ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 18

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 171

Report
Export
Collapse

Which of the following is the FIRST action that a system administrator should take when it is revealed during a penetration test that everyone in an organization has unauthorized access to a server holding sensitive data?

A.
Immediately document the finding and report to senior management.
A.
Immediately document the finding and report to senior management.
Answers
B.
Use system privileges to alter the permissions to secure the server
B.
Use system privileges to alter the permissions to secure the server
Answers
C.
Continue the testing to its completion and then inform IT management
C.
Continue the testing to its completion and then inform IT management
Answers
D.
Terminate the penetration test and pass the finding to the server management team
D.
Terminate the penetration test and pass the finding to the server management team
Answers
Suggested answer: A

Question 172

Report
Export
Collapse

Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?

A.
Trusted Platform Module (TPM)
A.
Trusted Platform Module (TPM)
Answers
B.
Preboot eXecution Environment (PXE)
B.
Preboot eXecution Environment (PXE)
Answers
C.
Key Distribution Center (KDC)
C.
Key Distribution Center (KDC)
Answers
D.
Simple Key-Management for Internet Protocol (SKIP)
D.
Simple Key-Management for Internet Protocol (SKIP)
Answers
Suggested answer: A

Question 173

Report
Export
Collapse

The three PRIMARY requirements for a penetration test are

A.
A defined goal, limited time period, and approval of management
A.
A defined goal, limited time period, and approval of management
Answers
B.
A general objective, unlimited time, and approval of the network administrator
B.
A general objective, unlimited time, and approval of the network administrator
Answers
C.
An objective statement, disclosed methodology, and fixed cost
C.
An objective statement, disclosed methodology, and fixed cost
Answers
D.
A stated objective, liability waiver, and disclosed methodology
D.
A stated objective, liability waiver, and disclosed methodology
Answers
Suggested answer: A

Question 174

Report
Export
Collapse

Which of the following is an attacker MOST likely to target to gain privileged access to a system?

A.
Programs that write to system resources
A.
Programs that write to system resources
Answers
B.
Programs that write to user directories
B.
Programs that write to user directories
Answers
C.
Log files containing sensitive information
C.
Log files containing sensitive information
Answers
D.
Log files containing system calls
D.
Log files containing system calls
Answers
Suggested answer: A

Question 175

Report
Export
Collapse

Why is a system's criticality classification important in large organizations?

A.
It provides for proper prioritization and scheduling of security and maintenance tasks.
A.
It provides for proper prioritization and scheduling of security and maintenance tasks.
Answers
B.
It reduces critical system support workload and reduces the time required to apply patches.
B.
It reduces critical system support workload and reduces the time required to apply patches.
Answers
C.
It allows for clear systems status communications to executive management.
C.
It allows for clear systems status communications to executive management.
Answers
D.
It provides for easier determination of ownership, reducing confusion as to the status of the asset.
D.
It provides for easier determination of ownership, reducing confusion as to the status of the asset.
Answers
Suggested answer: A

Question 176

Report
Export
Collapse

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

A.
confidentiality of the traffic is protected.
A.
confidentiality of the traffic is protected.
Answers
B.
opportunity to sniff network traffic exists.
B.
opportunity to sniff network traffic exists.
Answers
C.
opportunity for device identity spoofing is eliminated.
C.
opportunity for device identity spoofing is eliminated.
Answers
D.
storage devices are protected against availability attacks.
D.
storage devices are protected against availability attacks.
Answers
Suggested answer: B

Question 177

Report
Export
Collapse

In Disaster Recovery (DR) and business continuity training, which BEST describes a functional drill?

A.
A full-scale simulation of an emergency and the subsequent response functions
A.
A full-scale simulation of an emergency and the subsequent response functions
Answers
B.
A specific test by response teams of individual emergency response functions
B.
A specific test by response teams of individual emergency response functions
Answers
C.
A functional evacuation of personnel
C.
A functional evacuation of personnel
Answers
D.
An activation of the backup site
D.
An activation of the backup site
Answers
Suggested answer: C

Question 178

Report
Export
Collapse

Which of the following does the Encapsulating Security Payload (ESP) provide?

A.
Authorization and integrity
A.
Authorization and integrity
Answers
B.
Availability and integrity
B.
Availability and integrity
Answers
C.
Integrity and confidentiality
C.
Integrity and confidentiality
Answers
D.
Authorization and confidentiality
D.
Authorization and confidentiality
Answers
Suggested answer: C

Question 179

Report
Export
Collapse

Which one of the following security mechanisms provides the BEST way to restrict the execution of privileged procedures?

A.
Role Based Access Control (RBAC)
A.
Role Based Access Control (RBAC)
Answers
B.
Biometric access control
B.
Biometric access control
Answers
C.
Federated Identity Management (IdM)
C.
Federated Identity Management (IdM)
Answers
D.
Application hardening
D.
Application hardening
Answers
Suggested answer: A

Question 180

Report
Export
Collapse

What is an effective practice when returning electronic storage media to third parties for repair?

A.
Ensuring the media is not labeled in any way that indicates the organization's name.
A.
Ensuring the media is not labeled in any way that indicates the organization's name.
Answers
B.
Disassembling the media and removing parts that may contain sensitive datA.
B.
Disassembling the media and removing parts that may contain sensitive datA.
Answers
C.
Physically breaking parts of the media that may contain sensitive datA.
C.
Physically breaking parts of the media that may contain sensitive datA.
Answers
D.
Establishing a contract with the third party regarding the secure handling of the mediA.
D.
Establishing a contract with the third party regarding the secure handling of the mediA.
Answers
Suggested answer: D
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms