ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 18

List of questions

Question 171

Report Export Collapse

Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?

Immediately document the finding and report to senior management.
Immediately document the finding and report to senior management.
Use system privileges to alter the permissions to secure the server
Use system privileges to alter the permissions to secure the server
Continue the testing to its completion and then inform IT management
Continue the testing to its completion and then inform IT management
Terminate the penetration test and pass the finding to the server management team
Terminate the penetration test and pass the finding to the server management team
Suggested answer: A
asked 18/09/2024
Juan Manuel Lopez Ortega
32 questions

Question 172

Report Export Collapse

Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?

Trusted Platform Module (TPM)
Trusted Platform Module (TPM)
Preboot eXecution Environment (PXE)
Preboot eXecution Environment (PXE)
Key Distribution Center (KDC)
Key Distribution Center (KDC)
Simple Key-Management for Internet Protocol (SKIP)
Simple Key-Management for Internet Protocol (SKIP)
Suggested answer: A
asked 18/09/2024
Rostyslav Skrypnyk
54 questions

Question 173

Report Export Collapse

The three PRIMARY requirements for a penetration test are

A defined goal, limited time period, and approval of management
A defined goal, limited time period, and approval of management
A general objective, unlimited time, and approval of the network administrator
A general objective, unlimited time, and approval of the network administrator
An objective statement, disclosed methodology, and fixed cost
An objective statement, disclosed methodology, and fixed cost
A stated objective, liability waiver, and disclosed methodology
A stated objective, liability waiver, and disclosed methodology
Suggested answer: A
asked 18/09/2024
Nalin Gupta
34 questions

Question 174

Report Export Collapse

Which of the following is an attacker MOST likely to target to gain privileged access to a system?

Programs that write to system resources
Programs that write to system resources
Programs that write to user directories
Programs that write to user directories
Log files containing sensitive information
Log files containing sensitive information
Log files containing system calls
Log files containing system calls
Suggested answer: A
asked 18/09/2024
John Murphy
35 questions

Question 175

Report Export Collapse

Why is a system's criticality classification important in large organizations?

It provides for proper prioritization and scheduling of security and maintenance tasks.
It provides for proper prioritization and scheduling of security and maintenance tasks.
It reduces critical system support workload and reduces the time required to apply patches.
It reduces critical system support workload and reduces the time required to apply patches.
It allows for clear systems status communications to executive management.
It allows for clear systems status communications to executive management.
It provides for easier determination of ownership, reducing confusion as to the status of the asset.
It provides for easier determination of ownership, reducing confusion as to the status of the asset.
Suggested answer: A
asked 18/09/2024
Aidan Lear
53 questions

Question 176

Report Export Collapse

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

confidentiality of the traffic is protected.
confidentiality of the traffic is protected.
opportunity to sniff network traffic exists.
opportunity to sniff network traffic exists.
opportunity for device identity spoofing is eliminated.
opportunity for device identity spoofing is eliminated.
storage devices are protected against availability attacks.
storage devices are protected against availability attacks.
Suggested answer: B
asked 18/09/2024
Rahul Biradavolu
43 questions

Question 177

Report Export Collapse

In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

A full-scale simulation of an emergency and the subsequent response functions
A full-scale simulation of an emergency and the subsequent response functions
A specific test by response teams of individual emergency response functions
A specific test by response teams of individual emergency response functions
A functional evacuation of personnel
A functional evacuation of personnel
An activation of the backup site
An activation of the backup site
Suggested answer: C
asked 18/09/2024
ABCO TECHNOLOGY
35 questions

Question 178

Report Export Collapse

Which of the following does the Encapsulating Security Payload (ESP) provide?

Authorization and integrity
Authorization and integrity
Availability and integrity
Availability and integrity
Integrity and confidentiality
Integrity and confidentiality
Authorization and confidentiality
Authorization and confidentiality
Suggested answer: C
asked 18/09/2024
Dereque Datson
47 questions

Question 179

Report Export Collapse

Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?

Role Based Access Control (RBAC)
Role Based Access Control (RBAC)
Biometric access control
Biometric access control
Federated Identity Management (IdM)
Federated Identity Management (IdM)
Application hardening
Application hardening
Suggested answer: A
asked 18/09/2024
Ibiyemi Araoye
45 questions

Question 180

Report Export Collapse

What is an effective practice when returning electronic storage media to third parties for repair?

Ensuring the media is not labeled in any way that indicates the organization's name.
Ensuring the media is not labeled in any way that indicates the organization's name.
Disassembling the media and removing parts that may contain sensitive datA.
Disassembling the media and removing parts that may contain sensitive datA.
Physically breaking parts of the media that may contain sensitive datA.
Physically breaking parts of the media that may contain sensitive datA.
Establishing a contract with the third party regarding the secure handling of the mediA.
Establishing a contract with the third party regarding the secure handling of the mediA.
Suggested answer: D
asked 18/09/2024
Alfred Macaraeg
35 questions
Total 1.482 questions
Go to page: of 149
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?