ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 138

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1371

Report
Export
Collapse

Which is MOST important when negotiating an Internet service provider (ISP) service-level agreement (SLA) by an organization that solely provides Voice over Internet Protocol (VoIP) services?

A.
Mean time to repair (MTTR)
A.
Mean time to repair (MTTR)
Answers
B.
Quality of Service (QoS) between applications
B.
Quality of Service (QoS) between applications
Answers
C.
Availability of network services
C.
Availability of network services
Answers
D.
Financial penalties in case of disruption
D.
Financial penalties in case of disruption
Answers
Suggested answer: B

Question 1372

Report
Export
Collapse

A company developed a web application which is sold as a Software as a Service (SaaS) solution to the customer. The application is hosted by a web server running on a 'specific operating system (OS) on a virtual machine (VM). During the transition phase of the service, it is determined that the support team will need access to the application logs. Which of the following privileges would be the MOST suitable?

A.
Administrative privileges on the OS
A.
Administrative privileges on the OS
Answers
B.
Administrative privileges on the web server
B.
Administrative privileges on the web server
Answers
C.
Administrative privileges on the hypervisor
C.
Administrative privileges on the hypervisor
Answers
D.
Administrative privileges on the application folders
D.
Administrative privileges on the application folders
Answers
Suggested answer: D

Question 1373

Report
Export
Collapse

A systems engineer is designing a wide area network (WAN) environment for a new organization. The WAN will connect sites holding information at various levels of sensitivity, from publicly available to highly confidential. The organization requires a high degree of interconnectedness to support existing business processes. What is the BEST design approach to securing this environment?

A.
Place firewalls around critical devices, isolating them from the rest of the environment.
A.
Place firewalls around critical devices, isolating them from the rest of the environment.
Answers
B.
Layer multiple detective and preventative technologies at the environment perimeter.
B.
Layer multiple detective and preventative technologies at the environment perimeter.
Answers
C.
Use reverse proxies to create a secondary "shadow" environment for critical systems.
C.
Use reverse proxies to create a secondary "shadow" environment for critical systems.
Answers
D.
Align risk across all interconnected elements to ensure critical threats are detected and handled.
D.
Align risk across all interconnected elements to ensure critical threats are detected and handled.
Answers
Suggested answer: B

Question 1374

Report
Export
Collapse

Which event magnitude is defined as deadly, destructive, and disruptive when a hazard interacts with human vulnerability?

A.
Disaster
A.
Disaster
Answers
B.
Catastrophe
B.
Catastrophe
Answers
C.
Crisis
C.
Crisis
Answers
D.
Accident
D.
Accident
Answers
Suggested answer: B

Question 1375

Report
Export
Collapse

Which of the following goals represents a modern shift in risk management according to National Institute of Standards and Technology (NIST)?

A.
Focus on operating environments that are changing, evolving, and full of emerging threats.
A.
Focus on operating environments that are changing, evolving, and full of emerging threats.
Answers
B.
Secure information technology (IT) systems that store, process, or transmit organizational information.
B.
Secure information technology (IT) systems that store, process, or transmit organizational information.
Answers
C.
Enable management to make well-informed risk-based decisions justifying security expenditure.
C.
Enable management to make well-informed risk-based decisions justifying security expenditure.
Answers
D.
Provide an improved mission accomplishment approach.
D.
Provide an improved mission accomplishment approach.
Answers
Suggested answer: C

Question 1376

Report
Export
Collapse

A web developer is completing a new web application security checklist before releasing the application to production. the task of disabling unecessary services is on the checklist. Which web application threat is being mitigated by this action?

A.
Security misconfiguration
A.
Security misconfiguration
Answers
B.
Sensitive data exposure
B.
Sensitive data exposure
Answers
C.
Broken access control
C.
Broken access control
Answers
D.
Session hijacking
D.
Session hijacking
Answers
Suggested answer: B

Question 1377

Report
Export
Collapse

Which of the following is a limitation of the Bell-LaPadula model?

A.
Segregation of duties (SoD) is difficult to implement as the "no read-up" rule limits the ability of an object to access information with a higher classification.
A.
Segregation of duties (SoD) is difficult to implement as the "no read-up" rule limits the ability of an object to access information with a higher classification.
Answers
B.
Mandatory access control (MAC) is enforced at all levels making discretionary access control (DAC) impossible to implement.
B.
Mandatory access control (MAC) is enforced at all levels making discretionary access control (DAC) impossible to implement.
Answers
C.
It contains no provision or policy for changing data access control and works well only with access systems that are static in nature.
C.
It contains no provision or policy for changing data access control and works well only with access systems that are static in nature.
Answers
D.
It prioritizes integrity over confidentiality which can lead to inadvertent information disclosure.
D.
It prioritizes integrity over confidentiality which can lead to inadvertent information disclosure.
Answers
Suggested answer: A

Question 1378

Report
Export
Collapse

Which of the following is the BEST option to reduce the network attack surface of a system?

A.
Ensuring that there are no group accounts on the system
A.
Ensuring that there are no group accounts on the system
Answers
B.
Removing unnecessary system user accounts
B.
Removing unnecessary system user accounts
Answers
C.
Disabling unnecessary ports and services
C.
Disabling unnecessary ports and services
Answers
D.
Uninstalling default software on the system
D.
Uninstalling default software on the system
Answers
Suggested answer: C

Question 1379

Report
Export
Collapse

Which of the following is the PRIMARY reason for selecting the appropriate level of detail for audit record generation?

A.
Lower costs throughout the System Development Life Cycle (SDLC)
A.
Lower costs throughout the System Development Life Cycle (SDLC)
Answers
B.
Facilitate a root cause analysis (RCA)
B.
Facilitate a root cause analysis (RCA)
Answers
C.
Enable generation of corrective action reports
C.
Enable generation of corrective action reports
Answers
D.
Avoid lengthy audit reports
D.
Avoid lengthy audit reports
Answers
Suggested answer: B

Question 1380

Report
Export
Collapse

A financial organization that works according to agile principles has developed a new application for their external customer base to request a line of credit. A security analyst has been asked to assess the security risk of the minimum viable product (MVP). Which is the MOST important activity the analyst should assess?

A.
The software has the correct functionality.
A.
The software has the correct functionality.
Answers
B.
The software has been code reviewed.
B.
The software has been code reviewed.
Answers
C.
The software had been branded according to corporate standards,
C.
The software had been branded according to corporate standards,
Answers
D.
The software has been signed off for release by the product owner.
D.
The software has been signed off for release by the product owner.
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms