ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 16

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 151

Report
Export
Collapse

The goal of software assurance in application development is to

A.
enable the development of High Availability (HA) systems.
A.
enable the development of High Availability (HA) systems.
Answers
B.
facilitate the creation of Trusted Computing Base (TCB) systems.
B.
facilitate the creation of Trusted Computing Base (TCB) systems.
Answers
C.
prevent the creation of vulnerable applications.
C.
prevent the creation of vulnerable applications.
Answers
D.
encourage the development of open source applications.
D.
encourage the development of open source applications.
Answers
Suggested answer: C

Question 152

Report
Export
Collapse

What is the ultimate objective of information classification?

A.
To assign responsibility for mitigating the risk to vulnerable systems
A.
To assign responsibility for mitigating the risk to vulnerable systems
Answers
B.
To ensure that information assets receive an appropriate level of protection
B.
To ensure that information assets receive an appropriate level of protection
Answers
C.
To recognize that the value of any item of information may change over time
C.
To recognize that the value of any item of information may change over time
Answers
D.
To recognize the optimal number of classification categories and the benefits to be gained from their use
D.
To recognize the optimal number of classification categories and the benefits to be gained from their use
Answers
Suggested answer: B

Question 153

Report
Export
Collapse

In a financial institution, who has the responsibility for assigning the classification to a piece of information?

A.
Chief Financial Officer (CFO)
A.
Chief Financial Officer (CFO)
Answers
B.
Chief Information Security Officer (CISO)
B.
Chief Information Security Officer (CISO)
Answers
C.
Originator or nominated owner of the information
C.
Originator or nominated owner of the information
Answers
D.
Department head responsible for ensuring the protection of the information
D.
Department head responsible for ensuring the protection of the information
Answers
Suggested answer: C

Question 154

Report
Export
Collapse

An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to

A.
encrypt the contents of the repository and document any exceptions to that requirement.
A.
encrypt the contents of the repository and document any exceptions to that requirement.
Answers
B.
utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.
B.
utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected.
Answers
C.
keep individuals with access to high security areas from saving those documents into lower security areas.
C.
keep individuals with access to high security areas from saving those documents into lower security areas.
Answers
D.
require individuals with access to the system to sign Non-Disclosure Agreements (NDA).
D.
require individuals with access to the system to sign Non-Disclosure Agreements (NDA).
Answers
Suggested answer: A

Question 155

Report
Export
Collapse

What technique BEST describes antivirus software that detects viruses by watching anomalous behavior?

A.
Signature
A.
Signature
Answers
B.
Inference
B.
Inference
Answers
C.
Induction
C.
Induction
Answers
D.
Heuristic
D.
Heuristic
Answers
Suggested answer: D

Question 156

Report
Export
Collapse

Contingency plan exercises are intended to do which of the following?

A.
Train personnel in roles and responsibilities
A.
Train personnel in roles and responsibilities
Answers
B.
Validate service level agreements
B.
Validate service level agreements
Answers
C.
Train maintenance personnel
C.
Train maintenance personnel
Answers
D.
Validate operation metrics
D.
Validate operation metrics
Answers
Suggested answer: A

Question 157

Report
Export
Collapse

Two companies wish to share electronic inventory and purchase orders in a supplier and client relationship. What is the BEST security solution for them?

A.
Write a Service Level Agreement (SLA) for the two companies.
A.
Write a Service Level Agreement (SLA) for the two companies.
Answers
B.
Set up a Virtual Private Network (VPN) between the two companies.
B.
Set up a Virtual Private Network (VPN) between the two companies.
Answers
C.
Configure a firewall at the perimeter of each of the two companies.
C.
Configure a firewall at the perimeter of each of the two companies.
Answers
D.
Establish a File Transfer Protocol (FTP) connection between the two companies.
D.
Establish a File Transfer Protocol (FTP) connection between the two companies.
Answers
Suggested answer: B

Question 158

Report
Export
Collapse

Including a Trusted Platform Module (TPM) in the design of a computer system is an example of a technique to what?

A.
Interface with the Public Key Infrastructure (PKI)
A.
Interface with the Public Key Infrastructure (PKI)
Answers
B.
Improve the quality of security software
B.
Improve the quality of security software
Answers
C.
Prevent Denial of Service (DoS) attacks
C.
Prevent Denial of Service (DoS) attacks
Answers
D.
Establish a secure initial state
D.
Establish a secure initial state
Answers
Suggested answer: D

Question 159

Report
Export
Collapse

What a patch management program?

A.
Perform automatic deployment of patches.
A.
Perform automatic deployment of patches.
Answers
B.
Monitor for vulnerabilities and threats.
B.
Monitor for vulnerabilities and threats.
Answers
C.
Prioritize vulnerability remediation.
C.
Prioritize vulnerability remediation.
Answers
D.
Create a system inventory.
D.
Create a system inventory.
Answers
Suggested answer: D

Question 160

Report
Export
Collapse

Which of the following is an open standard for exchanging authentication and authorization data between parties?

A.
Wired markup language
A.
Wired markup language
Answers
B.
Hypertext Markup Language (HTML)
B.
Hypertext Markup Language (HTML)
Answers
C.
Extensible Markup Language (XML)
C.
Extensible Markup Language (XML)
Answers
D.
Security Assertion Markup Language (SAML)
D.
Security Assertion Markup Language (SAML)
Answers
Suggested answer: D
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms