ExamGecko
Search Search Login
Home Home / ISC / CISSP

ISC CISSP Practice Test - Questions Answers, Page 21

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following are all elements of a disaster recovery plan (DRP)?
All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that
Which of the following would BEST support effective testing of patch compatibility when patches are applied to an organization's systems?
In what phase of the System Development Life Cycle (SDLC) should security training for the development team begin?
An organization is preparing to achieve General Data Protection Regulation (GDPR) compliance. The Chief Information Security Officer (CISO) is reviewing data protection methods. Which of the following is the BEST data protection method?
Which part of an operating system (OS) is responsible for providing security interfaces among the hardware, OS, and other parts of the computing system?
What balance MUST be considered when web application developers determine how informative application error messages should be constructed?
Backup information that is critical to the organization is identified through a
Data remanence refers to which of the following?
With what frequency should monitoring of a control occur when implementing Information Security Continuous Monitoring (ISCM) solutions?

Question 201

Report
Export
Collapse

With data labeling, which of the following MUST be the key decision maker?

A.
Information security
A.
Information security
Answers
B.
Departmental management
B.
Departmental management
Answers
C.
Data custodian
C.
Data custodian
Answers
D.
Data owner
D.
Data owner
Answers
Suggested answer: D

Question 202

Report
Export
Collapse

Which of the following is a critical factor for implementing a successful data classification program?

A.
Executive sponsorship
A.
Executive sponsorship
Answers
B.
Information security sponsorship
B.
Information security sponsorship
Answers
C.
End-user acceptance
C.
End-user acceptance
Answers
D.
Internal audit acceptance
D.
Internal audit acceptance
Answers
Suggested answer: A

Question 203

Report
Export
Collapse

An organization's data policy MUST include a data retention period which is based on

A.
application dismissal.
A.
application dismissal.
Answers
B.
business procedures.
B.
business procedures.
Answers
C.
digital certificates expiration.
C.
digital certificates expiration.
Answers
D.
regulatory compliance.
D.
regulatory compliance.
Answers
Suggested answer: D

Question 204

Report
Export
Collapse

What is the MOST important reason to configure unique user IDs?

A.
Supporting accountability
A.
Supporting accountability
Answers
B.
Reducing authentication errors
B.
Reducing authentication errors
Answers
C.
Preventing password compromise
C.
Preventing password compromise
Answers
D.
Supporting Single Sign On (SSO)
D.
Supporting Single Sign On (SSO)
Answers
Suggested answer: A

Question 205

Report
Export
Collapse

What is the PRIMARY advantage of using automated application security testing tools?

A.
The application can be protected in the production environment.
A.
The application can be protected in the production environment.
Answers
B.
Large amounts of code can be tested using fewer resources.
B.
Large amounts of code can be tested using fewer resources.
Answers
C.
The application will fail less when tested using these tools.
C.
The application will fail less when tested using these tools.
Answers
D.
Detailed testing of code functions can be performed.
D.
Detailed testing of code functions can be performed.
Answers
Suggested answer: B

Question 206

Report
Export
Collapse

When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?

A.
Retain intellectual property rights through contractual wording.
A.
Retain intellectual property rights through contractual wording.
Answers
B.
Perform overlapping code reviews by both parties.
B.
Perform overlapping code reviews by both parties.
Answers
C.
Verify that the contractors attend development planning meetings.
C.
Verify that the contractors attend development planning meetings.
Answers
D.
Create a separate contractor development environment.
D.
Create a separate contractor development environment.
Answers
Suggested answer: B

Question 207

Report
Export
Collapse

What do Capability Maturity Models (CMM) serve as a benchmark for in an organization?

A.
Experience in the industry
A.
Experience in the industry
Answers
B.
Definition of security profiles
B.
Definition of security profiles
Answers
C.
Human resource planning efforts
C.
Human resource planning efforts
Answers
D.
Procedures in systems development
D.
Procedures in systems development
Answers
Suggested answer: D

Question 208

Report
Export
Collapse

Which of the following is the MOST crucial for a successful audit plan?

A.
Defining the scope of the audit to be performed
A.
Defining the scope of the audit to be performed
Answers
B.
Identifying the security controls to be implemented
B.
Identifying the security controls to be implemented
Answers
C.
Working with the system owner on new controls
C.
Working with the system owner on new controls
Answers
D.
Acquiring evidence of systems that are not compliant
D.
Acquiring evidence of systems that are not compliant
Answers
Suggested answer: A

Question 209

Report
Export
Collapse

An organization decides to implement a partial Public Key Infrastructure (PKI) with only the servers having digital certificates. What is the security benefit of this implementation?

A.
Clients can authenticate themselves to the servers.
A.
Clients can authenticate themselves to the servers.
Answers
B.
Mutual authentication is available between the clients and servers.
B.
Mutual authentication is available between the clients and servers.
Answers
C.
Servers are able to issue digital certificates to the client.
C.
Servers are able to issue digital certificates to the client.
Answers
D.
Servers can authenticate themselves to the client.
D.
Servers can authenticate themselves to the client.
Answers
Suggested answer: D

Question 210

Report
Export
Collapse

Which of the following is the PRIMARY benefit of a formalized information classification program?

A.
It drives audit processes.
A.
It drives audit processes.
Answers
B.
It supports risk assessment.
B.
It supports risk assessment.
Answers
C.
It reduces asset vulnerabilities.
C.
It reduces asset vulnerabilities.
Answers
D.
It minimizes system logging requirements.
D.
It minimizes system logging requirements.
Answers
Suggested answer: B
Total 1.482 questions
Go to page: of 149
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms