ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 141

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1401

Report
Export
Collapse

The security operations center (SOC) has received credible intelligence that a threat actor is planning to attack with multiple variants of a destructive virus. After obtaining a sample set of this virus' variants and reverse engineering them to understand how they work, a commonality was found. All variants are coded to write to a specific memory location. It is determined this virus is of no threat to the organization because they had the focresight to enable what feature on all endpoints?

A.
Process isolation
A.
Process isolation
Answers
B.
Trusted Platform Module (TPM)
B.
Trusted Platform Module (TPM)
Answers
C.
Address Space Layout Randomization (ASLR)
C.
Address Space Layout Randomization (ASLR)
Answers
D.
Virtualization
D.
Virtualization
Answers
Suggested answer: C

Question 1402

Report
Export
Collapse

An information technology (IT) employee who travels frequently to various ies remotely to an organization' the following solutions BEST serves as a secure control mechanism to meet the organization's requirements? to troubleshoot p

Which of the following solutions BEST serves as a secure control mechanisn to meet the organization's requirements?

A.
Update the firewall rules to include the static Internet Protocol (IP) addresses of the locations where the employee connects from.
A.
Update the firewall rules to include the static Internet Protocol (IP) addresses of the locations where the employee connects from.
Answers
B.
Install a third-party screen sharing solution that provides remote connection from a public website.
B.
Install a third-party screen sharing solution that provides remote connection from a public website.
Answers
C.
Implement a Dynamic Domain Name Services (DDNS) account to initiate a virtual private network (VPN) using the DDNS record.
C.
Implement a Dynamic Domain Name Services (DDNS) account to initiate a virtual private network (VPN) using the DDNS record.
Answers
D.
Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access.
D.
Install a bastion host in the demilitarized zone (DMZ) and allow multi-factor authentication (MFA) access.
Answers
Suggested answer: D

Question 1403

Report
Export
Collapse

What is the term used to define where data is geographically stored in the cloud?

A.
Data warehouse
A.
Data warehouse
Answers
B.
Data privacy rights
B.
Data privacy rights
Answers
C.
Data subject rights
C.
Data subject rights
Answers
D.
Data sovereignty
D.
Data sovereignty
Answers
Suggested answer: D

Question 1404

Report
Export
Collapse

Assuming an individual has taken all of the steps to keep their internet connection private, which of the following is the BEST to browse the web privately?

A.
Prevent information about browsing activities from being stored in the cloud.
A.
Prevent information about browsing activities from being stored in the cloud.
Answers
B.
Store browsing activities in the cloud.
B.
Store browsing activities in the cloud.
Answers
C.
Prevent information about browsing activities farm being stored on the personal device.
C.
Prevent information about browsing activities farm being stored on the personal device.
Answers
D.
Store information about browsing activities on the personal device.
D.
Store information about browsing activities on the personal device.
Answers
Suggested answer: A

Question 1405

Report
Export
Collapse

Which of the following types of firewall only examines the "handshaking" between packets before forwarding traffic?

A.
Proxy firewalls
A.
Proxy firewalls
Answers
B.
Host-based firewalls
B.
Host-based firewalls
Answers
C.
Circuit-level firewalls
C.
Circuit-level firewalls
Answers
D.
Network Address Translation (NAT) firewalls
D.
Network Address Translation (NAT) firewalls
Answers
Suggested answer: C

Question 1406

Report
Export
Collapse

The security team plans on using automated account reconciliation in the corporate user access review process. Which of the following must be implemented for the BEST results with fewest errors when running the audit?

A.
Removal of service accounts from review
A.
Removal of service accounts from review
Answers
B.
Segregation of Duties (SoD)
B.
Segregation of Duties (SoD)
Answers
C.
Clear provisioning policies
C.
Clear provisioning policies
Answers
D.
Frequent audits
D.
Frequent audits
Answers
Suggested answer: C

Question 1407

Report
Export
Collapse

Which of the following is included in change management?

A.
Business continuity testing
A.
Business continuity testing
Answers
B.
User Acceptance Testing (UAT) before implementation
B.
User Acceptance Testing (UAT) before implementation
Answers
C.
Technical review by business owner
C.
Technical review by business owner
Answers
D.
Cost-benefit analysis (CBA) after implementation
D.
Cost-benefit analysis (CBA) after implementation
Answers
Suggested answer: A

Question 1408

Report
Export
Collapse

Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?

A.
Security Assertion Markup Language (SAML)
A.
Security Assertion Markup Language (SAML)
Answers
B.
Web application vulnerability scanners
B.
Web application vulnerability scanners
Answers
C.
Runtime application self-protection (RASP)
C.
Runtime application self-protection (RASP)
Answers
D.
Field-level tokenization
D.
Field-level tokenization
Answers
Suggested answer: C

Question 1409

Report
Export
Collapse

Before allowing a web application into the production environment, the security practitioner performs multiple types of tests to confirm that the web application performs as expected. To test the username field, the security practitioner creates a test that enters more characters into the field than is allowed. Which of the following BEST describes the type of test performed?

A.
Misuse case testing
A.
Misuse case testing
Answers
B.
Penetration testing
B.
Penetration testing
Answers
C.
Web session testing
C.
Web session testing
Answers
D.
Interface testing
D.
Interface testing
Answers
Suggested answer: A

Question 1410

Report
Export
Collapse

When developing an organization's information security budget, it is important that the

A.
expected risk can be managed appropriately with the funds allocated.
A.
expected risk can be managed appropriately with the funds allocated.
Answers
B.
requested funds are at an equal amount to the expected cost of breaches.
B.
requested funds are at an equal amount to the expected cost of breaches.
Answers
C.
requested funds are part of a shared funding pool with other areas.
C.
requested funds are part of a shared funding pool with other areas.
Answers
D.
expected risk to the organization does not exceed the funds allocated.
D.
expected risk to the organization does not exceed the funds allocated.
Answers
Suggested answer: A
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms