ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 19

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 181

Report
Export
Collapse

Which of the following BEST represents the principle of open design?

A.
Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system.
A.
Disassembly, analysis, or reverse engineering will reveal the security functionality of the computer system.
Answers
B.
Algorithms must be protected to ensure the security and interoperability of the designed system.
B.
Algorithms must be protected to ensure the security and interoperability of the designed system.
Answers
C.
A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities.
C.
A knowledgeable user should have limited privileges on the system to prevent their ability to compromise security capabilities.
Answers
D.
The security of a mechanism should not depend on the secrecy of its design or implementation.
D.
The security of a mechanism should not depend on the secrecy of its design or implementation.
Answers
Suggested answer: D

Question 182

Report
Export
Collapse

The BEST way to check for good security programming practices, as well as auditing for possible backdoors, is to conduct

A.
log auditing.
A.
log auditing.
Answers
B.
code reviews.
B.
code reviews.
Answers
C.
impact assessments.
C.
impact assessments.
Answers
D.
static analysis.
D.
static analysis.
Answers
Suggested answer: B

Question 183

Report
Export
Collapse

An auditor carrying out a compliance audit requests passwords that are encrypted in the system to verify that the passwords are compliant with policy. Which of the following is the BEST response to the auditor?

A.
Provide the encrypted passwords and analysis tools to the auditor for analysis.
A.
Provide the encrypted passwords and analysis tools to the auditor for analysis.
Answers
B.
Analyze the encrypted passwords for the auditor and show them the results.
B.
Analyze the encrypted passwords for the auditor and show them the results.
Answers
C.
Demonstrate that non-compliant passwords cannot be created in the system.
C.
Demonstrate that non-compliant passwords cannot be created in the system.
Answers
D.
Demonstrate that non-compliant passwords cannot be encrypted in the system.
D.
Demonstrate that non-compliant passwords cannot be encrypted in the system.
Answers
Suggested answer: C

Question 184

Report
Export
Collapse

When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include

A.
hardened building construction with consideration of seismic factors.
A.
hardened building construction with consideration of seismic factors.
Answers
B.
adequate distance from and lack of access to adjacent buildings.
B.
adequate distance from and lack of access to adjacent buildings.
Answers
C.
curved roads approaching the data center.
C.
curved roads approaching the data center.
Answers
D.
proximity to high crime areas of the city.
D.
proximity to high crime areas of the city.
Answers
Suggested answer: D

Question 185

Report
Export
Collapse

An organization allows ping traffic into and out of their network. An attacker has installed a program on the network that uses the payload portion of the ping packet to move data into and out of the network. What type of attack has the organization experienced?

A.
Data leakage
A.
Data leakage
Answers
B.
Unfiltered channel
B.
Unfiltered channel
Answers
C.
Data emanation
C.
Data emanation
Answers
D.
Covert channel
D.
Covert channel
Answers
Suggested answer: A

Question 186

Report
Export
Collapse

Which of the following can BEST prevent security flaws occurring in outsourced software development?

A.
Contractual requirements for code quality
A.
Contractual requirements for code quality
Answers
B.
Licensing, code ownership and intellectual property rights
B.
Licensing, code ownership and intellectual property rights
Answers
C.
Certification of the quality and accuracy of the work done
C.
Certification of the quality and accuracy of the work done
Answers
D.
Delivery dates, change management control and budgetary control
D.
Delivery dates, change management control and budgetary control
Answers
Suggested answer: C

Question 187

Report
Export
Collapse

Which of the following is the MAIN reason that system re-certification and re-accreditation are needed?

A.
To assist data owners in making future sensitivity and criticality determinations
A.
To assist data owners in making future sensitivity and criticality determinations
Answers
B.
To assure the software development team that all security issues have been addressed
B.
To assure the software development team that all security issues have been addressed
Answers
C.
To verify that security protection remains acceptable to the organizational security policy
C.
To verify that security protection remains acceptable to the organizational security policy
Answers
D.
To help the security team accept or reject new systems for implementation and production
D.
To help the security team accept or reject new systems for implementation and production
Answers
Suggested answer: C

Question 188

Report
Export
Collapse

An external attacker has compromised an organization's network security perimeter and installed a sniffer onto an inside computer. Which of the following is the MOST effective layer of security the organization could have implemented to mitigate the attacker's ability to gain further information?

A.
Implement packet filtering on the network firewalls
A.
Implement packet filtering on the network firewalls
Answers
B.
Require strong authentication for administrators
B.
Require strong authentication for administrators
Answers
C.
Install Host Based Intrusion Detection Systems (HIDS)
C.
Install Host Based Intrusion Detection Systems (HIDS)
Answers
D.
Implement logical network segmentation at the switches
D.
Implement logical network segmentation at the switches
Answers
Suggested answer: D

Question 189

Report
Export
Collapse

A security consultant has been asked to research an organization's legal obligations to protect privacy-related information. What kind of reading material is MOST relevant to this project?

A.
The organization's current security policies concerning privacy issues
A.
The organization's current security policies concerning privacy issues
Answers
B.
Privacy-related regulations enforced by governing bodies applicable to the organization
B.
Privacy-related regulations enforced by governing bodies applicable to the organization
Answers
C.
Privacy best practices published by recognized security standards organizations
C.
Privacy best practices published by recognized security standards organizations
Answers
D.
Organizational procedures designed to protect privacy information
D.
Organizational procedures designed to protect privacy information
Answers
Suggested answer: B

Question 190

Report
Export
Collapse

According to best practice, which of the following groups is the MOST effective in performing an information security compliance audit?

A.
In-house security administrators
A.
In-house security administrators
Answers
B.
In-house Network Team
B.
In-house Network Team
Answers
C.
Disaster Recovery (DR) Team
C.
Disaster Recovery (DR) Team
Answers
D.
External consultants
D.
External consultants
Answers
Suggested answer: D
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms