ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 140

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1391

Report
Export
Collapse

The existence of physical barriers, card and personal identification number (PIN) access systems, cameras, alarms, and security guards BEST describes this security approach?

A.
Security information and event management (SIEM)
A.
Security information and event management (SIEM)
Answers
B.
Security perimeter
B.
Security perimeter
Answers
C.
Defense-in-depth
C.
Defense-in-depth
Answers
D.
Access control
D.
Access control
Answers
Suggested answer: B

Question 1392

Report
Export
Collapse

A software architect has been asked to build a platform to distribute music to thousands of users on a global scale. The architect has been reading about content delivery networks (CDN). Which of the following is a principal task to undertake?

A.
Establish a service-oriented architecture (SOA).
A.
Establish a service-oriented architecture (SOA).
Answers
B.
Establish a media caching methodology.
B.
Establish a media caching methodology.
Answers
C.
Establish relationships with hundreds of Internet service providers (ISP).
C.
Establish relationships with hundreds of Internet service providers (ISP).
Answers
D.
Establish a low-latency wide area network (WAN).
D.
Establish a low-latency wide area network (WAN).
Answers
Suggested answer: B

Question 1393

Report
Export
Collapse

Which of the following BEST describes centralized identity management?

A.
Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identifiers.
A.
Service providers rely on a trusted third party (TTP) to provide requestors with both credentials and identifiers.
Answers
B.
Service providers agree to integrate identity system recognition across organizational boundaries.
B.
Service providers agree to integrate identity system recognition across organizational boundaries.
Answers
C.
Service providers identify an entity by behavior analysis versus an identification factor.
C.
Service providers identify an entity by behavior analysis versus an identification factor.
Answers
D.
Service providers perform as both the credential and identity provider (IdP).
D.
Service providers perform as both the credential and identity provider (IdP).
Answers
Suggested answer: B

Question 1394

Report
Export
Collapse

A database server for a financial application is scheduled for production deployment. Which of the following controls will BEST prevent tampering?

A.
Service accounts removal
A.
Service accounts removal
Answers
B.
Data validation
B.
Data validation
Answers
C.
Logging and monitoring
C.
Logging and monitoring
Answers
D.
Data sanitization
D.
Data sanitization
Answers
Suggested answer: B

Question 1395

Report
Export
Collapse

What is the FIRST step that should be considered in a Data Loss Prevention (DLP) program?

A.
Configuration management (CM)
A.
Configuration management (CM)
Answers
B.
Information Rights Management (IRM)
B.
Information Rights Management (IRM)
Answers
C.
Policy creation
C.
Policy creation
Answers
D.
Data classification
D.
Data classification
Answers
Suggested answer: D

Question 1396

Report
Export
Collapse

What is the benefit of an operating system (OS) feature that is designed to prevent an application from executing code from a non-executable memory region?

A.
Identifies which security patches still need to be installed on the system
A.
Identifies which security patches still need to be installed on the system
Answers
B.
Stops memory resident viruses from propagating their payload
B.
Stops memory resident viruses from propagating their payload
Answers
C.
Reduces the risk of polymorphic viruses from encrypting their payload
C.
Reduces the risk of polymorphic viruses from encrypting their payload
Answers
D.
Helps prevent certain exploits that store code in buffers
D.
Helps prevent certain exploits that store code in buffers
Answers
Suggested answer: C

Question 1397

Report
Export
Collapse

What Hypertext Transfer Protocol (HTTP) response header can be used to disable the execution ofinline JavaScript and the execution of eval()-type functions?

A.
Strict-Transport-Security
A.
Strict-Transport-Security
Answers
B.
X-XSS-Protection
B.
X-XSS-Protection
Answers
C.
X-Frame-Options
C.
X-Frame-Options
Answers
D.
Content-Security-Policy
D.
Content-Security-Policy
Answers
Suggested answer: D

Question 1398

Report
Export
Collapse

Which section of the assessment report addresses separate vulnerabilities, weaknesses, and gaps?

A.
Key findings section
A.
Key findings section
Answers
B.
Executive summary with full details
B.
Executive summary with full details
Answers
C.
Risk review section
C.
Risk review section
Answers
D.
Findings definition section
D.
Findings definition section
Answers
Suggested answer: A

Question 1399

Report
Export
Collapse

In a quarterly system access review, an active privileged account was discovered that did not exist in the prior review on the production system. The account was created one hour after the previous access review. Which of the following is the BEST option to reduce overall risk in addition to quarterly access reviews?

A.
Increase logging levels.
A.
Increase logging levels.
Answers
B.
Implement bi-annual reviews.
B.
Implement bi-annual reviews.
Answers
C.
Create policies for system access.
C.
Create policies for system access.
Answers
D.
Implement and review risk-based alerts.
D.
Implement and review risk-based alerts.
Answers
Suggested answer: D

Question 1400

Report
Export
Collapse

When recovering from an outage, what is the Recovery Point Objective (RPO), in terms of data recovery?

A.
The RPO is the maximum amount of time for which loss of data is acceptable.
A.
The RPO is the maximum amount of time for which loss of data is acceptable.
Answers
B.
The RPO is the minimum amount of data that needs to be recovered.
B.
The RPO is the minimum amount of data that needs to be recovered.
Answers
C.
The RPO is a goal to recover a targeted percentage of data lost.
C.
The RPO is a goal to recover a targeted percentage of data lost.
Answers
D.
The RPO is the amount of time it takes to recover an acceptable percentage of data lost.
D.
The RPO is the amount of time it takes to recover an acceptable percentage of data lost.
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms