confidentiality and availability
A.
To ensure its integrity, confidentiality and availability
Answers
B.
To enable data discovery
B.
To enable data discovery
Answers
C.
To control data retention in alignment with organizational policies and regulation
C.
To control data retention in alignment with organizational policies and regulation
Answers
D.
To ensure security controls align with organizational risk appetite
D.
To ensure security controls align with organizational risk appetite
Answers
Suggested answer: A

Question 1329

Report
Export
Collapse

Which of the following is the strongest physical access control?

A.
Biometrics and badge reader
A.
Biometrics and badge reader
Answers
B.
Biometrics, a password, and personal identification number (PIN)
B.
Biometrics, a password, and personal identification number (PIN)
Answers
C.
Individual password for each user
C.
Individual password for each user
Answers
D.
Biometrics, a password, and badge reader
D.
Biometrics, a password, and badge reader
Answers
Suggested answer: D

Question 1330

Report
Export
Collapse

While dealing with the consequences of a security incident, which of the following security controls are MOST appropriate?

A.
Detective and recovery controls
A.
Detective and recovery controls
Answers
B.
Corrective and recovery controls
B.
Corrective and recovery controls
Answers
C.
Preventative and corrective controls
C.
Preventative and corrective controls
Answers
D.
Recovery and proactive controls
D.
Recovery and proactive controls
Answers
Suggested answer: C
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms