ExamGecko
Login
Home / ISC / CISSP / List of questions
Ask Question

ISC CISSP Practice Test - Questions Answers, Page 20

List of questions

Question 191

Report Export Collapse

When is security personnel involvement in the Systems Development Life Cycle (SDLC) process MOST beneficial?

Testing phase
Testing phase
Development phase
Development phase
Requirements definition phase
Requirements definition phase
Operations and maintenance phase
Operations and maintenance phase
Suggested answer: C
asked 18/09/2024
Sarah Pachowsky
38 questions

Question 192

Report Export Collapse

A large bank deploys hardware tokens to all customers that use their online banking system. The token generates and displays a six digit numeric password every 60 seconds. The customers must log into their bank accounts using this numeric password. This is an example of

asynchronous token.
asynchronous token.
Single Sign-On (SSO) token.
Single Sign-On (SSO) token.
single factor authentication token.
single factor authentication token.
synchronous token.
synchronous token.
Suggested answer: D
asked 18/09/2024
Rowan Cele
48 questions

Question 193

Report Export Collapse

Which of the following is the BEST reason to review audit logs periodically?

Verify they are operating properly
Verify they are operating properly
Monitor employee productivity
Monitor employee productivity
Identify anomalies in use patterns
Identify anomalies in use patterns
Meet compliance regulations
Meet compliance regulations
Suggested answer: C
asked 18/09/2024
Maureen Lande
48 questions

Question 194

Report Export Collapse

What is the PRIMARY reason for ethics awareness and related policy implementation?

It affects the workflow of an organization.
It affects the workflow of an organization.
It affects the reputation of an organization.
It affects the reputation of an organization.
It affects the retention rate of employees.
It affects the retention rate of employees.
It affects the morale of the employees.
It affects the morale of the employees.
Suggested answer: B
asked 18/09/2024
Reed G Porter
34 questions

Question 195

Report Export Collapse

Which of the following is critical for establishing an initial baseline for software components in the operation and maintenance of applications?

Application monitoring procedures
Application monitoring procedures
Configuration control procedures
Configuration control procedures
Security audit procedures
Security audit procedures
Software patching procedures
Software patching procedures
Suggested answer: B
asked 18/09/2024
Chris Houck
36 questions

Question 196

Report Export Collapse

Which of the following actions MUST be taken if a vulnerability is discovered during the maintenance stage in a System Development Life Cycle (SDLC)?

Make changes following principle and design guidelines.
Make changes following principle and design guidelines.
Stop the application until the vulnerability is fixed.
Stop the application until the vulnerability is fixed.
Report the vulnerability to product owner.
Report the vulnerability to product owner.
Monitor the application and review code.
Monitor the application and review code.
Suggested answer: C
asked 18/09/2024
Mina Shaker
50 questions

Question 197

Report Export Collapse

Which of the following provides effective management assurance for a Wireless Local Area Network (WLAN)?

Maintaining an inventory of authorized Access Points (AP) and connecting devices
Maintaining an inventory of authorized Access Points (AP) and connecting devices
Setting the radio frequency to the minimum range required
Setting the radio frequency to the minimum range required
Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator
Establishing a Virtual Private Network (VPN) tunnel between the WLAN client device and a VPN concentrator
Verifying that all default passwords have been changed
Verifying that all default passwords have been changed
Suggested answer: A
asked 18/09/2024
Victor Bogdan Grecu
37 questions

Question 198

Report Export Collapse

From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?

Configure secondary servers to use the primary server as a zone forwarder.
Configure secondary servers to use the primary server as a zone forwarder.
Block all Transmission Control Protocol (TCP) connections.
Block all Transmission Control Protocol (TCP) connections.
Disable all recursive queries on the name servers.
Disable all recursive queries on the name servers.
Limit zone transfers to authorized devices.
Limit zone transfers to authorized devices.
Suggested answer: D
asked 18/09/2024
Raphael Oliveir
49 questions

Question 199

Report Export Collapse

Which of the following is the MOST beneficial to review when performing an IT audit?

Audit policy
Audit policy
Security log
Security log
Security policies
Security policies
Configuration settings
Configuration settings
Suggested answer: C
asked 18/09/2024
Nathan Phelan
52 questions

Question 200

Report Export Collapse

During an investigation of database theft from an organization's web site, it was determined that the Structured Query Language (SQL) injection technique was used despite input validation with clientside scripting. Which of the following provides the GREATEST protection against the same attack occurring again?

Encrypt communications between the servers
Encrypt communications between the servers
Encrypt the web server traffic
Encrypt the web server traffic
Implement server-side filtering
Implement server-side filtering
Filter outgoing traffic at the perimeter firewall
Filter outgoing traffic at the perimeter firewall
Suggested answer: C
asked 18/09/2024
Kevin Ross
25 questions
Total 1.482 questions
Go to page: of 149
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which Open Systems Interconnection (OSI) layer(s) BEST corresponds to the network access layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which one of the following would cause an immediate review and possible change to the security policies of an organization?
Which of the following are all elements of a disaster recovery plan (DRP)?
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Which of the following BEST describes the objectives of the Business Impact Analysis (BIA)?
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?