ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 19

Add to Whishlist

List of questions

Question 181

Report Export Collapse

Which of the following BEST represents the principle of open design?

Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system.
Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system.
Algorithms must be protected to ensure the security and interoperability of the designed system.
Algorithms must be protected to ensure the security and interoperability of the designed system.
A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities.
A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities.
The security of a mechanism should not depend on the secrecy of its design or implementation.
The security of a mechanism should not depend on the secrecy of its design or implementation.
Suggested answer: D
asked 18/09/2024
Slawomir Marcjanski
40 questions

Question 182

Report Export Collapse

The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

log auditing.
log auditing.
code reviews.
code reviews.
impact assessments.
impact assessments.
static analysis.
static analysis.
Suggested answer: B
asked 18/09/2024
Donald VIRMOND
37 questions

Question 183

Report Export Collapse

An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?

Provide the encrypted passwords and analysis tools to the auditor for analysis.
Provide the encrypted passwords and analysis tools to the auditor for analysis.
Analyze the encrypted passwords for the auditor and show them the results.
Analyze the encrypted passwords for the auditor and show them the results.
Demonstrate that non-compliant passwords cannot be created in the system.
Demonstrate that non-compliant passwords cannot be created in the system.
Demonstrate that non-compliant passwords cannot be encrypted in the system.
Demonstrate that non-compliant passwords cannot be encrypted in the system.
Suggested answer: C
asked 18/09/2024
Barry Richards
35 questions

Question 184

Report Export Collapse

When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include

hardened building construction with consideration of seismic factors.
hardened building construction with consideration of seismic factors.
adequate distance from and lack of access to adjacent buildings.
adequate distance from and lack of access to adjacent buildings.
curved roads approaching the data center.
curved roads approaching the data center.
proximity to high crime areas of the city.
proximity to high crime areas of the city.
Suggested answer: D
asked 18/09/2024
Marcin Piotrowski
44 questions

Question 185

Report Export Collapse

An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?

Data leakage
Data leakage
Unfiltered channel
Unfiltered channel
Data emanation
Data emanation
Covert channel
Covert channel
Suggested answer: A
asked 18/09/2024
Mohamed Mohamed
54 questions

Question 186

Report Export Collapse

Which of the following can BEST prevent security flaws occurring in outsourced software development?

Contractual requirements for code quality
Contractual requirements for code quality
Licensing, code ownership and intellectual property rights
Licensing, code ownership and intellectual property rights
Certification of the quality and accuracy of the work done
Certification of the quality and accuracy of the work done
Delivery dates, change management control and budgetary control
Delivery dates, change management control and budgetary control
Suggested answer: C
asked 18/09/2024
Jucelino Pinheiro de Andrade da Silva
49 questions

Question 187

Report Export Collapse

Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

To assist data owners in making future sensitivity and criticality determinations
To assist data owners in making future sensitivity and criticality determinations
To assure the software development team that all security issues have been addressed
To assure the software development team that all security issues have been addressed
To verify that security protection remains acceptable to the organizational security policy
To verify that security protection remains acceptable to the organizational security policy
To help the security team accept or reject new systems for implementation and production
To help the security team accept or reject new systems for implementation and production
Suggested answer: C
asked 18/09/2024
John Shelby
44 questions

Question 188

Report Export Collapse

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

Implement packet filtering on the network firewalls
Implement packet filtering on the network firewalls
Require strong authentication for administrators
Require strong authentication for administrators
Install Host Based Intrusion Detection Systems (HIDS)
Install Host Based Intrusion Detection Systems (HIDS)
Implement logical network segmentation at the switches
Implement logical network segmentation at the switches
Suggested answer: D
asked 18/09/2024
Trang Anna
48 questions

Question 189

Report Export Collapse

A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?

The organization's current security policies concerning privacy issues
The organization's current security policies concerning privacy issues
Privacy-related regulations enforced by governing bodies applicable to the organization
Privacy-related regulations enforced by governing bodies applicable to the organization
Privacy best practices published by recognized security standards organizations
Privacy best practices published by recognized security standards organizations
Organizational procedures designed to protect privacy information
Organizational procedures designed to protect privacy information
Suggested answer: B
asked 18/09/2024
shikeba barakzei
37 questions

Question 190

Report Export Collapse

According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?

In-house security administrators
In-house security administrators
In-house Network Team
In-house Network Team
Disaster Recovery (DR) Team
Disaster Recovery (DR) Team
External consultants
External consultants
Suggested answer: D
asked 18/09/2024
Euwing Mendoza
50 questions
Total 1.482 questions
Go to page: of 149
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?