ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 143

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 1421

Report
Export
Collapse

Which of the following is the FIRST step an organization's security professional performs when defining a cyber-security program based upon industry standards?

A.
Map the organization's current security practices to industry standards and frameworks.
A.
Map the organization's current security practices to industry standards and frameworks.
Answers
B.
Define the organization's objectives regarding security and risk mitigation.
B.
Define the organization's objectives regarding security and risk mitigation.
Answers
C.
Select from a choice of security best practices.
C.
Select from a choice of security best practices.
Answers
D.
Review the past security assessments.
D.
Review the past security assessments.
Answers
Suggested answer: A

Question 1422

Report
Export
Collapse

What are the PRIMARY responsibilities of security operations for handling and reporting violations and incidents?

A.
Monitoring and identifying system failures, documenting incidents for future analysis, and scheduling patches for systems
A.
Monitoring and identifying system failures, documenting incidents for future analysis, and scheduling patches for systems
Answers
B.
Scheduling patches for systems, notifying the help desk, and alerting key personnel
B.
Scheduling patches for systems, notifying the help desk, and alerting key personnel
Answers
C.
Monitoring and identifying system failures, alerting key personnel, and containing events
C.
Monitoring and identifying system failures, alerting key personnel, and containing events
Answers
D.
Documenting incidents for future analysis, notifying end users, and containing events
D.
Documenting incidents for future analysis, notifying end users, and containing events
Answers
Suggested answer: D

Question 1423

Report
Export
Collapse

An internal audit for an organization recently identified malicious actions by a user account. Upon further investigation, it was determined the offending user account was used by multiple people at multiple locations simultaneously for various services and applications. What is the BEST method to prevent this problem in the future?

A.
Ensure the security information and event management (SIEM) is set to alert.
A.
Ensure the security information and event management (SIEM) is set to alert.
Answers
B.
Inform users only one user should be using the account at a time.
B.
Inform users only one user should be using the account at a time.
Answers
C.
Ensure each user has their own unique account,
C.
Ensure each user has their own unique account,
Answers
D.
Allow several users to share a generic account.
D.
Allow several users to share a generic account.
Answers
Suggested answer: A

Question 1424

Report
Export
Collapse

Which of the following are all elements of a disaster recovery plan (DRP)?

A.
Document the actual location of the ORP, developing an incident notification procedure, evaluating costs of critical components
A.
Document the actual location of the ORP, developing an incident notification procedure, evaluating costs of critical components
Answers
B.
Document the actual location of the ORP, developing an incident notification procedure, establishing recovery locations
B.
Document the actual location of the ORP, developing an incident notification procedure, establishing recovery locations
Answers
C.
Maintain proper documentation of all server logs, developing an incident notification procedure, establishing recovery locations
C.
Maintain proper documentation of all server logs, developing an incident notification procedure, establishing recovery locations
Answers
D.
Document the actual location of the ORP, recording minutes at all ORP planning sessions, establishing recovery locations
D.
Document the actual location of the ORP, recording minutes at all ORP planning sessions, establishing recovery locations
Answers
Suggested answer: C

Question 1425

Report
Export
Collapse

Which of the following BEST ensures the integrity of transactions to intended recipients?

A.
Public key infrastructure (PKI)
A.
Public key infrastructure (PKI)
Answers
B.
Blockchain technology
B.
Blockchain technology
Answers
C.
Pre-shared key (PSK)
C.
Pre-shared key (PSK)
Answers
D.
Web of trust
D.
Web of trust
Answers
Suggested answer: A

Question 1426

Report
Export
Collapse

A breach investigation ...... a website was exploited through an open soured ......Is The FIRB Stan In the Process that could have prevented this breach?

A.
Application whitelisting
A.
Application whitelisting
Answers
B.
Web application firewall (WAF)
B.
Web application firewall (WAF)
Answers
C.
Vulnerability remediation
C.
Vulnerability remediation
Answers
D.
Software inventory
D.
Software inventory
Answers
Suggested answer: B

Question 1427

Report
Export
Collapse

Which of the following statements is TRUE about Secure Shell (SSH)?

A.
SSH does not protect against man-in-the-middle (MITM) attacks.
A.
SSH does not protect against man-in-the-middle (MITM) attacks.
Answers
B.
SSH supports port forwarding, which can be used to protect less secured protocols.
B.
SSH supports port forwarding, which can be used to protect less secured protocols.
Answers
C.
SSH can be used with almost any application because it is concerned with maintaining a circuit.
C.
SSH can be used with almost any application because it is concerned with maintaining a circuit.
Answers
D.
SSH is easy to deploy because it requires a Web browser only.
D.
SSH is easy to deploy because it requires a Web browser only.
Answers
Suggested answer: B

Question 1428

Report
Export
Collapse

What type of database attack would allow a customer service employee to determine quarterly sales results before they are publically announced?

A.
Polyinstantiation
A.
Polyinstantiation
Answers
B.
Inference
B.
Inference
Answers
C.
Aggregation
C.
Aggregation
Answers
D.
Data mining
D.
Data mining
Answers
Suggested answer: A

Question 1429

Report
Export
Collapse

Which of the following frameworks provides vulnerability metrics and characteristics to support the National Vulnerability Database (NVD)?

A.
Center for Internet Security (CIS)
A.
Center for Internet Security (CIS)
Answers
B.
Common Vulnerabilities and Exposures (CVE)
B.
Common Vulnerabilities and Exposures (CVE)
Answers
C.
Open Web Application Security Project (OWASP)
C.
Open Web Application Security Project (OWASP)
Answers
D.
Common Vulnerability Scoring System (CVSS)
D.
Common Vulnerability Scoring System (CVSS)
Answers
Suggested answer: D

Question 1430

Report
Export
Collapse

Which of the following would be the BEST mitigation practice for man-in-the-middle (MITM) Voice over Internet Protocol (VoIP) attacks?

A.
Use Media Gateway Control Protocol (MGCP)
A.
Use Media Gateway Control Protocol (MGCP)
Answers
B.
Use Transport Layer Security (TLS) protocol
B.
Use Transport Layer Security (TLS) protocol
Answers
C.
Use File Transfer Protocol (FTP)
C.
Use File Transfer Protocol (FTP)
Answers
D.
Use Secure Shell (SSH) protocol
D.
Use Secure Shell (SSH) protocol
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms